Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smitfraud-c, metsrv.dll, others


  • Please log in to reply
7 replies to this topic

#1 LLoydering

LLoydering

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 08 November 2009 - 11:50 PM

Hi all, new here.

A week or so ago I was attacked and Spybot's realtime protection caught smitfraud-c, afterwards my internet connection got very flaky. Deleted it using SpybotS&D... then with Trendmicro Housecall (full scan) found and cleaned a couple of trojans (can't remember which) and I've been ok since.

Today while online Spybot caught Smitfraud-c again, :( had to delete it about 6 times before the notifications stopped. I updated and used SpybotS&D and found it again, deleted it. Then rebooted, ran Housecall (quickscan) and found some rootkit named metsfv.dll. Deleted this on a reboot, then ran Housecall again in Full scan mode. This time found a worm called kolabc.cc and a trojan called generic.dit. Housecall said it fixed these two, then I rebooted and ran hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:21 PM, on 11/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Creo\FeatureLicensing\Server\CFLSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\monsync.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlservr.exe
D:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\REDS\serviceport\bin\service\JavaService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\REDS\ServicePort\j2re1.4.1_01\bin\CreoServicePort.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\REDS\REDC\bin\REDC-gui.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://creonet.creo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [REDC-gui] C:\Program Files\REDS\REDC\bin\REDC-gui.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: *.creo.com
O15 - Trusted Zone: http://*.creo.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Filter hijack: text/html - {77d7d2e9-8db7-4ed2-8c7b-0533a9bbdd30} - C:\WINDOWS\mark_32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creo Feature Licensing - Creo Inc. - C:\Creo\FeatureLicensing\Server\CFLSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LaunchServiceHost - CreoScitex Products Inc. - d:\ServiceShell\Bin\LaunchServiceHost.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Serial Port Synchronization Monitor (MonSync) - Unknown owner - C:\WINDOWS\system32\monsync.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - D:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServicePort - Alexandria Software Consulting - C:\Program Files\REDS\serviceport\bin\service\JavaService.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Choice Mail (svcChoiceMail) - DigiPortal Software, Inc. - C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)

--
End of file - 10926 bytes


Thanks in advance for your help!!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:12 AM

Posted 09 November 2009 - 07:57 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 LLoydering

LLoydering
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 09 November 2009 - 09:15 PM

I cannot get Malwarebytes to run. After install and launch I get runtime errors 0 and 440 (automation). I will keep trying, in the meantime here are the OTL files

OTL logfile created on: 11/9/2009 5:44:21 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = D:\My Documents\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.92 Mb Total Physical Memory | 99.57 Mb Available Physical Memory | 19.49% Memory free
1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 2.87 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 3.96 Gb Free Space | 7.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T42
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/09 17:43:40 | 00,528,896 | ---- | M] (OldTimer Tools) -- D:\My Documents\Desktop\OTL.exe
PRC - [2009/10/26 01:54:02 | 00,421,888 | RH-- | M] () -- C:\WINDOWS\system32\monsync.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- D:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/03 23:24:10 | 00,065,536 | ---- | M] (Alexandria Software Consulting) -- C:\Program Files\REDS\ServicePort\bin\service\JavaService.exe
PRC - [2009/05/26 16:49:36 | 00,316,672 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/05/26 16:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/04/29 12:46:06 | 01,787,224 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/09 12:47:06 | 00,117,248 | ---- | M] () -- C:\Program Files\REDS\REDC\bin\REDC-gui.exe
PRC - [2008/01/30 13:41:58 | 02,482,176 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
PRC - [2008/01/30 13:41:58 | 02,482,176 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
PRC - [2008/01/25 14:05:38 | 00,024,674 | ---- | M] () -- C:\Program Files\REDS\ServicePort\j2re1.4.1_01\bin\CreoServicePort.exe
PRC - [2007/08/13 17:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/05/13 18:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/04/10 10:34:46 | 00,194,629 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2007/03/14 20:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/06/16 14:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2006/06/16 14:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2005/10/28 11:23:10 | 01,404,928 | ---- | M] (Belkin) -- C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
PRC - [2005/05/19 15:32:30 | 00,122,880 | ---- | M] (Creo Inc.) -- C:\Creo\FeatureLicensing\Server\CFLSvc.exe
PRC - [2005/03/28 05:49:12 | 00,057,393 | ---- | M] (IBM Corp) -- D:\Program Files\lotus\notes\ntmulti.exe
PRC - [2005/03/28 05:48:48 | 00,028,717 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nsl.exe
PRC - [2005/03/28 05:48:48 | 00,020,530 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nslsvice.exe
PRC - [2004/10/25 05:15:00 | 00,571,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2004/10/20 04:25:00 | 00,241,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
PRC - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/07/03 01:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
PRC - [2002/12/17 15:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlservr.exe
PRC - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2002/08/28 13:12:06 | 00,077,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 17:43:40 | 00,528,896 | ---- | M] (OldTimer Tools) -- D:\My Documents\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/08/04 00:56:44 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (gusvc)
SRV - [2009/10/26 01:54:02 | 00,421,888 | RH-- | M] () -- C:\WINDOWS\System32\monsync.exe -- (MonSync)
SRV - [2009/07/22 21:44:48 | 01,097,096 | ---- | M] (PC Tools) -- d:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/03 23:24:10 | 00,065,536 | ---- | M] (Alexandria Software Consulting) -- C:\Program Files\REDS\ServicePort\bin\service\JavaService.exe -- (ServicePort)
SRV - [2009/05/26 16:49:36 | 00,120,064 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/01/07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- d:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/30 13:41:58 | 02,482,176 | ---- | M] (DigiPortal Software, Inc.) -- C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe -- (svcChoiceMail)
SRV - [2008/01/22 10:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/13 18:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2007/04/10 10:34:46 | 00,194,629 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2007/01/25 09:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/06/16 14:58:42 | 00,426,051 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2006/06/16 14:55:14 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2005/05/19 15:32:30 | 00,122,880 | ---- | M] (Creo Inc.) -- C:\Creo\FeatureLicensing\Server\CFLSvc.exe -- (Creo Feature Licensing)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/28 05:49:12 | 00,057,393 | ---- | M] (IBM Corp) -- D:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2005/03/28 05:48:48 | 00,020,530 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2004/10/25 05:15:00 | 00,571,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2004/10/20 04:25:00 | 00,241,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/04 00:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/06/23 09:47:08 | 00,172,032 | ---- | M] (CreoScitex Products Inc.) -- d:\ServiceShell\Bin\LaunchServiceHost.exe -- (LaunchServiceHost)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/07/03 01:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002/12/17 15:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlservr.exe -- (MSSQL$ENDB)
SRV - [2002/12/17 15:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlagent.EXE -- (SQLAgent$ENDB)
SRV - [2002/12/17 15:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2002/08/28 13:17:56 | 00,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/08/28 13:13:06 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2009/11/08 20:14:57 | 00,030,272 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\system32\drivers\pssdk31.drv -- (PsSdk31)
DRV - [2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/26 16:38:12 | 00,171,144 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2009/05/26 16:38:12 | 00,149,512 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00)
DRV - [2009/05/26 16:38:06 | 00,222,720 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/05/26 16:38:00 | 00,018,816 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/26 16:37:58 | 00,038,680 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/05/26 16:36:52 | 00,032,408 | ---- | M] (Smith Micro Inc.) -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/04/03 09:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/06 21:51:52 | 00,026,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/11/29 14:37:12 | 00,033,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2008/10/15 11:58:32 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/20 00:24:54 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2008/05/07 10:06:23 | 00,025,984 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\taprss0001.sys -- (taprss0001)
DRV - [2007/10/12 16:04:38 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/10/12 16:04:38 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/10/12 16:04:38 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/04/10 10:34:08 | 00,015,360 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2007/04/10 10:34:02 | 00,070,144 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\drivers\NgVpn.sys -- (NgVpn)
DRV - [2007/04/10 10:32:52 | 00,017,920 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2007/03/13 19:22:28 | 00,010,496 | ---- | M] (LogMeIn Inc.) -- C:\WINDOWS\system32\drivers\hamachi_oem.sys -- (hamachi_oem)
DRV - [2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/02/16 23:32:01 | 00,852,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070216.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/02/16 23:32:00 | 00,080,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070216.019\NAVENG.SYS -- (NAVENG)
DRV - [2007/01/30 15:09:38 | 00,196,096 | ---- | M] (Novatel Wireless, Inc.) -- C:\WINDOWS\system32\drivers\NWVNdis.sys -- (NWVNDIS)
DRV - [2007/01/25 09:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/01/18 11:03:18 | 00,049,237 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950u.sys -- (maa950u)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/16 11:44:46 | 00,011,986 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/07/13 11:33:08 | 00,674,560 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2006/06/16 14:50:46 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/10 10:54:56 | 00,402,944 | R--- | M] (Belkin Corporation) -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)
DRV - [2005/10/20 17:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/09/26 15:02:50 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005/08/18 11:44:50 | 00,049,867 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/07/27 02:47:48 | 00,049,382 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8032U.sys -- (MA8032U)
DRV - [2005/06/16 18:13:12 | 00,025,044 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950m.sys -- (maa950m)
DRV - [2005/06/16 18:11:58 | 00,024,784 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950c.sys -- (maa950c)
DRV - [2005/05/24 22:09:23 | 00,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/04/20 22:21:16 | 00,039,552 | ---- | M] (Novatel Wireless, Inc.) -- C:\WINDOWS\system32\drivers\nw620.sys -- (Novatel)
DRV - [2005/03/28 08:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/03/04 18:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2004/11/10 22:04:54 | 00,025,040 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8032C.sys -- (MA8032C)
DRV - [2004/11/10 21:55:44 | 00,025,300 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8032M.sys -- (MA8032M)
DRV - [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/09/24 14:45:36 | 00,197,888 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/09/24 14:44:28 | 00,676,096 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/24 14:43:54 | 01,041,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/09/07 14:38:09 | 00,028,160 | ---- | M] (Moodlogic Inc.) -- C:\WINDOWS\system32\drivers\MLFILEM.SYS -- (MLFILEM)
DRV - [2004/08/25 13:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 23:07:46 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/03 23:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2004/08/03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/07/29 01:37:00 | 00,016,384 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/07/06 16:50:36 | 00,059,520 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/06/27 02:50:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2004/06/27 02:50:00 | 00,004,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2004/06/27 02:50:00 | 00,002,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2004/06/09 19:19:46 | 00,016,340 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/05/14 12:59:00 | 00,004,608 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/12/23 04:42:00 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2003/12/20 04:42:00 | 00,026,120 | ---- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2003/10/28 14:51:04 | 00,130,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000)
DRV - [2003/10/24 00:35:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2003/10/24 00:35:00 | 00,008,831 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2003/10/22 14:27:10 | 00,344,800 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB)
DRV - [2003/07/30 02:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2003/07/24 11:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/07/16 06:27:40 | 00,043,264 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/03 01:25:00 | 00,011,344 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/06/27 07:53:44 | 01,196,352 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/06/24 10:16:30 | 00,265,744 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/05/30 14:51:06 | 00,073,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/05/20 12:07:24 | 00,311,104 | ---- | M] (Philips Electronics North America, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2003/02/06 02:12:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002/11/18 16:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/19 17:41:28 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/08/29 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/06/19 19:57:14 | 00,029,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2002/06/19 19:57:12 | 00,218,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 11:13:14 | 00,046,108 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\cben5.sys -- (CBEN5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\S-1-5-21-214099845-784950871-2387590086-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-214099845-784950871-2387590086-500\S-1-5-21-214099845-784950871-2387590086-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/11/07 17:23:58 | 00,000,000 | ---D | M]


