Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Win32:koobface-z [wrm]


  • This topic is locked This topic is locked
16 replies to this topic

#1 cyberski

cyberski

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 10 November 2009 - 10:03 PM

Hello all...

I have a Gateway NV52 laptop running Vista Home 64 bit and it is infected with win32:koobface-z
Avast! catches and quarantines 2 instances of it whenever they try to run.
Malwarebytes, Superantispyware, a-squared free, and a-squared antiMalware do not detect or remove them.


Here is my DDS.txt file. Being a 64 bit system, I could not run the rootrepeal tool.
Thank You...
Jim


DDS (Ver_09-10-26.01) - NTFSX64
Run by Hoochie addy at 20:40:45.33 on Tue 11/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2187 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Hoochie addy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [a-squared] "c:\program files (x86)\a-squared anti-malware\a2guard.exe" /d=60
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: + &Mass Downloader: download this file - c:\program files (x86)\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files (x86)\mass downloader\Add_All.htm
IE: Customize Menu - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files (x86)\mass downloader\massdown.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files (x86)\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\syswow64\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files (x86)\keyscrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
AppInit_DLLs-X64: c:\windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\hoochi~1\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files (x86)\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - component: c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-5-12 225296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-11 89680]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-11 117064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-11 33128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-11 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-11 65616]
R2 ePowerSvc;Acer ePower Service;c:\program files\gateway\gateway power management\ePowerSvc.exe [2009-5-12 839200]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\gateway mybackup\IScheduleSvc.exe [2009-3-10 44800]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R3 a2exec;a-squared OnExecution scan driver.;c:\program files (x86)\a-squared anti-malware\a2exec64.sys [2009-7-22 10608]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-5-12 292864]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2008-9-3 390656]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-9-2 130160]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-5-12 460800]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-5-12 26168]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-6-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
S2 gupdate1ca05213a9897f8;Google Update Service (gupdate1ca05213a9897f8);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-7-15 133104]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-10 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-6-23 7408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-10 08:18:52 0 d-----w- c:\program files (x86)\Mass Downloader
2009-11-10 08:18:39 0 d-----w- c:\users\hoochi~1\appdata\roaming\MetaProducts
2009-11-06 21:52:40 524288 --sha-w- c:\users\hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms
2009-11-06 21:52:40 524288 --sha-w- c:\users\hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms
2009-11-06 21:52:39 65536 --sha-w- c:\users\hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TM.blf
2009-11-02 05:55:54 0 d-----w- c:\program files (x86)\Duplicate Cleaner
2009-10-31 19:36:04 0 d-----w- c:\program files (x86)\CDex_170b2
2009-10-28 00:50:57 99384 ----a-w- c:\users\hoochi~1\appdata\roaming\inst.exe
2009-10-28 00:50:57 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-28 00:50:57 82816 ----a-w- c:\users\hoochi~1\appdata\roaming\pcouffin.sys
2009-10-28 00:50:38 0 d-----w- c:\program files (x86)\DVDFab 6
2009-10-26 05:06:43 376 ----a-w- c:\windows\ODBC.INI
2009-10-26 05:03:26 0 d-----w- c:\program files (x86)\Microsoft ActiveSync
2009-10-25 20:10:48 0 d-----w- C:\Temp
2009-10-22 00:29:42 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 23:24:36 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 23:23:55 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 23:23:55 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-10-19 23:23:55 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-10-19 23:23:55 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-10-19 23:23:30 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-19 23:23:30 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 23:23:30 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-19 23:23:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-10-17 02:58:07 0 d-----w- c:\program files (x86)\Defraggler
2009-10-14 23:12:19 0 d-----w- c:\users\hoochie addy\dwhelper
2009-10-13 02:46:36 65536 --sha-w- c:\users\hoochie addy\ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TM.blf
2009-10-13 02:46:36 524288 --sha-w- c:\users\hoochie addy\ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms
2009-10-13 02:46:36 524288 --sha-w- c:\users\hoochie addy\ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2009-10-28 00:51:32 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 00:51:32 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-28 00:51:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-26 05:13:02 216 ----a-w- c:\users\hoochi~1\appdata\roaming\wklnhst.dat
2009-08-17 16:10:20 1279456 ----a-w- c:\windows\syswow64\aswBoot.exe
2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-03-26 04:29:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-24 17:39:14 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-24 17:39:14 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-24 17:39:14 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-24 17:39:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 20:41:54.53 ===============

s522Dck.jpg


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:43 PM

Posted 17 November 2009 - 08:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 17 November 2009 - 09:44 PM

First and foremost, thanks for taking a look at my situation. :(

The problem is still active, although the occurrence of the files popping up has somewhat slowed down over the past couple days. I'm not sure how to export a log from the Avast! chest showing the files and what action i've taken, so I just did a screencap of what's in the chest and showing the the times, etc.... I'll attach that file as "chest"

What happens is when i'm randomly surfing the web, the two instances of win32:koobface-z [wrm] pop up one right after the other (one is ld14.exe and the other is $RRB092P.exe), and avast! does catch them and I then put them in the avast chest (avast recommended)
There doesn't seem to be any specific website or action by me that triggers them, it's completely random.
As far as what i've done, i've ran malwarebytes, avast!, superantispyware, a-squared free and a-squared anti-malware and outside of avast! catching them and putting them in the chest, nothing else has been done. All the other apps do not catch/detect the two instances.

Here is the current DDS.txt file, and i'll attach the attatch.txt and chest.jpg files.

Thank You Again...
Jim



DDS (Ver_09-10-26.01) - NTFSX64
Run by Hoochie addy at 19:41:49.69 on Tue 11/17/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2077 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hoochie addy\Desktop\koobface\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [a-squared] "c:\program files (x86)\a-squared anti-malware\a2guard.exe" /d=60
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files (x86)\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files (x86)\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\syswow64\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files (x86)\keyscrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
AppInit_DLLs-X64: c:\windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\hoochi~1\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files (x86)\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - component: c:\users\hoochie addy\appdata\roaming\mozilla\firefox\profiles\dwv5opwk.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-5-12 225296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-11 89680]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-11 117064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-11 33128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-11 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-11 65616]
R3 a2exec;a-squared OnExecution scan driver.;c:\program files (x86)\a-squared anti-malware\a2exec64.sys [2009-11-11 10608]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-5-12 292864]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2008-9-3 390656]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-9-2 130160]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-5-12 460800]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-5-12 26168]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-6-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-6-23 7408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-16 04:57:03 0 d-----w- c:\program files (x86)\Identity Finder 4
2009-11-16 04:02:18 0 d-----w- c:\program files (x86)\MS PowerPoint Extract Images From Presentations Software
2009-11-12 06:04:31 0 d-----w- c:\program files (x86)\CCleaner
2009-11-12 05:47:58 0 d-----w- c:\program files (x86)\a-squared Anti-Malware
2009-11-11 03:12:12 0 d-----w- C:\HiJackThis
2009-11-10 08:18:39 0 d-----w- c:\users\hoochi~1\appdata\roaming\MetaProducts
2009-11-06 21:52:40 524288 --sha-w- c:\users\hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms
2009-11-06 21:52:40 524288 --sha-w- c:\users\hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms
2009-11-06 21:52:39 65536 --sha-w- c:\users\hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TM.blf
2009-11-02 05:55:54 0 d-----w- c:\program files (x86)\Duplicate Cleaner
2009-10-31 19:36:04 0 d-----w- c:\program files (x86)\CDex_170b2
2009-10-28 00:50:57 99384 ----a-w- c:\users\hoochi~1\appdata\roaming\inst.exe
2009-10-28 00:50:57 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-28 00:50:57 82816 ----a-w- c:\users\hoochi~1\appdata\roaming\pcouffin.sys
2009-10-28 00:50:38 0 d-----w- c:\program files (x86)\DVDFab 6
2009-10-26 05:06:43 376 ----a-w- c:\windows\ODBC.INI
2009-10-26 05:03:26 0 d-----w- c:\program files (x86)\Microsoft ActiveSync
2009-10-25 20:10:48 0 d-----w- C:\Temp
2009-10-22 00:29:42 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 23:24:36 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 23:23:55 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 23:23:55 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-10-19 23:23:55 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-10-19 23:23:55 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-10-19 23:23:30 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-19 23:23:30 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 23:23:30 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-19 23:23:29 36864 ----a-w- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-10-28 00:51:32 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 00:51:32 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-28 00:51:29 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-26 05:13:02 216 ----a-w- c:\users\hoochi~1\appdata\roaming\wklnhst.dat
2009-03-26 04:29:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-24 17:39:14 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-24 17:39:14 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-24 17:39:14 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-24 17:39:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 19:43:55.75 ===============

s522Dck.jpg


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:43 AM

Posted 20 November 2009 - 06:43 AM

Hello my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.


Your log will be analyzed and you will be instructed on what to do next as soon as possible.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 21 November 2009 - 02:55 AM

Hello my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.


Your log will be analyzed and you will be instructed on what to do next as soon as possible.

Sounds good.