O1 HOSTS File: (222981 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 7827 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] d:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [REDC-gui] C:\Program Files\REDS\REDC\bin\REDC-gui.exe ()
O4 - HKLM..\Run: [RemoteControl] d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-214099845-784950871-2387590086-500..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-214099845-784950871-2387590086-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-214099845-784950871-2387590086-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 58720480
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..Trusted Domains: creo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..Trusted Domains: creo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..Trusted Domains: creo.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-214099845-784950871-2387590086-500\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwa...ware/awswax.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7771.5914583333 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.133.170.2 66.133.150.12 170.215.255.114
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/28 10:27:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e2dc939b-1edf-11de-a601-00a0d5ffff85}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{e2dc939b-1edf-11de-a601-00a0d5ffff85}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/05/28 10:26:53 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - File not found
NetSvcs: civhsqpc - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/09 17:43:29 | 00,528,896 | ---- | C] (OldTimer Tools) -- D:\My Documents\Desktop\OTL.exe
[2009/11/09 17:42:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/09 17:42:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/09 17:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/09 17:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/09 17:42:00 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- D:\My Documents\Desktop\mbam-setup.exe
[2009/11/09 17:28:19 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009/11/08 12:55:23 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System\IME
[2009/11/07 17:47:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/11/07 17:47:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TVU Networks
[2009/11/07 17:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\LocalLow
[2009/11/07 17:47:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2009/11/07 17:24:47 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/11/07 17:24:39 | 00,000,000 | ---D | C] -- C:\Program Files\Sopcast_plugin
[2009/11/07 17:24:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/11/07 17:23:48 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/11/07 17:23:36 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/11/07 17:23:36 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/11/07 17:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/11/07 17:23:34 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/11/07 17:23:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/11/07 17:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2009/11/07 17:18:05 | 00,000,000 | ---D | C] -- C:\Program Files\LIVE TV
[2009/11/07 17:17:41 | 00,380,725 | ---- | C] (6DS Inc. ) -- D:\My Documents\Desktop\LIVE TV Setup.exe
[2009/11/05 21:43:43 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\avatar
[2009/11/03 17:06:46 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\New Folder
[2009/10/26 19:57:12 | 01,848,336 | ---- | C] (Trend Micro) -- D:\My Documents\Desktop\HousecallLauncher.exe
[2009/10/26 18:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/26 18:01:04 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- D:\My Documents\Desktop\HJTInstall.exe
[2009/10/14 12:36:52 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\cenveoprocessor
[2009/10/14 12:20:01 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\camera
[2009/10/11 21:06:52 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\gmce 2.0
[2009/10/11 15:41:28 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\gmce 4.0.1
[2009/10/10 23:09:46 | 00,000,000 | ---D | C] -- D:\My Documents\Desktop\gmce 3.2
[2004/08/25 14:22:08 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/09 17:45:01 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- D:\My Documents\Desktop\mbam-setup.exe
[2009/11/09 17:43:40 | 00,528,896 | ---- | M] (OldTimer Tools) -- D:\My Documents\Desktop\OTL.exe
[2009/11/09 17:42:20 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/09 17:09:07 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-214099845-784950871-2387590086-500UA.job
[2009/11/09 17:09:02 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-214099845-784950871-2387590086-500Core.job
[2009/11/09 16:00:01 | 00,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\{12993B07-0861-4852-A9AF-68A8BF6684C6}_T42_Administrator.job
[2009/11/09 09:00:00 | 00,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\{434FBAE0-379D-4F19-BDB4-CA082AA3DEA9}_T42_Administrator.job
[2009/11/08 20:17:14 | 00,000,454 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2009/11/08 20:14:57 | 00,030,272 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk31.drv
[2009/11/08 20:14:46 | 00,002,742 | ---- | M] () -- C:\WINDOWS\System32\MSTORES.DLL
[2009/11/08 20:14:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 20:14:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 20:14:27 | 53,581,0048 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/08 20:13:04 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/11/08 20:13:04 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/08 12:55:43 | 00,002,837 | -HS- | M] () -- C:\WINDOWS\System\Arraycc.tab
[2009/11/08 12:55:19 | 00,000,787 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/08 10:15:59 | 00,423,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/08 10:15:59 | 00,071,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/08 10:15:57 | 00,503,142 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/08 10:11:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 17:25:34 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/07 17:23:58 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Games & Music.lnk
[2009/11/07 17:23:58 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/11/07 17:23:48 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/11/07 17:23:36 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/11/07 17:23:36 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/11/07 17:23:34 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/11/07 17:23:34 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/11/07 17:18:06 | 00,000,587 | ---- | M] () -- D:\My Documents\Desktop\LIVE TV.lnk
[2009/11/07 17:17:48 | 00,380,725 | ---- | M] (6DS Inc. ) -- D:\My Documents\Desktop\LIVE TV Setup.exe
[2009/11/07 15:16:28 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 16:00:00 | 00,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\{F98D696B-F6AB-40CA-BE88-249F1124D725}_T42_Administrator.job
[2009/11/05 15:55:15 | 00,033,792 | ---- | M] () -- D:\My Documents\Desktop\Level4MeetsSp09.xls
[2009/11/05 15:29:17 | 00,033,280 | ---- | M] () -- D:\My Documents\Level4Meetsf08.xls
[2009/11/03 13:03:35 | 00,337,347 | ---- | M] () -- D:\My Documents\Desktop\Sharepoint-myGCG-HSE-TechPlanet-Configurations.pdf
[2009/10/31 17:18:39 | 00,125,211 | ---- | M] () -- D:\My Documents\Desktop\united.pdf
[2009/10/28 11:25:49 | 00,024,138 | ---- | M] () -- D:\My Documents\Desktop\SP 8001613022 Lynx Group, Inc.PDF
[2009/10/26 20:18:40 | 00,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2009/10/26 19:57:20 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 19:57:18 | 01,848,336 | ---- | M] (Trend Micro) -- D:\My Documents\Desktop\HousecallLauncher.exe
[2009/10/26 18:01:23 | 00,001,620 | ---- | M] () -- D:\My Documents\Desktop\HijackThis.lnk
[2009/10/26 18:01:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- D:\My Documents\Desktop\HJTInstall.exe
[2009/10/26 15:33:50 | 00,000,109 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2009/10/26 01:54:02 | 00,421,888 | RH-- | M] () -- C:\WINDOWS\System32\monsync.exe
[2009/10/22 09:42:41 | 06,276,819 | ---- | M] () -- D:\My Documents\Desktop\SPC MINI 121-122135860777.pdf
[2009/10/21 14:26:16 | 00,015,872 | ---- | M] () -- D:\My Documents\Desktop\SAP PArts.xls
[2009/10/21 14:25:52 | 00,019,471 | ---- | M] () -- D:\My Documents\Desktop\SAP Parts.pdf
[2009/10/20 09:47:23 | 00,031,744 | ---- | M] () -- D:\My Documents\Desktop\Woolford, Robert.xls
[2009/10/15 13:37:01 | 00,052,655 | ---- | M] () -- D:\My Documents\Desktop\cooling_MCE_fanbox.pdf
[2009/10/15 01:52:33 | 00,065,556 | ---- | M] () -- D:\My Documents\Desktop\101509.pdf
[2009/10/15 01:36:35 | 00,048,872 | ---- | M] () -- D:\My Documents\Desktop\HIE-9-09.pdf
[2009/10/12 15:17:28 | 00,026,058 | ---- | M] () -- D:\My Documents\Desktop\BART_Convert_Wizard.zip
[2009/10/12 14:21:57 | 00,920,879 | ---- | M] () -- D:\My Documents\Desktop\719-00708A-B106478251.pdf
[2009/10/12 14:20:51 | 00,453,458 | ---- | M] () -- D:\My Documents\Desktop\719-00735A-EN-D.pdf
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/09 17:42:20 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/08 12:55:24 | 00,002,837 | -HS- | C] () -- C:\WINDOWS\System\Arraycc.tab
[2009/11/08 12:55:10 | 00,421,888 | RH-- | C] () -- C:\WINDOWS\System32\monsync.exe
[2009/11/08 12:55:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\uuid.dll
[2009/11/08 12:55:10 | 00,002,742 | ---- | C] () -- C:\WINDOWS\System32\MSTORES.DLL
[2009/11/07 17:25:34 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/07 17:23:58 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Games & Music.lnk
[2009/11/07 17:23:58 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/11/07 17:18:06 | 00,000,587 | ---- | C] () -- D:\My Documents\Desktop\LIVE TV.lnk
[2009/11/07 15:09:20 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/05 15:55:14 | 00,033,792 | ---- | C] () -- D:\My Documents\Desktop\Level4MeetsSp09.xls
[2009/11/05 15:29:15 | 00,033,280 | ---- | C] () -- D:\My Documents\Level4Meetsf08.xls
[2009/11/03 13:02:31 | 00,337,347 | ---- | C] () -- D:\My Documents\Desktop\Sharepoint-myGCG-HSE-TechPlanet-Configurations.pdf
[2009/10/31 17:18:39 | 00,125,211 | ---- | C] () -- D:\My Documents\Desktop\united.pdf
[2009/10/28 11:25:49 | 00,024,138 | ---- | C] () -- D:\My Documents\Desktop\SP 8001613022 Lynx Group, Inc.PDF
[2009/10/26 20:18:40 | 00,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/10/26 19:57:20 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 18:01:23 | 00,001,620 | ---- | C] () -- D:\My Documents\Desktop\HijackThis.lnk
[2009/10/22 09:42:41 | 06,276,819 | ---- | C] () -- D:\My Documents\Desktop\SPC MINI 121-122135860777.pdf
[2009/10/21 14:26:16 | 00,015,872 | ---- | C] () -- D:\My Documents\Desktop\SAP PArts.xls
[2009/10/21 14:25:52 | 00,019,471 | ---- | C] () -- D:\My Documents\Desktop\SAP Parts.pdf
[2009/10/20 09:47:23 | 00,031,744 | ---- | C] () -- D:\My Documents\Desktop\Woolford, Robert.xls
[2009/10/15 13:37:00 | 00,052,655 | ---- | C] () -- D:\My Documents\Desktop\cooling_MCE_fanbox.pdf
[2009/10/15 01:52:33 | 00,065,556 | ---- | C] () -- D:\My Documents\Desktop\101509.pdf
[2009/10/15 01:36:35 | 00,048,872 | ---- | C] () -- D:\My Documents\Desktop\HIE-9-09.pdf
[2009/10/12 15:17:54 | 00,118,784 | ---- | C] () -- D:\My Documents\Desktop\BART Convert Wizard.exe
[2009/10/12 15:17:36 | 00,026,058 | ---- | C] () -- D:\My Documents\Desktop\BART_Convert_Wizard.zip
[2009/10/12 14:21:57 | 00,920,879 | ---- | C] () -- D:\My Documents\Desktop\719-00708A-B106478251.pdf
[2009/10/12 14:20:40 | 00,453,458 | ---- | C] () -- D:\My Documents\Desktop\719-00735A-EN-D.pdf
[2009/06/29 13:41:38 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2009/06/23 13:39:26 | 00,000,279 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/06/04 19:29:53 | 00,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/03/06 21:51:52 | 00,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/12/31 17:12:13 | 00,001,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\iTunesPrefs
[2008/12/30 15:42:29 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2008/12/09 01:37:54 | 01,032,266 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2008/12/09 01:37:54 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\vH263Decoder.dll
[2008/12/09 01:37:53 | 00,589,824 | ---- | C] () -- C:\WINDOWS\System32\EmActionStylers_PCLink_Samsung.dll
[2008/12/09 01:37:53 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\EmCommon_PCLink_Samsung.dll
[2008/11/30 19:17:59 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/29 14:37:12 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/11/29 00:36:33 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2008/07/20 22:23:46 | 00,010,589 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2007/12/31 14:53:51 | 00,000,173 | ---- | C] () -- C:\WINDOWS\notesnsd.ini
[2007/11/19 12:30:42 | 00,001,994 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2007/09/30 12:56:08 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2007/09/12 01:21:17 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/04/10 10:36:18 | 00,093,767 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2007/01/25 09:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/20 23:08:34 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/11/06 14:49:36 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/08/10 22:00:22 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/28 10:09:24 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/22 08:54:36 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/06/16 15:09:52 | 00,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 14:57:32 | 00,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 14:56:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2006/06/02 14:53:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2006/06/02 07:30:19 | 00,002,275 | ---- | C] () -- C:\WINDOWS\pw5.ini
[2006/05/23 23:33:30 | 00,000,097 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006/05/03 13:55:02 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\CleanMantra32.dll
[2006/04/26 05:33:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\search.INI
[2006/04/26 05:29:06 | 00,007,441 | ---- | C] () -- C:\WINDOWS\keyview.ini
[2006/03/06 23:20:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI
[2006/03/06 21:35:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006/03/06 21:35:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2006/03/06 21:35:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2005/10/05 12:01:32 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/05 11:54:25 | 00,000,109 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/06/28 16:21:28 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2005/02/25 11:22:38 | 00,066,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/01/13 02:00:10 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/11/04 13:37:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2004/10/26 14:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/05/06 18:07:41 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2004/02/10 18:40:52 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/09 10:54:26 | 00,000,726 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2004/01/09 10:54:26 | 00,000,052 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2004/01/09 10:49:29 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2004/01/09 10:49:29 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2004/01/09 10:49:29 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2004/01/09 10:49:28 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2004/01/09 10:49:28 | 00,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2004/01/09 10:49:16 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2003/10/06 13:09:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/02 08:55:52 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/07/09 11:21:14 | 00,002,627 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2003/07/09 11:17:35 | 00,000,104 | ---- | C] () -- C:\WINDOWS\sapdoccd.ini
[2003/07/03 01:25:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/06/24 10:43:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/06/02 10:31:25 | 00,000,454 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/30 17:11:45 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2003/05/30 17:08:25 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2003/05/30 16:17:18 | 00,000,040 | ---- | C] () -- C:\WINDOWS\webica.ini
[2003/05/30 15:57:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/30 15:30:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/05/27 12:49:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/05/15 10:34:36 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\LeeArgon.dll
[2003/05/15 02:10:00 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2003/02/03 06:26:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/29 14:52:58 | 00,173,056 | ---- | C] () -- C:\WINDOWS\System32\mathdll.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 04:00:00 | 00,000,787 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 04:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/08/28 13:10:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/04/11 10:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2003/10/22 14:27:10 | 00,344,800 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\A3AB.sys
[2004/08/03 23:07:38 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2002/08/29 04:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2005/03/04 18:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys
[2004/08/03 22:39:38 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/20 00:24:54 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2004/08/03 23:14:16 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2003/06/27 07:53:44 | 01,196,352 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys
[2004/08/03 23:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2004/08/03 22:59:20 | 00,036,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2004/08/03 22:59:22 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2003/05/20 12:07:24 | 00,311,104 | ---- | M] (Philips Electronics North America, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys
[2004/08/03 22:58:30 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS
[2004/08/03 23:05:04 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:29:30 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 22:29:30 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 22:29:30 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 22:29:32 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 22:29:32 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 22:29:32 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 22:29:32 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 22:29:32 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 22:29:32 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 22:29:32 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 22:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/25 13:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 22:29:28 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 22:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 22:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 22:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 22:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 22:29:32 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 22:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 22:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 22:29:32 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 22:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2004/08/03 22:58:32 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2002/08/29 04:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2004/08/03 22:58:36 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2002/08/29 04:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2006/06/22 08:54:36 | 00,051,392 | ---- | M] () -- C:\WINDOWS\system32\drivers\atnt40k.sys
[2001/08/17 05:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2001/08/17 05:57:54 | 00,014,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\battc.sys
[2002/08/29 04:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2005/11/10 10:54:56 | 00,402,944 | R--- | M] (Belkin Corporation) -- C:\WINDOWS\system32\drivers\BLKWGU.sys
[2009/05/26 16:38:00 | 00,022,528 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\drivers\BMLoad.sys
[2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys
[2005/06/08 18:44:20 | 00,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\BRGSp50.sys
[2005/06/08 18:44:42 | 00,029,184 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\BRGSp50a64.sys
[2004/08/03 22:59:58 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys
[2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys
[2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys
[2004/08/03 23:10:40 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2004/08/03 23:10:40 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2004/08/03 22:58:40 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2004/08/03 23:10:38 | 00,274,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2004/08/03 23:10:38 | 00,035,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2004/08/03 23:10:36 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2001/08/17 11:13:14 | 00,046,108 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\cben5.sys
[2002/08/29 04:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2002/08/29 04:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2004/08/03 23:14:12 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2004/08/03 22:59:54 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002/08/29 04:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2004/08/03 23:14:28 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2004/08/03 23:07:40 | 00,014,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cmbatt.sys
[2001/08/17 05:58:00 | 00,009,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\compbatt.sys
[2002/08/29 04:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2004/08/03 22:59:22 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2004/08/03 22:59:56 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2004/08/03 22:59:54 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2004/08/03 23:07:18 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2004/08/03 23:07:18 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2002/08/29 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2004/08/03 23:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2004/08/03 23:08:00 | 00,060,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2004/08/03 23:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2002/08/29 04:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2004/08/03 23:00:56 | 00,071,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2002/08/29 04:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2003/10/28 14:51:04 | 00,130,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys
[2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2004/08/03 23:14:18 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2004/08/03 22:59:28 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2002/08/29 04:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2004/08/03 22:59:28 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2006/08/21 01:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2002/08/29 04:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2002/08/29 04:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2002/08/29 04:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2004/08/03 23:07:44 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2007/03/08 17:18:00 | 00,018,432 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmngen.sys
[2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys
[2002/11/18 16:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gv3.sys
[2007/03/13 19:22:28 | 00,010,496 | ---- | M] (LogMeIn Inc.) -- C:\WINDOWS\system32\drivers\hamachi_oem.sys
[2004/08/03 23:10:38 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2004/08/03 23:08:20 | 00,036,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2004/08/03 23:08:20 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2004/08/03 23:08:18 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2001/08/17 10:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2004/09/24 14:45:36 | 00,197,888 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys
[2004/09/24 14:44:28 | 00,676,096 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
[2004/09/24 14:43:54 | 01,041,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys
[2004/10/08 15:48:21 | 00,262,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2004/08/03 19:14:38 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2003/07/03 01:25:00 | 00,011,344 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys
[2004/06/27 02:50:00 | 00,002,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\idisw2km.sys
[2004/08/03 23:00:16 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2004/08/03 22:59:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2004/08/03 22:59:20 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2004/08/03 23:00:08 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2002/08/29 04:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2004/08/03 23:04:46 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2004/09/29 14:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2004/08/03 23:14:30 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/03 23:08:34 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2004/08/03 23:00:54 | 00,087,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irda.sys
[2004/08/03 23:00:48 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2001/08/17 12:58:02 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2004/08/03 22:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2004/08/03 18:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2004/06/27 02:50:00 | 00,004,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbstuff5.sys
[2006/06/14 00:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2004/08/03 23:15:22 | 00,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2004/08/03 22:59:48 | 00,092,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2004/11/11 14:04:54 | 00,025,040 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8012C.SYS
[2004/11/11 13:55:44 | 00,025,300 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8012M.SYS
[2004/11/15 10:09:18 | 00,048,734 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8012U.SYS
[2004/11/10 22:04:54 | 00,025,040 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8032C.sys
[2004/11/10 21:55:44 | 00,025,300 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8032M.sys
[2005/07/27 02:47:48 | 00,049,382 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MA8032U.sys
[2005/06/16 18:11:58 | 00,024,784 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950c.sys
[2005/06/16 18:13:12 | 00,025,044 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950m.sys
[2007/01/18 11:03:18 | 00,049,237 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950u.sys
[2005/08/18 11:44:50 | 00,049,867 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mardp2k.sys
[2005/08/18 11:44:48 | 00,049,484 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mardpnp.sys
[2007/01/16 11:44:46 | 00,011,986 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MaVc2K.sys
[2005/07/12 17:33:32 | 00,036,586 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mavcomm.sys
[2007/01/16 11:46:44 | 00,025,302 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MaVctrl.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2002/08/29 04:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2004/08/03 23:07:46 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2004/09/07 14:38:09 | 00,028,160 | ---- | M] (Moodlogic Inc.) -- C:\WINDOWS\system32\drivers\MLFILEM.SYS
[2002/08/29 04:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2004/08/03 23:08:06 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2004/08/03 18:58:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 09:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2004/08/03 22:58:32 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2004/08/03 22:58:22 | 00,072,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2004/08/03 23:00:58 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2006/05/05 01:41:45 | 00,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/03 23:00:42 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2004/08/03 23:04:14 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2004/08/03 22:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2004/08/03 22:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2004/08/03 22:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2004/08/03 23:07:48 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/03 22:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 22:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 22:29:38 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2004/08/03 23:15:22 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2004/08/03 23:04:52 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2004/08/03 23:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2002/08/29 04:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2004/08/03 23:03:14 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2004/08/03 23:14:32 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2002/08/29 04:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2004/08/03 23:03:22 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2004/08/03 23:14:38 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2007/04/10 10:34:08 | 00,015,360 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\drivers\ngfilter.sys
[2007/04/10 10:32:52 | 00,017,920 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\drivers\nglog.sys
[2007/04/10 10:34:02 | 00,070,144 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\drivers\NgVpn.sys
[2004/08/03 22:58:30 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2002/08/29 04:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2004/08/03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2007/01/25 09:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys
[2004/08/03 23:00:44 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2004/08/03 23:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys
[2004/08/03 23:15:10 | 00,574,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 22:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2002/08/29 04:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2005/04/20 22:21:16 | 00,039,552 | ---- | M] (Novatel Wireless, Inc.) -- C:\WINDOWS\system32\drivers\nw620.sys
[2009/05/26 16:38:06 | 00,222,720 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys
[2002/08/29 04:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2002/08/29 04:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2004/08/03 23:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2002/08/29 04:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2002/08/29 04:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2004/08/03 23:02:24 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2007/10/12 16:04:38 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys
[2007/10/12 16:04:38 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser.sys
[2007/10/12 16:04:38 | 00,099,200 | ---- | M] (Novatel Wireless Inc.) -- C:\WINDOWS\system32\drivers\nwusbser2.sys