Thanks Sempai

s522Dck.jpg


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:43 AM

Posted 24 November 2009 - 10:33 AM

Hi,

I want you to know that I haven't forgotten you, things are really busy right now. I will post the necessary instructions, ASAP.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 24 November 2009 - 02:56 PM

Hi,

I want you to know that I haven't forgotten you, things are really busy right now. I will post the necessary instructions, ASAP.

Not a problem sempai.
I understand how things can get busy

s522Dck.jpg


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:43 AM

Posted 25 November 2009 - 03:53 AM

Hello cyberski,

Sorry for the delay, forum have been busy.


I can see that you have Avast4 and COMODO Internet Security both installed in your system. COMODO Internet Security is a firewall with anti virus program. Having 2 AV programs installed at the same time is not recommended so make sure that when you installed Comodo, make sure not to install the COMODO Anti virus and Ask search bar/toolbar when ask during the installation.



1. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case µTorrent).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




2. Download TFC to your desktop (TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once it's finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Note: TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.




3. Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply .


4. Let's do a scan with OTS.
  • Download OTS (by Oldtimer) to your Desktop.
  • Close all other programs and don't do anything while the scan is in progress because it may freeze.
  • Double-click on OTS.exe then click Run to start the program. (Do not change any settings).

    Notes:
    1.
    If you are using Windows Vista, please right-click on it and select run as administrator.
    2. If you are using a Windows 64bit machine, please make sure the checkbox next to 64Bit box is checked.

  • Click the Run Scan button to start the scan.
  • When the scan is complete, It will produce a report and a notepad will open.
  • Click Format tab in the notepad and make sure that Wordwrap is uncheck.
  • Post the entire content of the text file when you reply.

    Note: If the text file is too big to post, you can attach it instead. The log is located on your desktop as OTS.txt




~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 28 November 2009 - 07:04 PM

OK, so I did the kaspersky scan and it did not find anything. Log still attached.

Uninstalled and reinstalled comodo this time without the anti virus and the hopsurf/ask toolbar.

Here's the OTS file:


OTS logfile created on: 11/28/2009 5:23:06 PM - Run 1
OTS by OldTimer - Version 3.1.8.1	 Folder = C:\Users\Hoochie addy\Desktop\koobface
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.05% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 147.20 Gb Free Space | 51.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOOCHIEDADDY-PC
Current User Name: Hoochie addy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Hoochie addy\Desktop\koobface\OTS.exe -> [2009/11/28 17:18:52 | 00,531,968 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2009/11/24 02:44:00 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com)
a2guard.exe -> C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe -> [2009/11/05 11:28:00 | 03,279,192 | ---- | M] (Emsi Software GmbH)
a2guard.exe -> C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe -> [2009/11/05 11:28:00 | 03,279,192 | ---- | M] (Emsi Software GmbH)
a2guard.exe -> C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe -> [2009/11/05 11:28:00 | 03,279,192 | ---- | M] (Emsi Software GmbH)
a2guard.exe -> C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe -> [2009/11/05 11:28:00 | 03,279,192 | ---- | M] (Emsi Software GmbH)
a2service.exe -> C:\Program Files (x86)\a-squared Free\a2service.exe -> [2009/10/21 18:23:50 | 01,858,144 | ---- | M] (Emsi Software GmbH)
a2service.exe -> C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe -> [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
tomtomhomeservice.exe -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
ashdisp.exe -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [2009/08/17 10:07:23 | 00,081,000 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 10:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 10:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 10:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
aswupdsv.exe -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/08/17 09:58:55 | 00,018,752 | ---- | M] (ALWIL Software)
aswupdsv.exe -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/08/17 09:58:55 | 00,018,752 | ---- | M] (ALWIL Software)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/07/10 22:48:42 | 00,068,856 | ---- | M] (Google Inc.)
ischedulesvc.exe -> C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -> [2009/03/10 01:53:02 | 00,044,800 | ---- | M] (NewTech Infosystems, Inc.)
nmsaccessu.exe -> C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -> [2008/05/03 11:31:46 | 00,071,096 | ---- | M] ()
acservice.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2008/04/17 13:14:00 | 00,102,712 | ---- | M] (ArcSoft Inc.)
acservice.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2008/04/17 13:14:00 | 00,102,712 | ---- | M] (ArcSoft Inc.)
acservice.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2008/04/17 13:14:00 | 00,102,712 | ---- | M] (ArcSoft Inc.)
nbservice.exe -> C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -> [2008/02/18 15:29:12 | 00,877,864 | ---- | M] (Nero AG)
ioctlsvc.exe -> C:\Windows\SysWOW64\IoctlSvc.exe -> [2006/12/19 08:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
ioctlsvc.exe -> C:\Windows\SysWOW64\IoctlSvc.exe -> [2006/12/19 08:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
psiservice.exe -> C:\Windows\SysWOW64\PSIService.exe -> [2006/11/02 21:40:12 | 00,174,656 | ---- | M] ()
psiservice.exe -> C:\Windows\SysWOW64\PSIService.exe -> [2006/11/02 21:40:12 | 00,174,656 | ---- | M] ()
 
[Modules - Safe List]
ots.exe -> C:\Users\Hoochie addy\Desktop\koobface\OTS.exe -> [2009/11/28 17:18:52 | 00,531,968 | ---- | M] (OldTimer Tools)
guard32.dll -> C:\Windows\SysWOW64\guard32.dll -> [2009/11/25 15:59:02 | 00,171,552 | ---- | M] (COMODO)
urlmon.dll -> C:\Windows\SysWOW64\urlmon.dll -> [2009/07/21 15:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysWOW64\iertutil.dll -> [2009/07/21 15:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWOW64\ieframe.dll -> [2009/07/21 15:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation)
atl.dll -> C:\Windows\SysWOW64\atl.dll -> [2009/07/17 08:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation)
secur32.dll -> C:\Windows\SysWOW64\secur32.dll -> [2009/06/15 09:25:02 | 00,076,800 | ---- | M] (Microsoft Corporation)
rpcrt4.dll -> C:\Windows\SysWOW64\rpcrt4.dll -> [2009/04/23 06:44:38 | 00,677,376 | ---- | M] (Microsoft Corporation)
kernel32.dll -> C:\Windows\SysWOW64\kernel32.dll -> [2009/02/13 02:47:47 | 00,855,552 | ---- | M] (Microsoft Corporation)
shell32.dll -> C:\Windows\SysWOW64\shell32.dll -> [2008/11/06 07:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)
gdi32.dll -> C:\Windows\SysWOW64\gdi32.dll -> [2008/10/20 23:23:58 | 00,303,104 | ---- | M] (Microsoft Corporation)
netapi32.dll -> C:\Windows\SysWOW64\netapi32.dll -> [2008/10/15 22:47:33 | 00,466,944 | ---- | M] (Microsoft Corporation)
propsys.dll -> C:\Windows\SysWOW64\propsys.dll -> [2008/05/26 23:17:46 | 00,754,176 | ---- | M] (Microsoft Corporation)
srclient.dll -> C:\Windows\SysWOW64\srclient.dll -> [2008/02/29 00:53:38 | 00,040,960 | ---- | M] (Microsoft Corporation)
spp.dll -> C:\Windows\SysWOW64\spp.dll -> [2008/01/20 20:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation)
uxtheme.dll -> C:\Windows\SysWOW64\uxtheme.dll -> [2008/01/20 20:51:05 | 00,234,496 | ---- | M] (Microsoft Corporation)
ole32.dll -> C:\Windows\SysWOW64\ole32.dll -> [2008/01/20 20:51:04 | 01,315,328 | ---- | M] (Microsoft Corporation)
msctf.dll -> C:\Windows\SysWOW64\msctf.dll -> [2008/01/20 20:51:02 | 00,806,912 | ---- | M] (Microsoft Corporation)
ntdll.dll -> C:\Windows\SysWOW64\ntdll.dll -> [2008/01/20 20:50:59 | 01,165,688 | ---- | M] (Microsoft Corporation)
oleaut32.dll -> C:\Windows\SysWOW64\oleaut32.dll -> [2008/01/20 20:50:58 | 00,563,200 | ---- | M] (Microsoft Corporation)
ws2_32.dll -> C:\Windows\SysWOW64\ws2_32.dll -> [2008/01/20 20:50:35 | 00,179,200 | ---- | M] (Microsoft Corporation)
setupapi.dll -> C:\Windows\SysWOW64\setupapi.dll -> [2008/01/20 20:50:28 | 01,590,272 | ---- | M] (Microsoft Corporation)
nsi.dll -> C:\Windows\SysWOW64\nsi.dll -> [2008/01/20 20:50:15 | 00,008,192 | ---- | M] (Microsoft Corporation)
shlwapi.dll -> C:\Windows\SysWOW64\shlwapi.dll -> [2008/01/20 20:50:03 | 00,351,744 | ---- | M] (Microsoft Corporation)
xmllite.dll -> C:\Windows\SysWOW64\xmllite.dll -> [2008/01/20 20:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation)
msvcrt.dll -> C:\Windows\SysWOW64\msvcrt.dll -> [2008/01/20 20:49:58 | 00,680,448 | ---- | M] (Microsoft Corporation)
samlib.dll -> C:\Windows\SysWOW64\samlib.dll -> [2008/01/20 20:49:48 | 00,057,344 | ---- | M] (Microsoft Corporation)
advapi32.dll -> C:\Windows\SysWOW64\advapi32.dll -> [2008/01/20 20:49:45 | 00,798,720 | ---- | M] (Microsoft Corporation)
vssapi.dll -> C:\Windows\SysWOW64\vssapi.dll -> [2008/01/20 20:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation)
vsstrace.dll -> C:\Windows\SysWOW64\vsstrace.dll -> [2008/01/20 20:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation)
clbcatq.dll -> C:\Windows\SysWOW64\clbcatq.dll -> [2008/01/20 20:49:34 | 00,523,776 | ---- | M] (Microsoft Corporation)
ntmarta.dll -> C:\Windows\SysWOW64\ntmarta.dll -> [2008/01/20 20:49:32 | 00,121,344 | ---- | M] (Microsoft Corporation)
authz.dll -> C:\Windows\SysWOW64\authz.dll -> [2008/01/20 20:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation)
imm32.dll -> C:\Windows\SysWOW64\imm32.dll -> [2008/01/20 20:49:24 | 00,116,224 | ---- | M] (Microsoft Corporation)
user32.dll -> C:\Windows\SysWOW64\user32.dll -> [2008/01/20 20:49:14 | 00,648,192 | ---- | M] (Microsoft Corporation)
usp10.dll -> C:\Windows\SysWOW64\usp10.dll -> [2008/01/20 20:49:13 | 00,501,760 | ---- | M] (Microsoft Corporation)
mpr.dll -> C:\Windows\SysWOW64\mpr.dll -> [2008/01/20 20:49:12 | 00,068,608 | ---- | M] (Microsoft Corporation)
wldap32.dll -> C:\Windows\SysWOW64\Wldap32.dll -> [2008/01/20 20:49:11 | 00,289,280 | ---- | M] (Microsoft Corporation)
winmm.dll -> C:\Windows\SysWOW64\winmm.dll -> [2008/01/20 20:49:07 | 00,189,952 | ---- | M] (Microsoft Corporation)
version.dll -> C:\Windows\SysWOW64\version.dll -> [2008/01/20 20:49:07 | 00,020,480 | ---- | M] (Microsoft Corporation)
userenv.dll -> C:\Windows\SysWOW64\userenv.dll -> [2008/01/20 20:49:02 | 00,108,032 | ---- | M] (Microsoft Corporation)
lpk.dll -> C:\Windows\SysWOW64\lpk.dll -> [2008/01/20 20:49:00 | 00,023,552 | ---- | M] (Microsoft Corporation)
apphelp.dll -> C:\Windows\SysWOW64\apphelp.dll -> [2008/01/20 20:48:48 | 00,171,008 | ---- | M] (Microsoft Corporation)
oleacc.dll -> C:\Windows\SysWOW64\oleacc.dll -> [2008/01/20 20:48:27 | 00,215,040 | ---- | M] (Microsoft Corporation)
winspool.drv -> C:\Windows\SysWOW64\winspool.drv -> [2008/01/20 20:48:19 | 00,258,048 | ---- | M] (Microsoft Corporation)
shdocvw.dll -> C:\Windows\SysWOW64\shdocvw.dll -> [2008/01/20 20:48:11 | 01,067,520 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/20 20:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation)
olepro32.dll -> C:\Windows\SysWOW64\olepro32.dll -> [2008/01/20 20:48:03 | 00,088,576 | ---- | M] (Microsoft Corporation)
psapi.dll -> C:\Windows\SysWOW64\psapi.dll -> [2006/11/02 03:46:12 | 00,012,288 | ---- | M] (Microsoft Corporation)
msimg32.dll -> C:\Windows\SysWOW64\msimg32.dll -> [2006/11/02 03:46:07 | 00,004,608 | ---- | M] (Microsoft Corporation)
fltlib.dll -> C:\Windows\SysWOW64\fltLib.dll -> [2006/11/02 03:46:04 | 00,014,848 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(cmdAgent)  [Auto | Running] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2009/11/25 15:58:59 | 01,079,048 | ---- | M] (COMODO)
64bit-(avast! Antivirus)  [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/08/17 10:07:17 | 00,138,680 | ---- | M] (ALWIL Software)
64bit-(avast! Mail Scanner)  [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/08/17 10:07:01 | 00,254,040 | ---- | M] (ALWIL Software)
64bit-(avast! Web Scanner)  [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/08/17 10:04:21 | 00,352,920 | ---- | M] (ALWIL Software)
64bit-(aswUpdSv)  [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/08/17 09:58:55 | 00,018,752 | ---- | M] (ALWIL Software)
64bit-(wuauserv)  [Auto | Running] -> C:\Windows\SysNative\wuaueng.dll -> [2009/08/06 20:24:17 | 02,424,024 | ---- | M] ()
64bit-(Wlansvc)  [Auto | Running] -> C:\Windows\SysNative\wlansvc.dll -> [2009/07/11 13:50:02 | 00,615,936 | ---- | M] ()
64bit-(SamSs)  [Auto | Running] -> C:\Windows\SysNative\lsass.exe -> [2009/06/15 07:26:45 | 00,011,264 | ---- | M] ()
64bit-(ProtectedStorage)  [On_Demand | Stopped] -> C:\Windows\SysNative\lsass.exe -> [2009/06/15 07:26:45 | 00,011,264 | ---- | M] ()
64bit-(Netlogon)  [On_Demand | Stopped] -> C:\Windows\SysNative\lsass.exe -> [2009/06/15 07:26:45 | 00,011,264 | ---- | M] ()
64bit-(KeyIso)  [On_Demand | Running] -> C:\Windows\SysNative\lsass.exe -> [2009/06/15 07:26:45 | 00,011,264 | ---- | M] ()
64bit-(LanmanWorkstation)  [Auto | Running] -> C:\Windows\SysNative\wkssvc.dll -> [2009/06/10 06:25:10 | 00,202,752 | ---- | M] ()
64bit-(RasMan)  [On_Demand | Running] -> C:\Windows\SysNative\rasmans.dll -> [2009/05/12 16:50:12 | 00,308,224 | ---- | M] ()
64bit-(ePowerSvc)  [Auto | Running] -> C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -> [2009/04/03 20:55:28 | 00,839,200 | ---- | M] (Acer Incorporated)
64bit-(RpcSs)  [Unknown | Running] -> C:\Windows\SysNative\rpcss.dll -> [2009/03/02 22:57:01 | 00,718,336 | ---- | M] ()