[2007/01/30 15:09:38 | 00,196,096 | ---- | M] (Novatel Wireless, Inc.) -- C:\WINDOWS\system32\drivers\NWVNdis.sys
[2002/08/29 04:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/11/29 14:37:12 | 00,033,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys
[2004/08/03 22:59:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2004/08/03 22:59:08 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2002/08/29 04:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2002/08/29 04:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2007/02/02 17:38:08 | 00,018,944 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCAMp50.sys
[2008/10/15 11:58:32 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys
[2004/08/03 23:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 12:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2004/08/03 22:59:42 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2004/08/03 23:07:48 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/12/18 10:16:56 | 00,073,840 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
[2009/04/03 09:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys
[2008/12/11 07:38:22 | 00,159,600 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys
[2009/05/26 16:37:58 | 00,038,680 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\drivers\pctnullport.sys
[2008/12/10 10:36:04 | 00,064,392 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys
[2002/12/04 20:10:28 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS
[2004/08/03 23:15:50 | 00,145,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2004/08/03 22:59:18 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2004/08/03 23:04:20 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2002/08/29 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2003/07/30 02:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2002/08/29 04:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2001/08/17 05:51:32 | 00,019,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasirda.sys
[2004/08/03 23:14:24 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2004/08/03 23:05:08 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2004/08/03 23:14:28 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2002/08/29 04:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2002/08/29 04:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2006/05/05 01:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2002/08/29 04:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2004/08/03 23:01:16 | 00,196,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2005/06/09 20:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2004/08/03 22:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2004/08/03 23:10:40 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys
[2002/08/29 04:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2002/08/29 04:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2002/08/29 04:00:00 | 00,200,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RMCast.sys
[2005/10/20 17:47:04 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2005/10/20 17:47:04 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2002/08/29 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2006/06/16 14:50:46 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys
[2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2004/08/03 22:59:42 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2004/08/03 23:07:48 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2005/05/24 22:09:23 | 00,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2003/12/23 04:42:00 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys
[2003/07/16 06:27:40 | 00,043,264 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys
[2004/08/03 22:59:08 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2004/08/03 23:15:54 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2001/08/17 13:48:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys
[2004/08/03 22:59:56 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2004/08/03 22:59:56 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2004/08/03 22:59:56 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2004/05/14 12:59:00 | 00,004,608 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ShockMgr.sys
[2004/07/06 16:50:36 | 00,059,520 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\shockprf.sys
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2004/08/03 22:41:42 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 22:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 22:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 22:41:46 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2003/10/24 00:35:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS
[2004/08/03 23:07:38 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2002/08/29 04:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2005/03/28 08:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys
[2003/12/20 04:42:00 | 00,026,120 | ---- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
[2004/08/03 23:09:56 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2006/06/14 00:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2004/08/03 23:06:26 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2006/08/14 02:34:41 | 00,332,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2004/08/03 23:08:04 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2004/08/03 22:58:42 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2001/08/17 13:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2009/03/06 21:51:52 | 00,026,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\swmsflt.sys
[2009/05/26 16:38:12 | 00,149,512 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swmx00.sys
[2009/05/26 16:38:12 | 00,171,144 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys
[2003/05/30 14:51:06 | 00,073,224 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2003/06/24 10:16:30 | 00,265,744 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys
[2004/08/03 23:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2004/08/03 23:00:00 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/05/07 10:06:23 | 00,025,984 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\taprss0001.sys
[2006/01/13 09:07:08 | 00,360,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/08/16 01:37:30 | 00,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2009/05/26 16:38:00 | 00,018,816 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\drivers\tcpipBM.sys
[2004/08/03 23:07:50 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2004/08/04 01:01:08 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2003/10/24 00:35:00 | 00,008,831 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS
[2004/08/04 01:01:08 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/04 01:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2002/08/29 04:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2003/05/15 02:10:00 | 00,013,904 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\tp4track.sys
[2004/06/09 19:19:46 | 00,016,340 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys
[2004/07/29 01:37:00 | 00,016,384 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\TPPWR.SYS
[2002/08/29 04:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2003/02/06 02:12:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS
[2004/08/03 23:03:18 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2004/08/03 23:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2004/08/03 23:00:32 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2004/08/03 22:58:34 | 00,209,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2005/10/20 17:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2005/10/20 17:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2002/08/29 04:00:00 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2002/08/29 04:00:00 | 00,023,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2004/08/03 19:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2002/08/29 04:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2004/08/03 23:08:38 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2004/08/03 23:08:44 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2004/08/03 23:08:58 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2004/08/03 23:08:38 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys
[2004/08/03 23:08:44 | 00,142,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2004/08/03 22:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2004/08/03 22:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 23:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2004/08/03 23:08:38 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2004/08/03 23:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2002/08/29 04:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2004/08/03 23:07:08 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2004/08/03 23:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2004/08/03 23:07:06 | 00,079,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2004/08/03 23:00:18 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2006/07/13 11:33:08 | 00,674,560 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w70n51.sys
[2004/08/03 23:04:54 | 00,013,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 22:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 22:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 22:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 22:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2004/08/03 23:04:58 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 22:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 22:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys
[2006/06/14 01:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2002/08/29 04:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2005/09/26 15:02:50 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\WPN111.sys
[2002/08/29 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys
[2005/08/17 14:43:26 | 00,329,728 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211BU.SYS
[2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys
[2005/03/18 15:35:28 | 00,031,744 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\ZDPSp50a64.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 2688 bytes -> C:\WINDOWS\creo.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:9513755382EEAE1C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:526199B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A62A91
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8D0A9E5
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >







OTL Extras logfile created on: 11/9/2009 5:44:21 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = D:\My Documents\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.92 Mb Total Physical Memory | 99.57 Mb Available Physical Memory | 19.49% Memory free
1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 2.87 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 3.96 Gb Free Space | 7.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T42
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"58375:TCP" = 58375:TCP:*:Enabled:Pando Media Booster
"58375:UDP" = 58375:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8338:TCP" = 8338:TCP:*:Enabled:WWW
"58375:TCP" = 58375:TCP:*:Enabled:Pando Media Booster
"58375:UDP" = 58375:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SAP\FrontEnd\sapgui\saplogon.exe" = C:\Program Files\SAP\FrontEnd\sapgui\saplogon.exe:*:Enabled:SAPlogon -- (SAP AG, Walldorf)
"C:\Program Files\RealVNC\WinVNC\winvnc.exe" = C:\Program Files\RealVNC\WinVNC\winvnc.exe:*:Enabled:winvnc.exe -- File not found
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\games\NovaLogic\Delta Force Xtreme\dfx.exe" = D:\Program Files\games\NovaLogic\Delta Force Xtreme\dfx.exe:*:Disabled:dfx -- File not found
"C:\Program Files\NovaLogic\Delta Force Task Force Dagger\Update.exe" = C:\Program Files\NovaLogic\Delta Force Task Force Dagger\Update.exe:*:Enabled:Update -- File not found
"C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe" = C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe:*:Enabled:DFTFD -- File not found
"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe" = C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:dfbhd -- File not found
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™ -- File not found
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Creo\Proofer Client\jre\bin\javaw.exe" = C:\Program Files\Creo\Proofer Client\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"D:\StubInstaller.exe" = D:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"D:\Program Files\Raven\SOF PLATINUM\SoF.exe" = D:\Program Files\Raven\SOF PLATINUM\SoF.exe:*:Enabled:SoF -- File not found
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- File not found
"D:\Program Files\Kodak\Proofer Client 3.0.5.14\jre\bin\javaw.exe" = D:\Program Files\Kodak\Proofer Client 3.0.5.14\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Creo\FeatureLicensing\ServiceDongleManager\ServiceDongleManager.exe" = C:\Creo\FeatureLicensing\ServiceDongleManager\ServiceDongleManager.exe:*:Enabled:CFL Service Dongle Manager -- (Kodak)
"D:\Program Files\Kodak\Proofer Client 3.1.3.42\jre\bin\javaw.exe" = D:\Program Files\Kodak\Proofer Client 3.1.3.42\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Kodak\Proofer Client 3.1.3.42\jre\bin\javaw.exe" = C:\Program Files\Kodak\Proofer Client 3.1.3.42\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Kodak\Proofer Client 3.1.5.23\jre\bin\javaw.exe" = C:\Program Files\Kodak\Proofer Client 3.1.5.23\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Creo\FeatureLicensing\Server\CFLManager.exe" = C:\Creo\FeatureLicensing\Server\CFLManager.exe:*:Enabled:Creo License Manager -- (Creo Inc.)
"C:\Creo\FeatureLicensing\Server\CFLSvc.exe" = C:\Creo\FeatureLicensing\Server\CFLSvc.exe:*:Enabled:Creo Feature Licensing Service -- (Creo Inc.)
"D:\ServiceShell\Bin\ServiceMonitor.exe" = D:\ServiceShell\Bin\ServiceMonitor.exe:*:Enabled:Service Monitor -- (Creo)
"D:\ServiceShell\Bin\CreoDeviceServer.exe" = D:\ServiceShell\Bin\CreoDeviceServer.exe:*:Enabled:Creo Device Server -- (Creo)
"D:\ServiceShell\Bin\LogViewSrv.exe" = D:\ServiceShell\Bin\LogViewSrv.exe:*:Enabled:Log View Server -- (Creo)
"C:\Program Files\Kodak\Proofer Client 3.1.5.31\jre\bin\javaw.exe" = C:\Program Files\Kodak\Proofer Client 3.1.5.31\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Kodak\Proofer Client 3.1.72.107\jre\bin\javaw.exe" = C:\Program Files\Kodak\Proofer Client 3.1.72.107\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"D:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE" = D:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE:*:Enabled:UPDATE -- File not found
"D:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe" = D:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Enabled:dfbhd -- File not found
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"d:\Program Files\BitTorrent\bittorrent.exe" = d:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system\VMwareService.exe" = C:\WINDOWS\system\VMwareService.exe:*:Enabled:Microsoft Enabled -- File not found
"E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe:*:Enabled:Microsoft Enabled -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16)
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AAE3976-3167-4BDF-B785-00E19C6671A3}" = Lotus Notes 6.5.4
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{26502D04-57B1-4A2D-8D5D-9DE36FC99355}" = Mobile Broadband Generic Drivers
"{26BA1D48-4E7B-496D-82AD-855A32184810}" = CFL Service Dongle Manager
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37FD2F04-EC91-41AE-B5AB-AFF904BF20EE}" = Mobile Broadband Drivers
"{3CC023A9-CE6C-44E5-BB0E-457F84F0B895}" = Sprint SmartView
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{523113E0-ABFD-11D3-BE74-0000E20392C2}" = Outcast Patch
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}" = Intel® Sebring API
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B8F5331-BF41-4FCF-906E-331EA6EAA32F}" = Desktop Notifier
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6F0322EC-B204-4071-AF0B-532498DB2921}" = TouchCopy 09
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FCE7FC-4871-4D45-8008-4F1780020C72}" = Sprint Mobile Broadband (Novatel Wireless)
"{7D37AB90-C6C1-11D5-9342-0008C7BAE0E5}" = Lotem400V - 1.60.09
"{7E0ABEC6-BF85-4782-8AA3-33FF0DA6F16F}" = Service Shell CTP Client
"{7E7BF342-AE8B-452D-857F-F0DE6B16EE84}" = TouchCopy
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8966081A-6A5A-4732-A103-79F929096BBA}" = Creo SMST - Service Personnel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{9092C0B8-D5F3-4BF9-808D-20892DEB4F8B}" = SMS Advanced Client
"{91E59EA8-B680-412B-8130-4F233FABAC2D}" = Sentinel System Driver 5.42.0 (32-bit)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3003AC0-14BA-11D5-806B-00A0C93EC665}" = Service Shell CTP Host
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A918DE8A-98C8-0900-0000-000000100020}" = LG VX4700/VX4650 USB - Handset Manager V9
"{A918DE8A-98C8-0900-0001-000000000000}" = Multimedia Samples
"{A918DE8A-98C8-0920-0000-000000220088}" = Samsung A930 USB - Handset Manager V9.2
"{A9C28C15-1D09-4382-869A-07BF64E672F4}" = Samsung USB Driver (MCCI 4.24)
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAC02C4-BD7B-4BCE-902F-F7A610AFE26E}" = PCLink2003_770
"{D744BF30-C1F8-4474-9C6A-446389738887}" = V620 Driver Setup
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD6D78C5-297E-4688-AD27-D2CD3789348A}" = Creo Feature Licensing Server
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (ENDB)
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F75EB17A-DCD5-4D72-939C-83C599C786A5}" = Creo Feature Licensing Definition Files
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FB3B43A2-CA2A-11D5-A718-0050DAE02D76}" = SAPsetup System Update
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"CCleaner" = CCleaner (remove only)
"ChoiceMail 4.5" = ChoiceMail 4.5
"Citrix ICA Client" = Citrix ICA Client
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"Creo Proofer Client 3.0.2.81" = Creo Proofer Client 3.0.2.81
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1
"GCG Feedback Process_is1" = GCG Feedback Process 051508
"GCG Support Services_is1" = GCG Support Services 05-14-08
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16)
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{A9C28C15-1D09-4382-869A-07BF64E672F4}" = Samsung USB Driver (MCCI 4.24)
"iRiver AutoDB" = iRiver AutoDB
"KeepV Flash Converter_is1" = KeepV Flash Converter
"Kodak Call Flow Processes_is1" = Kodak Call Flow Processes 05-14-08
"Kodak Field Operations_is1" = Kodak Field Operations 05-14-08
"Kodak Field Revenue Programs_is1" = Kodak Field Revenue Programs 05-14-08
"Kodak Proofer Client 3.0.5.14" = Kodak Proofer Client 3.0.5.14
"Kodak Proofer Client 3.1.3.42" = Kodak Proofer Client 3.1.3.42
"Kodak Proofer Client 3.1.5.23" = Kodak Proofer Client 3.1.5.23
"Kodak Proofer Client 3.1.5.31" = Kodak Proofer Client 3.1.5.31
"Kodak Proofer Client 3.1.72.107" = Kodak Proofer Client 3.1.72.107
"Kodak Proofer Client 3.2.2.169" = Kodak Proofer Client 3.2.2.169
"LIVE TV_is1" = Live TV
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Moleskinsoft Clone Remover 3.8_is1" = Moleskinsoft Clone Remover 3.8
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Outcast" = Outcast
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PrimoPDF3.1" = PrimoPDF
"Procomm Plus" = Symantec Procomm Plus
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"REDC" = REDC 2.0.7-gui-1.0.1
"REDT_is1" = RSS Engineering Desktop Tools 1.0 (Build date June 11 2008)
"SAPFrontend" = SAP Front End
"ServiceLink_is1" = Service Link 1.15
"Spyware Doctor" = Spyware Doctor 6.1
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackPoint" = IBM TrackPoint Support
"Unlocker" = Unlocker 1.8.7
"URL Helper_is1" = URL Helper
"V3.2_is1" = File Scavenger 3.2
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wootalyzer" = Wootalyzer!
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-214099845-784950871-2387590086-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2009 3:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/5/2009 4:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/5/2009 5:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/5/2009 6:09:07 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/5/2009 7:09:06 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/5/2009 8:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/6/2009 6:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/6/2009 7:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/6/2009 8:09:05 AM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