64bit-(DcomLaunch)  [Unknown | Running] -> C:\Windows\SysNative\rpcss.dll -> [2009/03/02 22:57:01 | 00,718,336 | ---- | M] ()
64bit-(Ati External Event Utility)  [Auto | Running] -> C:\Windows\SysNative\Ati2evxx.exe -> [2009/02/18 18:49:06 | 00,949,248 | ---- | M] ()
64bit-(WinHttpAutoProxySvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\winhttp.dll -> [2008/12/05 22:58:58 | 00,439,808 | ---- | M] ()
64bit-(WerSvc)  [Auto | Running] -> C:\Windows\SysNative\WerSvc.dll -> [2008/09/17 22:47:39 | 00,120,832 | ---- | M] ()
64bit-(EMDMgmt)  [Auto | Running] -> C:\Windows\SysNative\emdmgmt.dll -> [2008/06/25 21:56:13 | 00,399,872 | ---- | M] ()
64bit-(PolicyAgent)  [Auto | Running] -> C:\Windows\SysNative\ipsecsvc.dll -> [2008/06/19 09:38:17 | 00,531,456 | ---- | M] ()
64bit-(WSearch)  [Auto | Running] -> C:\Windows\SysNative\SearchIndexer.exe -> [2008/05/26 23:21:07 | 00,598,016 | ---- | M] ()
64bit-(EventSystem)  [Auto | Running] -> C:\Windows\SysNative\es.dll -> [2008/04/17 22:42:44 | 00,361,984 | ---- | M] ()
64bit-(WMPNetworkSvc)  [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\p2psvc.dll -> [2008/01/20 20:52:02 | 00,837,632 | ---- | M] ()
64bit-(PNRPAutoReg)  [On_Demand | Stopped] -> C:\Windows\SysNative\p2psvc.dll -> [2008/01/20 20:52:02 | 00,837,632 | ---- | M] ()
64bit-(p2psvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\p2psvc.dll -> [2008/01/20 20:52:02 | 00,837,632 | ---- | M] ()
64bit-(p2pimsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\p2psvc.dll -> [2008/01/20 20:52:02 | 00,837,632 | ---- | M] ()
64bit-(WPCSvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wpcsvc.dll -> [2008/01/20 20:52:00 | 00,173,568 | ---- | M] ()
64bit-(WPDBusEnum)  [Auto | Running] -> C:\Windows\SysNative\wpdbusenum.dll -> [2008/01/20 20:51:38 | 00,092,672 | ---- | M] ()
64bit-(Mcx2Svc)  [Disabled | Stopped] -> C:\Windows\SysNative\Mcx2Svc.dll -> [2008/01/20 20:51:33 | 00,067,072 | ---- | M] ()
64bit-(SstpSvc)  [On_Demand | Running] -> C:\Windows\SysNative\sstpsvc.dll -> [2008/01/20 20:51:19 | 00,141,312 | ---- | M] ()
64bit-(UI0Detect)  [On_Demand | Stopped] -> C:\Windows\SysNative\UI0Detect.exe -> [2008/01/20 20:51:16 | 00,040,960 | ---- | M] ()
64bit-(TrkWks)  [Auto | Running] -> C:\Windows\SysNative\trkwks.dll -> [2008/01/20 20:51:03 | 00,117,248 | ---- | M] ()
64bit-(upnphost)  [Auto | Running] -> C:\Windows\SysNative\upnphost.dll -> [2008/01/20 20:51:01 | 00,344,576 | ---- | M] ()
64bit-(ProfSvc)  [Auto | Running] -> C:\Windows\SysNative\profsvc.dll -> [2008/01/20 20:51:00 | 00,178,688 | ---- | M] ()
64bit-(pla)  [On_Demand | Stopped] -> C:\Windows\SysNative\pla.dll -> [2008/01/20 20:50:59 | 01,373,184 | ---- | M] ()
64bit-(Dhcp)  [Auto | Running] -> C:\Windows\SysNative\dhcpcsvc.dll -> [2008/01/20 20:50:57 | 00,268,288 | ---- | M] ()
64bit-(PlugPlay)  [Auto | Running] -> C:\Windows\SysNative\umpnpmgr.dll -> [2008/01/20 20:50:56 | 00,311,808 | ---- | M] ()
64bit-(BFE)  [Auto | Running] -> C:\Windows\SysNative\bfe.dll -> [2008/01/20 20:50:48 | 00,458,240 | ---- | M] ()
64bit-(IKEEXT)  [Auto | Running] -> C:\Windows\SysNative\ikeext.dll -> [2008/01/20 20:50:48 | 00,454,656 | ---- | M] ()
64bit-(wmiApSrv)  [On_Demand | Stopped] -> C:\Windows\SysNative\wbem\WmiApSrv.exe -> [2008/01/20 20:50:41 | 00,209,920 | ---- | M] ()
64bit-(Themes)  [Auto | Running] -> C:\Windows\SysNative\shsvcs.dll -> [2008/01/20 20:50:39 | 00,301,568 | ---- | M] ()
64bit-(ShellHWDetection)  [Auto | Running] -> C:\Windows\SysNative\shsvcs.dll -> [2008/01/20 20:50:39 | 00,301,568 | ---- | M] ()
64bit-(VSS)  [On_Demand | Stopped] -> C:\Windows\SysNative\vssvc.exe -> [2008/01/20 20:50:36 | 01,432,576 | ---- | M] ()
64bit-(MSiSCSI)  [On_Demand | Stopped] -> C:\Windows\SysNative\iscsiexe.dll -> [2008/01/20 20:50:34 | 00,154,112 | ---- | M] ()
64bit-(Eventlog)  [Auto | Running] -> C:\Windows\SysNative\wevtsvc.dll -> [2008/01/20 20:50:31 | 01,486,336 | ---- | M] ()
64bit-(NlaSvc)  [Auto | Running] -> C:\Windows\SysNative\nlasvc.dll -> [2008/01/20 20:50:27 | 00,206,336 | ---- | M] ()
64bit-(EapHost)  [On_Demand | Running] -> C:\Windows\SysNative\eapsvc.dll -> [2008/01/20 20:50:17 | 00,074,752 | ---- | M] ()
64bit-(vds)  [On_Demand | Stopped] -> C:\Windows\SysNative\vds.exe -> [2008/01/20 20:50:15 | 00,453,120 | ---- | M] ()
64bit-(lltdsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\lltdsvc.dll -> [2008/01/20 20:50:14 | 00,296,960 | ---- | M] ()
64bit-(slsvc)  [Auto | Running] -> C:\Windows\SysNative\SLsvc.exe -> [2008/01/20 20:50:12 | 02,161,664 | ---- | M] ()
64bit-(BITS)  [Auto | Running] -> C:\Windows\SysNative\qmgr.dll -> [2008/01/20 20:50:12 | 01,082,368 | ---- | M] ()
64bit-(Winmgmt)  [Auto | Running] -> C:\Windows\SysNative\wbem\WMIsvc.dll -> [2008/01/20 20:50:11 | 00,221,696 | ---- | M] ()
64bit-(wudfsvc)  [Auto | Running] -> C:\Windows\SysNative\WUDFSvc.dll -> [2008/01/20 20:50:09 | 00,066,560 | ---- | M] ()
64bit-(lmhosts)  [Auto | Running] -> C:\Windows\SysNative\lmhsvc.dll -> [2008/01/20 20:50:06 | 00,024,064 | ---- | M] ()
64bit-(napagent)  [On_Demand | Stopped] -> C:\Windows\SysNative\qagentRT.dll -> [2008/01/20 20:50:04 | 00,409,600 | ---- | M] ()
64bit-(LanmanServer)  [Auto | Running] -> C:\Windows\SysNative\srvsvc.dll -> [2008/01/20 20:50:01 | 00,176,640 | ---- | M] ()
64bit-(SessionEnv)  [On_Demand | Stopped] -> C:\Windows\SysNative\sessenv.dll -> [2008/01/20 20:49:59 | 00,074,752 | ---- | M] ()
64bit-(gpsvc)  [Unknown | Running] -> C:\Windows\SysNative\gpsvc.dll -> [2008/01/20 20:49:58 | 00,718,336 | ---- | M] ()
64bit-(AudioSrv)  [Auto | Running] -> C:\Windows\SysNative\Audiosrv.dll -> [2008/01/20 20:49:57 | 00,444,928 | ---- | M] ()
64bit-(AudioEndpointBuilder)  [Auto | Running] -> C:\Windows\SysNative\Audiosrv.dll -> [2008/01/20 20:49:57 | 00,444,928 | ---- | M] ()
64bit-(TapiSrv)  [On_Demand | Running] -> C:\Windows\SysNative\tapisrv.dll -> [2008/01/20 20:49:57 | 00,318,464 | ---- | M] ()
64bit-(THREADORDER)  [On_Demand | Stopped] -> C:\Windows\SysNative\mmcss.dll -> [2008/01/20 20:49:56 | 00,037,888 | ---- | M] ()
64bit-(MMCSS)  [Auto | Running] -> C:\Windows\SysNative\mmcss.dll -> [2008/01/20 20:49:56 | 00,037,888 | ---- | M] ()
64bit-(SysMain)  [Auto | Running] -> C:\Windows\SysNative\sysmain.dll -> [2008/01/20 20:49:55 | 00,840,192 | ---- | M] ()
64bit-(SSDPSRV)  [On_Demand | Running] -> C:\Windows\SysNative\ssdpsrv.dll -> [2008/01/20 20:49:46 | 00,185,856 | ---- | M] ()
64bit-(MpsSvc)  [Auto | Running] -> C:\Windows\SysNative\mpssvc.dll -> [2008/01/20 20:49:42 | 00,601,088 | ---- | M] ()
64bit-(nsi)  [Auto | Running] -> C:\Windows\SysNative\nsisvc.dll -> [2008/01/20 20:49:42 | 00,024,576 | ---- | M] ()
64bit-(Spooler)  [Auto | Running] -> C:\Windows\SysNative\spoolsv.exe -> [2008/01/20 20:49:35 | 00,267,264 | ---- | M] ()
64bit-(SENS)  [Auto | Running] -> C:\Windows\SysNative\sens.dll -> [2008/01/20 20:49:33 | 00,061,952 | ---- | M] ()
64bit-(UxSms)  [Auto | Running] -> C:\Windows\SysNative\uxsms.dll -> [2008/01/20 20:49:32 | 00,032,768 | ---- | M] ()
64bit-(SLUINotify)  [On_Demand | Stopped] -> C:\Windows\SysNative\SLUINotify.dll -> [2008/01/20 20:49:29 | 00,071,168 | ---- | M] ()
64bit-(WinRM)  [On_Demand | Stopped] -> C:\Windows\SysNative\WsmSvc.dll -> [2008/01/20 20:49:22 | 01,091,072 | ---- | M] ()
64bit-(WdiSystemHost)  [Unknown | Running] -> C:\Windows\SysNative\wdi.dll -> [2008/01/20 20:49:15 | 00,081,920 | ---- | M] ()
64bit-(WdiServiceHost)  [Unknown | Stopped] -> C:\Windows\SysNative\wdi.dll -> [2008/01/20 20:49:15 | 00,081,920 | ---- | M] ()
64bit-(Browser)  [Auto | Running] -> C:\Windows\SysNative\browser.dll -> [2008/01/20 20:49:11 | 00,103,424 | ---- | M] ()
64bit-(DPS)  [Unknown | Running] -> C:\Windows\SysNative\dps.dll -> [2008/01/20 20:49:09 | 00,139,264 | ---- | M] ()
64bit-(seclogon)  [Auto | Running] -> C:\Windows\SysNative\seclogon.dll -> [2008/01/20 20:49:09 | 00,028,672 | ---- | M] ()
64bit-(CryptSvc)  [Auto | Running] -> C:\Windows\SysNative\cryptsvc.dll -> [2008/01/20 20:49:08 | 00,165,376 | ---- | M] ()
64bit-(Schedule)  [Unknown | Running] -> C:\Windows\SysNative\schedsvc.dll -> [2008/01/20 20:49:04 | 00,843,776 | ---- | M] ()
64bit-(hkmsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\kmsvc.dll -> [2008/01/20 20:49:04 | 00,086,528 | ---- | M] ()
64bit-(TBS)  [Auto | Stopped] -> C:\Windows\SysNative\tbssvc.dll -> [2008/01/20 20:49:02 | 00,065,536 | ---- | M] ()
64bit-(msiserver)  [On_Demand | Stopped] -> C:\Windows\SysNative\msiexec.exe -> [2008/01/20 20:48:55 | 00,122,368 | ---- | M] ()
64bit-(RemoteRegistry)  [On_Demand | Stopped] -> C:\Windows\SysNative\regsvc.dll -> [2008/01/20 20:48:50 | 00,206,336 | ---- | M] ()
64bit-(Dnscache)  [Auto | Running] -> C:\Windows\SysNative\dnsrslvr.dll -> [2008/01/20 20:48:49 | 00,117,760 | ---- | M] ()
64bit-(iphlpsvc)  [Auto | Running] -> C:\Windows\SysNative\iphlpsvc.dll -> [2008/01/20 20:48:45 | 00,223,232 | ---- | M] ()
64bit-(netprofm)  [Auto | Running] -> C:\Windows\SysNative\netprofm.dll -> [2008/01/20 20:48:40 | 00,304,128 | ---- | M] ()
64bit-(swprv)  [On_Demand | Stopped] -> C:\Windows\SysNative\swprv.dll -> [2008/01/20 20:48:39 | 00,480,768 | ---- | M] ()
64bit-(Wecsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wecsvc.dll -> [2008/01/20 20:48:39 | 00,231,936 | ---- | M] ()
64bit-(dot3svc)  [On_Demand | Stopped] -> C:\Windows\SysNative\dot3svc.dll -> [2008/01/20 20:48:38 | 00,208,384 | ---- | M] ()
64bit-(W32Time)  [Auto | Running] -> C:\Windows\SysNative\w32time.dll -> [2008/01/20 20:48:29 | 00,372,736 | ---- | M] ()
64bit-(fdPHost)  [On_Demand | Running] -> C:\Windows\SysNative\fdPHost.dll -> [2008/01/20 20:48:29 | 00,015,360 | ---- | M] ()
64bit-(SCardSvr)  [Unknown | Stopped] -> C:\Windows\SysNative\SCardSvr.dll -> [2008/01/20 20:48:27 | 00,147,968 | ---- | M] ()
64bit-(SCPolicySvc)  [Unknown | Stopped] -> C:\Windows\SysNative\certprop.dll -> [2008/01/20 20:48:27 | 00,049,152 | ---- | M] ()
64bit-(CertPropSvc)  [Unknown | Stopped] -> C:\Windows\SysNative\certprop.dll -> [2008/01/20 20:48:27 | 00,049,152 | ---- | M] ()
64bit-(RemoteAccess)  [Disabled | Stopped] -> C:\Windows\SysNative\mprdim.dll -> [2008/01/20 20:48:26 | 00,088,064 | ---- | M] ()
64bit-(RasAuto)  [On_Demand | Stopped] -> C:\Windows\SysNative\rasauto.dll -> [2008/01/20 20:48:24 | 00,098,304 | ---- | M] ()
64bit-(IPBusEnum)  [On_Demand | Stopped] -> C:\Windows\SysNative\ipbusenum.dll -> [2008/01/20 20:48:21 | 00,093,696 | ---- | M] ()
64bit-(KtmRm)  [Auto | Running] -> C:\Windows\SysNative\msdtckrm.dll -> [2008/01/20 20:48:19 | 00,395,264 | ---- | M] ()
64bit-(MSDTC)  [Unknown | Stopped] -> C:\Windows\SysNative\msdtc.exe -> [2008/01/20 20:48:19 | 00,106,496 | ---- | M] ()
64bit-(Appinfo)  [On_Demand | Stopped] -> C:\Windows\SysNative\appinfo.dll -> [2008/01/20 20:48:17 | 00,045,056 | ---- | M] ()
64bit-(ALG)  [On_Demand | Stopped] -> C:\Windows\SysNative\alg.exe -> [2008/01/20 20:48:16 | 00,080,896 | ---- | M] ()
64bit-(TermService)  [Auto | Running] -> C:\Windows\SysNative\termsrv.dll -> [2008/01/20 20:48:12 | 00,546,816 | ---- | M] ()
64bit-(Netman)  [On_Demand | Running] -> C:\Windows\SysNative\netman.dll -> [2008/01/20 20:48:10 | 00,348,160 | ---- | M] ()
64bit-(SharedAccess)  [Disabled | Stopped] -> C:\Windows\SysNative\ipnathlp.dll -> [2008/01/20 20:48:03 | 00,342,016 | ---- | M] ()
64bit-(DFSR)  [On_Demand | Stopped] -> C:\Windows\SysNative\DFSR.exe -> [2008/01/20 20:48:01 | 03,432,960 | ---- | M] ()
64bit-(PcaSvc)  [Auto | Running] -> C:\Windows\SysNative\pcasvc.dll -> [2008/01/20 20:47:55 | 00,079,360 | ---- | M] ()
64bit-(wcncsvc)  [On_Demand | Stopped] -> C:\Windows\SysNative\wcncsvc.dll -> [2008/01/20 20:47:44 | 00,580,608 | ---- | M] ()
64bit-(stisvc)  [Auto | Running] -> C:\Windows\SysNative\wiaservc.dll -> [2008/01/20 20:47:43 | 00,571,392 | ---- | M] ()
64bit-(WebClient)  [Auto | Running] -> C:\Windows\SysNative\webclnt.dll -> [2008/01/20 20:47:43 | 00,214,016 | ---- | M] ()
64bit-(wscsvc)  [Auto | Running] -> C:\Windows\SysNative\wscsvc.dll -> [2008/01/20 20:47:43 | 00,074,752 | ---- | M] ()
64bit-(WinDefend)  [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 20:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(QWAVE)  [On_Demand | Stopped] -> C:\Windows\SysNative\qwave.dll -> [2008/01/20 20:47:30 | 00,284,160 | ---- | M] ()
64bit-(SDRSVC)  [On_Demand | Stopped] -> C:\Windows\SysNative\SDRSVC.dll -> [2008/01/20 20:47:28 | 00,128,000 | ---- | M] ()
64bit-(TabletInputService)  [Auto | Running] -> C:\Windows\SysNative\TabSvc.dll -> [2006/11/02 09:03:19 | 00,084,992 | ---- | M] ()
64bit-(wercplsupport)  [On_Demand | Stopped] -> C:\Windows\SysNative\wercplsupport.dll -> [2006/11/02 05:19:10 | 00,085,504 | ---- | M] ()
64bit-(WcsPlugInService)  [On_Demand | Stopped] -> C:\Windows\SysNative\WcsPlugInService.dll -> [2006/11/02 05:19:10 | 00,039,936 | ---- | M] ()
64bit-(hidserv)  [Auto | Running] -> C:\Windows\SysNative\hidserv.dll -> [2006/11/02 05:17:29 | 00,024,064 | ---- | M] ()
64bit-(FDResPub)  [Auto | Running] -> C:\Windows\SysNative\fdrespub.dll -> [2006/11/02 05:17:22 | 00,033,280 | ---- | M] ()
64bit-(AeLookupSvc)  [Auto | Running] -> C:\Windows\SysNative\aelupsvc.dll -> [2006/11/02 05:16:28 | 00,026,624 | ---- | M] ()
64bit-(SNMPTRAP)  [On_Demand | Stopped] -> C:\Windows\SysNative\snmptrap.exe -> [2006/11/02 05:16:12 | 00,014,336 | ---- | M] ()
64bit-(RpcLocator)  [On_Demand | Stopped] -> C:\Windows\SysNative\locator.exe -> [2006/11/02 05:15:56 | 00,008,704 | ---- | M] ()
64bit-(COMSysApp)  [On_Demand | Stopped] -> C:\Windows\SysNative\dllhost.exe -> [2006/11/02 05:15:49 | 00,008,704 | ---- | M] ()
(a2free) a-squared Free Service [Auto | Running] -> C:\Program Files (x86)\a-squared Free\a2service.exe -> [2009/10/21 18:23:50 | 01,858,144 | ---- | M] (Emsi Software GmbH)
(a2AntiMalware) a-squared Anti-Malware Service [Auto | Running] -> C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe -> [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH)
(TomTomHOMEService) TomTomHOMEService [Auto | Running] -> C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -> [2009/08/27 09:05:04 | 00,092,008 | ---- | M] (TomTom)
(gupdate1ca05213a9897f8) Google Update Service (gupdate1ca05213a9897f8) [Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009/07/15 01:52:25 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/07/15 01:51:47 | 00,190,448 | ---- | M] (Google)
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/03/26 01:19:59 | 00,000,000 | ---D | M]
(NTI IScheduleSvc) NTI IScheduleSvc [Auto | Running] -> C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -> [2009/03/10 01:53:02 | 00,044,800 | ---- | M] (NewTech Infosystems, Inc.)
(WinHttpAutoProxySvc) WinHTTP Web Proxy Auto-Discovery Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\winhttp.dll -> [2008/12/05 22:42:11 | 00,376,832 | ---- | M] (Microsoft Corporation)
(HsfXAudioService) HsfXAudioService [Auto | Running] -> C:\Windows\SysWOW64\XAudio64.dll -> [2008/11/03 21:41:00 | 00,437,248 | ---- | M] (Conexant Systems, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 12:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 19:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 19:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(WSearch) Windows Search [Auto | Running] -> C:\Windows\SysWow64\SearchIndexer.exe -> [2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -> [2008/05/05 16:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.)
(NMSAccessU) NMSAccessU [Auto | Running] -> C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -> [2008/05/03 11:31:46 | 00,071,096 | ---- | M] ()
(EventSystem) COM+ Event System [Auto | Running] -> C:\Windows\SysWOW64\es.dll -> [2008/04/17 23:48:39 | 00,269,312 | ---- | M] (Microsoft Corporation)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2008/04/17 13:14:00 | 00,102,712 | ---- | M] (ArcSoft Inc.)
(NMIndexingService) NMIndexingService [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -> [2008/02/28 16:07:48 | 00,529,704 | ---- | M] (Nero AG)