Error - 11/9/2009 8:09:06 PM | Computer Name = T42 | Source = Google Update | ID = 20
Description =

[ CFLS Log Events ]
Error - 1/5/2009 6:59:03 PM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/6/2009 5:23:22 AM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/7/2009 5:08:28 PM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/7/2009 5:12:15 PM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/8/2009 8:16:24 PM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/10/2009 7:05:37 AM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/16/2009 10:24:01 AM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/16/2009 8:40:51 PM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/19/2009 10:14:26 AM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

Error - 1/19/2009 2:00:48 PM | Computer Name = T42 | Source = CFL Service | ID = 0
Description = No serial number in license.

[ System Events ]
Error - 11/8/2009 9:38:39 PM | Computer Name = T42 | Source = Service Control Manager | ID = 7034
Description = The Uninterruptible Power Supply service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/8/2009 9:53:10 PM | Computer Name = T42 | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%123

Error - 11/8/2009 9:53:10 PM | Computer Name = T42 | Source = Service Control Manager | ID = 7000
Description = The Uninterruptible Power Supply service failed to start due to the
following error: %%2

Error - 11/8/2009 9:54:41 PM | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = The Choice Mail service hung on starting.

Error - 11/9/2009 12:14:57 AM | Computer Name = T42 | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%123

Error - 11/9/2009 12:14:57 AM | Computer Name = T42 | Source = Service Control Manager | ID = 7000
Description = The Uninterruptible Power Supply service failed to start due to the
following error: %%2

Error - 11/9/2009 12:16:31 AM | Computer Name = T42 | Source = Service Control Manager | ID = 7022
Description = The Choice Mail service hung on starting.

Error - 11/9/2009 9:02:00 PM | Computer Name = T42 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/9/2009 9:02:00 PM | Computer Name = T42 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/9/2009 9:38:58 PM | Computer Name = T42 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:12 AM

Posted 10 November 2009 - 08:11 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 LLoydering

LLoydering
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 November 2009 - 10:44 PM

During combofix a message popped up several times "Are you sure to close ccproxy?" with yes/no options. Should I be suspicious of the poor grammar when that file is supposed to be part of Symantec? Another infection? Also, should I keep trying to run malwarebytes?

combofix log:


ComboFix 09-11-09.02 - Administrator 11/10/2009 19:00.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.211 [GMT -8:00]
Running from: d:\my documents\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\sl\database\SL_1.ldb
c:\data\sl\database\SL_1.mdb
c:\documents and settings\Administrator\Application Data\Desktopicon
c:\documents and settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
c:\windows\jestertb.dll
c:\windows\system32\CleanMantra32.dll