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Auto | Running] -> C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -> [2008/02/18 15:29:12 | 00,877,864 | ---- | M] (Nero AG)
(PNRPsvc) Peer Name Resolution Protocol [On_Demand | Stopped] -> C:\Windows\SysWOW64\p2psvc.dll -> [2008/01/20 20:52:02 | 00,658,944 | ---- | M] (Microsoft Corporation)
(PNRPAutoReg) PNRP Machine Name Publication Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\p2psvc.dll -> [2008/01/20 20:52:02 | 00,658,944 | ---- | M] (Microsoft Corporation)
(p2psvc) Peer Networking Grouping [On_Demand | Stopped] -> C:\Windows\SysWOW64\p2psvc.dll -> [2008/01/20 20:52:02 | 00,658,944 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Peer Networking Identity Manager [On_Demand | Stopped] -> C:\Windows\SysWOW64\p2psvc.dll -> [2008/01/20 20:52:02 | 00,658,944 | ---- | M] (Microsoft Corporation)
(WPCSvc) Parental Controls [On_Demand | Stopped] -> C:\Windows\SysWOW64\wpcsvc.dll -> [2008/01/20 20:52:01 | 00,140,288 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [On_Demand | Stopped] -> C:\Windows\ehome\ehrecvr.exe -> [2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(PerfHost) Performance Counter DLL Host [On_Demand | Stopped] -> C:\Windows\SysWOW64\perfhost.exe -> [2008/01/20 20:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation)
(TapiSrv) Telephony [On_Demand | Running] -> C:\Windows\SysWOW64\tapisrv.dll -> [2008/01/20 20:50:56 | 00,242,688 | ---- | M] (Microsoft Corporation)
(SessionEnv) Terminal Services Configuration [On_Demand | Stopped] -> C:\Windows\SysWOW64\SessEnv.dll -> [2008/01/20 20:50:38 | 00,084,992 | ---- | M] (Microsoft Corporation)
(SENS) System Event Notification Service [Auto | Running] -> C:\Windows\SysWOW64\Sens.dll -> [2008/01/20 20:50:07 | 00,047,104 | ---- | M] (Microsoft Corporation)
(WdiSystemHost) Diagnostic System Host [Unknown | Running] -> C:\Windows\SysWOW64\wdi.dll -> [2008/01/20 20:50:01 | 00,073,728 | ---- | M] (Microsoft Corporation)
(WdiServiceHost) Diagnostic Service Host [Unknown | Stopped] -> C:\Windows\SysWOW64\wdi.dll -> [2008/01/20 20:50:01 | 00,073,728 | ---- | M] (Microsoft Corporation)
(WinRM) Windows Remote Management (WS-Management) [On_Demand | Stopped] -> C:\Windows\SysWOW64\WsmSvc.dll -> [2008/01/20 20:49:56 | 00,745,472 | ---- | M] (Microsoft Corporation)
(CryptSvc) Cryptographic Services [Auto | Running] -> C:\Windows\SysWOW64\cryptsvc.dll -> [2008/01/20 20:49:56 | 00,128,000 | ---- | M] (Microsoft Corporation)
(msiserver) Windows Installer [On_Demand | Stopped] -> C:\Windows\SysWow64\msiexec.exe -> [2008/01/20 20:49:45 | 00,071,680 | ---- | M] (Microsoft Corporation)
(netprofm) Network List Service [Auto | Running] -> C:\Windows\SysWOW64\netprofm.dll -> [2008/01/20 20:49:21 | 00,237,056 | ---- | M] (Microsoft Corporation)
(SCardSvr) Smart Card [Unknown | Stopped] -> C:\Windows\SysWOW64\SCardSvr.dll -> [2008/01/20 20:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation)
(RemoteAccess) Routing and Remote Access [Disabled | Stopped] -> C:\Windows\SysWOW64\mprdim.dll -> [2008/01/20 20:49:09 | 00,068,608 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcsvc.dll -> [2008/01/20 20:48:40 | 00,204,288 | ---- | M] (Microsoft Corporation)
(Netlogon) Netlogon [On_Demand | Stopped] -> C:\Windows\SysWOW64\netlogon.dll -> [2008/01/20 20:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(upnphost) UPnP Device Host [Auto | Running] -> C:\Windows\SysWOW64\upnphost.dll -> [2008/01/20 20:48:26 | 00,259,072 | ---- | M] (Microsoft Corporation)
(pla) Performance Logs & Alerts [On_Demand | Stopped] -> C:\Windows\SysWOW64\pla.dll -> [2008/01/20 20:48:23 | 01,502,208 | ---- | M] (Microsoft Corporation)
(Themes) Themes [Auto | Running] -> C:\Windows\SysWOW64\shsvcs.dll -> [2008/01/20 20:48:23 | 00,247,296 | ---- | M] (Microsoft Corporation)
(ShellHWDetection) Shell Hardware Detection [Auto | Running] -> C:\Windows\SysWOW64\shsvcs.dll -> [2008/01/20 20:48:23 | 00,247,296 | ---- | M] (Microsoft Corporation)
(TrustedInstaller) Windows Modules Installer [Unknown | Stopped] -> C:\Windows\servicing\TrustedInstaller.exe -> [2008/01/20 20:48:05 | 00,042,496 | ---- | M] (Microsoft Corporation)
(WebClient) WebClient [Auto | Running] -> C:\Windows\SysWOW64\WebClnt.dll -> [2008/01/20 20:47:53 | 00,196,608 | ---- | M] (Microsoft Corporation)
(wcncsvc) Windows Connect Now - Config Registrar [On_Demand | Stopped] -> C:\Windows\SysWOW64\wcncsvc.dll -> [2008/01/20 20:47:52 | 00,412,672 | ---- | M] (Microsoft Corporation)
(QWAVE) Quality Windows Audio Video Experience [On_Demand | Stopped] -> C:\Windows\SysWOW64\qwave.dll -> [2008/01/20 20:47:35 | 00,243,712 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Auto | Running] -> C:\Windows\SysWOW64\IoctlSvc.exe -> [2006/12/19 08:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
(ProtexisLicensing) ProtexisLicensing [Auto | Running] -> C:\Windows\SysWOW64\PSIService.exe -> [2006/11/02 21:40:12 | 00,174,656 | ---- | M] ()
(ehstart) Windows Media Center Service Launcher [Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 09:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(WcsPlugInService) Windows Color System [On_Demand | Stopped] -> C:\Windows\SysWOW64\WcsPlugInService.dll -> [2006/11/02 03:46:13 | 00,032,256 | ---- | M] (Microsoft Corporation)
(hidserv) Human Interface Device Access [Auto | Running] -> C:\Windows\SysWOW64\hidserv.dll -> [2006/11/02 03:46:05 | 00,025,600 | ---- | M] (Microsoft Corporation)
(KeyIso) CNG Key Isolation [On_Demand | Running] -> C:\Windows\SysWOW64\keyiso.dll -> [2006/11/02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(COMSysApp) COM+ System Application [On_Demand | Stopped] -> C:\Windows\SysWow64\dllhost.exe -> [2006/11/02 03:45:02 | 00,007,168 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 00:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 00:35:15 | 00,055,846 | ---- | M] ()
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\cmdguard.sys -> [2009/11/25 15:59:02 | 00,118,600 | ---- | M] ()
64bit-(inspect) COMODO Internet Security Firewall Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\inspect.sys -> [2009/11/25 15:59:02 | 00,084,104 | ---- | M] ()
64bit-(cmdHlp) COMODO Internet Security Helper Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\cmdhlp.sys -> [2009/11/25 15:59:02 | 00,033,128 | ---- | M] ()
64bit-(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\pcouffin.sys -> [2009/10/27 18:50:57 | 00,082,816 | ---- | M] ()
64bit-(aswSP) avast! Self Protection [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2009/08/17 10:06:05 | 00,089,680 | ---- | M] ()
64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -> [2009/08/17 10:05:43 | 00,022,096 | ---- | M] ()
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -> [2009/08/17 10:05:31 | 00,065,616 | ---- | M] ()
64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2009/08/17 10:04:43 | 00,058,448 | ---- | M] ()
64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2009/08/17 10:04:32 | 00,027,216 | ---- | M] ()
64bit-(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\tcpip.sys -> [2009/08/14 12:05:16 | 01,418,840 | ---- | M] ()
64bit-(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\tcpip.sys -> [2009/08/14 12:05:16 | 01,418,840 | ---- | M] ()
64bit-(KeyScrambler) KeyScrambler [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\keyscrambler.sys -> [2009/07/30 14:10:18 | 00,130,160 | ---- | M] ()
64bit-(KSecDD) KSecDD [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\ksecdd.sys -> [2009/06/15 19:31:37 | 00,515,656 | ---- | M] ()
64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2009/03/17 12:29:46 | 00,637,440 | ---- | M] ()
64bit-(ahcix64s) ahcix64s [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\ahcix64s.sys -> [2009/02/18 18:52:58 | 00,225,296 | ---- | M] ()
64bit-(AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\AtiPcie.sys -> [2009/02/18 18:52:26 | 00,016,400 | ---- | M] ()
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2009/02/18 18:47:52 | 05,171,712 | ---- | M] ()
64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -> [2009/02/13 15:24:56 | 01,485,824 | ---- | M] ()
64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -> [2009/02/13 15:20:56 | 00,292,864 | ---- | M] ()
64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -> [2009/02/13 15:19:34 | 00,740,864 | ---- | M] ()
64bit-(srv) srv [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\srv.sys -> [2008/12/15 21:42:02 | 00,451,584 | ---- | M] ()
64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\XAudio64.sys -> [2008/11/03 21:40:46 | 00,010,240 | ---- | M] ()
64bit-(k57nd60a) Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\k57nd60a.sys -> [2008/09/03 22:12:42 | 00,390,656 | ---- | M] ()
64bit-(mrxsmb10) SMB 1.x MiniRedirector [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mrxsmb10.sys -> [2008/08/26 19:26:08 | 00,272,896 | ---- | M] ()
64bit-(DXGKrnl) LDDM Graphics Subsystem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dxgkrnl.sys -> [2008/08/01 19:20:01 | 00,883,200 | ---- | M] ()
64bit-(netr28x) Ralink 802.11n Wireless Driver for Windows Vista [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\netr28x.sys -> [2008/07/01 15:16:56 | 00,460,800 | ---- | M] ()
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbfilter.sys -> [2008/05/28 18:54:18 | 00,026,168 | ---- | M] ()
64bit-(NativeWifiP) NativeWiFi Filter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\nwifi.sys -> [2008/05/19 20:33:46 | 00,187,392 | ---- | M] ()
64bit-(PSched) QoS Packet Scheduler [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\pacer.sys -> [2008/04/04 19:55:47 | 00,094,208 | ---- | M] ()
64bit-(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\NTIDrvr.sys -> [2008/01/30 20:48:32 | 00,016,384 | ---- | M] ()
64bit-(UBHelper) UBHelper [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2008/01/30 20:48:16 | 00,016,384 | ---- | M] ()
64bit-(exfat) exFAT File System Driver [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\exfat.sys -> [2008/01/20 20:51:20 | 00,187,392 | ---- | M] ()
64bit-(RasSstp) WAN Miniport (SSTP) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rassstp.sys -> [2008/01/20 20:51:19 | 00,078,336 | ---- | M] ()
64bit-(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tdtcp.sys -> [2008/01/20 20:51:14 | 00,029,696 | ---- | M] ()
64bit-(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\tdpipe.sys -> [2008/01/20 20:51:14 | 00,016,384 | ---- | M] ()
64bit-(RDPCDD) RDPCDD [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\RDPCDD.sys -> [2008/01/20 20:51:07 | 00,007,168 | ---- | M] ()
64bit-(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\asyncmac.sys -> [2008/01/20 20:51:01 | 00,022,016 | ---- | M] ()
64bit-(FileInfo) File Information FS MiniFilter [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\fileinfo.sys -> [2008/01/20 20:50:59 | 00,070,200 | ---- | M] ()
64bit-(FltMgr) FltMgr [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\fltmgr.sys -> [2008/01/20 20:50:53 | 00,275,512 | ---- | M] ()
64bit-(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> C:\Windows\SysNative\CLFS.sys -> [2008/01/20 20:50:46 | 00,363,064 | ---- | M] ()
64bit-(bowser) bowser [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bowser.sys -> [2008/01/20 20:50:45 | 00,090,624 | ---- | M] ()
64bit-(IRENUM) IR Bus Enumerator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\irenum.sys -> [2008/01/20 20:50:45 | 00,017,408 | ---- | M] ()
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\ntfs.sys -> [2008/01/20 20:50:39 | 01,540,152 | ---- | M] ()
64bit-(Wdf01000) Kernel Mode Driver Frameworks service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\Wdf01000.sys -> [2008/01/20 20:50:39 | 00,881,720 | ---- | M] ()
64bit-(cdfs) CD/DVD File System Reader [File_System | Disabled | Running] -> C:\Windows\SysNative\DRIVERS\cdfs.sys -> [2008/01/20 20:50:39 | 00,090,624 | ---- | M] ()
64bit-(Msfs) Msfs [File_System | System | Running] -> C:\Windows\SysNative\drivers\msfs.sys -> [2008/01/20 20:50:39 | 00,026,112 | ---- | M] ()
64bit-(NDIS) NDIS System Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ndis.sys -> [2008/01/20 20:50:38 | 00,739,384 | ---- | M] ()
64bit-(udfs) udfs [File_System | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\udfs.sys -> [2008/01/20 20:50:38 | 00,299,520 | ---- | M] ()
64bit-(Npfs) Npfs [File_System | System | Running] -> C:\Windows\SysNative\drivers\npfs.sys -> [2008/01/20 20:50:38 | 00,043,520 | ---- | M] ()
64bit-(HTTP) HTTP [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HTTP.sys -> [2008/01/20 20:50:36 | 00,596,480 | ---- | M] ()
64bit-(srvnet) srvnet [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\srvnet.sys -> [2008/01/20 20:50:29 | 00,141,312 | ---- | M] ()
64bit-(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\mountmgr.sys -> [2008/01/20 20:50:25 | 00,070,200 | ---- | M] ()
64bit-(tcpipreg) TCP/IP Registry Compatibility [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\tcpipreg.sys -> [2008/01/20 20:50:24 | 00,038,400 | ---- | M] ()
64bit-(netbt) netbt [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\netbt.sys -> [2008/01/20 20:50:11 | 00,250,368 | ---- | M] ()
64bit-(Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\smb.sys -> [2008/01/20 20:50:11 | 00,088,064 | ---- | M] ()
64bit-(srv2) srv2 [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\srv2.sys -> [2008/01/20 20:50:10 | 00,174,080 | ---- | M] ()
64bit-(tssecsrv) Terminal Services Security Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\tssecsrv.sys -> [2008/01/20 20:50:10 | 00,029,184 | ---- | M] ()
64bit-(WUDFRd) WUDFRd [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\WUDFRd.sys -> [2008/01/20 20:50:09 | 00,108,544 | ---- | M] ()
64bit-(Modem) Modem [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\modem.sys -> [2008/01/20 20:50:04 | 00,040,448 | ---- | M] ()
64bit-(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rasl2tp.sys -> [2008/01/20 20:49:59 | 00,124,928 | ---- | M] ()
64bit-(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\raspptp.sys -> [2008/01/20 20:49:59 | 00,098,816 | ---- | M] ()
64bit-(DfsC) DFS Namespace Client Driver [File_System | System | Running] -> C:\Windows\SysNative\Drivers\dfsc.sys -> [2008/01/20 20:49:58 | 00,097,792 | ---- | M] ()
64bit-(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ndisuio.sys -> [2008/01/20 20:49:58 | 00,022,016 | ---- | M] ()
64bit-(tdx) NetIO Legacy TDI Support Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\tdx.sys -> [2008/01/20 20:49:53 | 00,094,208 | ---- | M] ()
64bit-(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSKSSRV.sys -> [2008/01/20 20:49:52 | 00,011,008 | ---- | M] ()
64bit-(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSTEE.sys -> [2008/01/20 20:49:52 | 00,007,936 | ---- | M] ()
64bit-(VgaSave) VgaSave [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vga.sys -> [2008/01/20 20:49:51 | 00,028,672 | ---- | M] ()
64bit-(RDPENCDD) RDP Encoder Mirror Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\rdpencdd.sys -> [2008/01/20 20:49:48 | 00,007,168 | ---- | M] ()
64bit-(RDPWD) RDP Winstation Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpwd.sys -> [2008/01/20 20:49:47 | 00,210,432 | ---- | M] ()
64bit-(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mpsdrv.sys -> [2008/01/20 20:49:42 | 00,081,408 | ---- | M] ()
64bit-(nsiproxy) NSI proxy service [Kernel | System | Running] -> C:\Windows\SysNative\drivers\nsiproxy.sys -> [2008/01/20 20:49:42 | 00,024,064 | ---- | M] ()
64bit-(ws2ifsl) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> C:\Windows\SysNative\drivers\ws2ifsl.sys -> [2008/01/20 20:49:42 | 00,020,992 | ---- | M] ()
64bit-(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ipfltdrv.sys -> [2008/01/20 20:49:34 | 00,067,072 | ---- | M] ()