----- BITS: Possible infected sites -----

hxxp://CCASMS1:80
hxxp://150.247.78.151:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-11 03:12 . 2009-11-11 03:12 53248 ----a-w- c:\temp\catchme.dll
2009-11-08 20:55 . 2009-04-12 23:09 -------- d-sh--r- c:\windows\system\IME
2009-11-08 20:55 . 2009-11-11 03:11 2742 ----a-w- c:\windows\system32\MSTORES.DLL
2009-11-08 20:55 . 2009-10-26 09:54 421888 ---ha-r- c:\windows\system32\monsync.exe
2009-11-08 20:55 . 2001-12-13 06:10 69632 ----a-w- c:\windows\system32\uuid.dll
2009-11-08 01:47 . 2009-11-08 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-11-08 01:47 . 2009-11-08 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TVU Networks
2009-11-08 01:47 . 2009-11-08 01:47 -------- d-----w- c:\documents and settings\Administrator\LocalLow
2009-11-08 01:47 . 2009-11-08 01:47 -------- d-----w- c:\windows\system32\TVUAx
2009-11-08 01:24 . 2009-11-08 01:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-08 01:23 . 2009-11-08 01:23 -------- d-----w- c:\program files\Real
2009-11-08 01:23 . 2009-11-08 01:23 -------- d-----w- c:\program files\Common Files\Real
2009-10-27 04:18 . 2009-10-27 04:18 10752 ----a-w- c:\windows\DCEBoot.exe
2009-10-27 02:01 . 2009-10-27 02:01 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 03:07 . 2009-09-22 20:45 -------- d-----w- c:\program files\Shared
2009-11-10 15:59 . 2007-09-28 20:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-11-10 05:21 . 2008-01-11 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 03:50 . 2003-05-31 00:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 03:39 . 2008-07-25 05:53 -------- d-----w- c:\program files\Unlocker
2009-11-10 03:30 . 2006-05-22 23:01 -------- d-----w- c:\program files\Kodak
2009-11-10 03:17 . 2008-02-19 22:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-10 01:59 . 2008-12-16 08:46 30272 ----a-w- c:\windows\system32\drivers\pssdk31.drv
2009-11-08 01:23 . 2004-04-11 16:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-26 23:39 . 2008-12-29 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-24 05:55 . 2009-08-24 05:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2000-02-28 20:40 . 2006-04-26 13:29 995383 ------w- c:\program files\internet explorer\plugins\mfc42.dll
2001-03-22 12:58 . 2006-04-26 13:29 131072 ------w- c:\program files\internet explorer\plugins\viewkv.dll
2001-03-22 12:58 . 2006-04-26 13:29 118784 ------w- c:\program files\internet explorer\plugins\viewmgr.dll
2001-03-22 12:58 . 2006-04-26 13:29 110592 ------w- c:\program files\internet explorer\plugins\viewpdf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-08-28 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"REDC-gui"="c:\program files\REDS\REDC\bin\REDC-gui.exe" [2008-06-09 117248]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-05-27 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-05-27 316672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-08 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2116618328-1462188296-937766905-5437\Scripts\Logon\0\0]
"Script"=AddAdminGroup.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CFL Service Dongle Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CFL Service Dongle Manager.lnk
backup=c:\windows\pss\CFL Service Dongle Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Host.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Host.lnk
backup=c:\windows\pss\Service Host.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Creo\\FeatureLicensing\\ServiceDongleManager\\ServiceDongleManager.exe"=
"c:\\Creo\\FeatureLicensing\\Server\\CFLManager.exe"=
"c:\\Creo\\FeatureLicensing\\Server\\CFLSvc.exe"=
"d:\\ServiceShell\\Bin\\ServiceMonitor.exe"=
"d:\\ServiceShell\\Bin\\CreoDeviceServer.exe"=
"d:\\ServiceShell\\Bin\\LogViewSrv.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8338:TCP"= 8338:TCP:WWW

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [5/30/2003 4:55 PM 16384]
R2 Creo Feature Licensing;Creo Feature Licensing;c:\creo\FeatureLicensing\Server\CFLSvc.exe [5/19/2005 3:32 PM 122880]
R2 MSSQL$ENDB;MSSQL$ENDB;c:\program files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlservr.exe -sENDB --> c:\program files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlservr.exe -sENDB [?]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [4/10/2007 10:34 AM 194629]
R2 ServicePort;ServicePort;c:\program files\REDS\ServicePort\bin\service\JavaService.exe [6/3/2009 11:24 PM 65536]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [4/10/2007 10:32 AM 17920]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\NgVpn.sys [4/10/2007 10:34 AM 70144]
R3 taprss0001;RSS Support Adapter;c:\windows\system32\drivers\taprss0001.sys [5/7/2008 10:06 AM 25984]
S2 MonSync;Serial Port Synchronization Monitor;c:\windows\system32\monsync.exe [11/8/2009 12:55 PM 421888]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/22/2003 2:27 PM 344800]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/30/2008 7:22 PM 16512]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/19/2007 12:30 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/19/2007 12:30 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/19/2007 12:30 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/19/2007 12:30 PM 10368]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [6/24/2003 4:43 AM 46108]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/20/2008 12:24 AM 17149]
S3 hamachi_oem;Kodak Support Adapter;c:\windows\system32\drivers\hamachi_oem.sys [3/13/2007 7:22 PM 10496]
S3 LaunchServiceHost;LaunchServiceHost;d:\serviceshell\Bin\LaunchServiceHost.exe [2/28/2006 11:08 AM 172032]
S3 maa950c;maa950c;c:\windows\system32\drivers\maa950c.sys [11/11/2006 3:54 PM 24784]
S3 maa950m;maa950m;c:\windows\system32\drivers\maa950m.sys [11/11/2006 3:54 PM 25044]
S3 maa950u;maa950u;c:\windows\system32\drivers\maa950u.sys [11/11/2006 3:54 PM 49237]
S3 MLFILEM;MLFILEM;\??\c:\windows\system32\drivers\MLFILEM.SYS --> c:\windows\system32\drivers\MLFILEM.SYS [?]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [4/10/2007 10:34 AM 15360]
S3 Novatel;Novatel Wireless EVDO Network Adapter;c:\windows\system32\drivers\nw620.sys [4/20/2005 10:21 PM 39552]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [1/30/2007 3:09 PM 99200]
S3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\drivers\NWVNdis.sys [1/30/2007 3:09 PM 196096]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 PCG_NT;PCG_NT;\??\e:\tkmbrow\PCG_2K.SYS --> e:\tkmbrow\PCG_2K.SYS [?]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [12/16/2008 12:46 AM 30272]
S3 SQLAgent$ENDB;SQLAgent$ENDB;c:\program files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlagent.EXE -i ENDB --> c:\program files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlagent.EXE -i ENDB [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
civhsqpc
.
Contents of the 'Scheduled Tasks' folder

2005-05-18 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-05-31 09:37]

2009-11-11 c:\windows\Tasks\{12993B07-0861-4852-A9AF-68A8BF6684C6}_T42_Administrator.job
- c:\windows\SYSTEM32\mobsync.exe [2002-08-29 08:56]

2009-11-09 c:\windows\Tasks\{434FBAE0-379D-4F19-BDB4-CA082AA3DEA9}_T42_Administrator.job
- c:\windows\SYSTEM32\mobsync.exe [2002-08-29 08:56]

2009-11-07 c:\windows\Tasks\{F98D696B-F6AB-40CA-BE88-249F1124D725}_T42_Administrator.job
- c:\windows\SYSTEM32\mobsync.exe [2002-08-29 08:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://creonet.creo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: creo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
.
- - - - ORPHANS REMOVED - - - -

AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 19:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(2320)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\bmnet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\windows\System32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$ENDB\Binn\sqlservr.exe
d:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-11 19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 03:17

Pre-Run: 7,118,143,488 bytes free
Post-Run: 7,131,279,360 bytes free

- - End Of File - - 582F7477A2A3EBC04E34726404E9785E

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:12 AM

Posted 11 November 2009 - 08:28 AM

Let me know if you get that notification again.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 LLoydering

LLoydering
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 11 November 2009 - 10:58 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=34b37adf650da0428fe8799d56815d67
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-11 03:16:45
# local_time=2009-11-11 07:16:45 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 416291 416291 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=65079
# found=2
# cleaned=2
# scan_time=5831
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe.vir a variant of Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:12 AM

Posted 11 November 2009 - 08:32 PM

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users