64bit-(partmgr) Partition Manager [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\partmgr.sys -> [2008/01/20 20:49:31 | 00,074,808 | ---- | M] ()
64bit-(luafv) UAC File Virtualization [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\luafv.sys -> [2008/01/20 20:49:16 | 00,109,568 | ---- | M] ()
64bit-(rspndr) Link-Layer Topology Discovery Responder [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\rspndr.sys -> [2008/01/20 20:49:15 | 00,075,776 | ---- | M] ()
64bit-(lltdio) Link-Layer Topology Discovery Mapper I/O Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\lltdio.sys -> [2008/01/20 20:49:15 | 00,059,392 | ---- | M] ()
64bit-(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\raspppoe.sys -> [2008/01/20 20:49:08 | 00,050,176 | ---- | M] ()
64bit-(ksthunk) Kernel Streaming Thunks [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ksthunk.sys -> [2008/01/20 20:49:00 | 00,020,864 | ---- | M] ()
64bit-(mrxsmb20) SMB 2.0 MiniRedirector [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mrxsmb20.sys -> [2008/01/20 20:48:57 | 00,105,472 | ---- | M] ()
64bit-(volmgrx) Dynamic Volume Manager [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\volmgrx.sys -> [2008/01/20 20:48:55 | 00,409,656 | ---- | M] ()
64bit-(MsRPC) MsRPC [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\msrpc.sys -> [2008/01/20 20:48:48 | 00,312,376 | ---- | M] ()
64bit-(IPNAT) IP Network Address Translator [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ipnat.sys -> [2008/01/20 20:48:45 | 00,115,712 | ---- | M] ()
64bit-(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ndproxy.sys -> [2008/01/20 20:48:45 | 00,059,904 | ---- | M] ()
64bit-(tunnel) Microsoft IPv6 Tunnel Miniport Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tunnel.sys -> [2008/01/20 20:48:45 | 00,028,160 | ---- | M] ()
64bit-(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ndistapi.sys -> [2008/01/20 20:48:45 | 00,024,064 | ---- | M] ()
64bit-(tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\tunmp.sys -> [2008/01/20 20:48:45 | 00,018,432 | ---- | M] ()
64bit-(Wanarpv6) Remote Access IPv6 ARP Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\wanarp.sys -> [2008/01/20 20:48:44 | 00,086,016 | ---- | M] ()
64bit-(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wanarp.sys -> [2008/01/20 20:48:44 | 00,086,016 | ---- | M] ()
64bit-(Filetrace) Filetrace [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\filetrace.sys -> [2008/01/20 20:48:28 | 00,033,280 | ---- | M] ()
64bit-(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\netbios.sys -> [2008/01/20 20:48:27 | 00,044,544 | ---- | M] ()
64bit-(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\rasacd.sys -> [2008/01/20 20:48:24 | 00,014,848 | ---- | M] ()
64bit-(rdbss) Redirected Buffering Sub Sysytem [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\rdbss.sys -> [2008/01/20 20:48:21 | 00,288,256 | ---- | M] ()
64bit-(AFD) Ancilliary Function Driver for Winsock [Kernel | System | Running] -> C:\Windows\SysNative\drivers\afd.sys -> [2008/01/20 20:48:18 | 00,408,064 | ---- | M] ()
64bit-(Mup) Mup [File_System | Boot | Running] -> C:\Windows\SysNative\Drivers\mup.sys -> [2008/01/20 20:48:15 | 00,061,496 | ---- | M] ()
64bit-(fastfat) FAT12/16/32 File System Driver [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\fastfat.sys -> [2008/01/20 20:48:14 | 00,198,656 | ---- | M] ()
64bit-(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\ndiswan.sys -> [2008/01/20 20:48:14 | 00,169,472 | ---- | M] ()
64bit-(mrxsmb) SMB MiniRedirector Wrapper and Engine [File_System | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mrxsmb.sys -> [2008/01/20 20:48:08 | 00,134,656 | ---- | M] ()
64bit-(spldr) Security Processor Loader Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\spldr.sys -> [2008/01/20 20:48:07 | 00,021,048 | ---- | M] ()
64bit-(MRxDAV) WebDav Client Redirector Driver [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mrxdav.sys -> [2008/01/20 20:47:44 | 00,134,144 | ---- | M] ()
64bit-(Ecache) ReadyBoost Caching Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ecache.sys -> [2008/01/20 20:47:43 | 00,157,240 | ---- | M] ()
64bit-(QWAVEdrv) QWAVE driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\qwavedrv.sys -> [2008/01/20 20:47:30 | 00,046,592 | ---- | M] ()
64bit-(IPMIDRV) IPMIDRV [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ipmidrv.sys -> [2008/01/20 20:47:28 | 00,076,288 | ---- | M] ()
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 20:47:28 | 00,046,080 | ---- | M] ()
64bit-(i2omp) i2omp [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\i2omp.sys -> [2008/01/20 20:47:28 | 00,035,896 | ---- | M] ()
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\b57nd60a.sys -> [2008/01/20 20:47:27 | 00,214,016 | ---- | M] ()
64bit-(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adpu320.sys -> [2008/01/20 20:47:27 | 00,185,912 | ---- | M] ()
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 20:47:27 | 00,168,704 | ---- | M] ()
64bit-(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\i8042prt.sys -> [2008/01/20 20:47:27 | 00,064,000 | ---- | M] ()
64bit-(kbdclass) Keyboard Class Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\kbdclass.sys -> [2008/01/20 20:47:27 | 00,042,040 | ---- | M] ()
64bit-(Wd) Microsoft Watchdog Timer Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\wd.sys -> [2008/01/20 20:47:27 | 00,024,120 | ---- | M] ()
64bit-(kbdhid) Keyboard HID Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\kbdhid.sys -> [2008/01/20 20:47:27 | 00,020,480 | ---- | M] ()
64bit-(mpio) Microsoft Multi-Path Bus Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\mpio.sys -> [2008/01/20 20:47:26 | 00,128,056 | ---- | M] ()
64bit-(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sisraid4.sys -> [2008/01/20 20:47:26 | 00,078,392 | ---- | M] ()
64bit-(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\vsmraid.sys -> [2008/01/20 20:47:25 | 00,149,048 | ---- | M] ()
64bit-(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\USBSTOR.SYS -> [2008/01/20 20:47:25 | 00,066,048 | ---- | M] ()
64bit-(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbehci.sys -> [2008/01/20 20:47:25 | 00,049,152 | ---- | M] ()
64bit-(fdc) Floppy Disk Controller Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\fdc.sys -> [2008/01/20 20:47:25 | 00,029,696 | ---- | M] ()
64bit-(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\usbuhci.sys -> [2008/01/20 20:47:25 | 00,029,184 | ---- | M] ()
64bit-(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbohci.sys -> [2008/01/20 20:47:25 | 00,024,064 | ---- | M] ()
64bit-(msdsm) Microsoft Multi-Path Device Specific Module [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\msdsm.sys -> [2008/01/20 20:47:04 | 00,113,720 | ---- | M] ()
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaudio.sys -> [2008/01/20 20:47:04 | 00,098,816 | ---- | M] ()
64bit-(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\blbdrive.sys -> [2008/01/20 20:47:04 | 00,055,296 | ---- | M] ()
64bit-(volsnap) Storage volumes [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\volsnap.sys -> [2008/01/20 20:47:03 | 00,271,416 | ---- | M] ()
64bit-(circlass) Consumer IR Devices [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\circlass.sys -> [2008/01/20 20:47:03 | 00,041,984 | ---- | M] ()
64bit-(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbhub.sys -> [2008/01/20 20:47:01 | 00,270,336 | ---- | M] ()
64bit-(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\lsi_scsi.sys -> [2008/01/20 20:47:01 | 00,113,720 | ---- | M] ()
64bit-(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\usbccgp.sys -> [2008/01/20 20:47:01 | 00,095,744 | ---- | M] ()
64bit-(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\arcsas.sys -> [2008/01/20 20:47:00 | 00,091,192 | ---- | M] ()
64bit-(monitor) Microsoft Monitor Class Function Driver Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\monitor.sys -> [2008/01/20 20:47:00 | 00,049,152 | ---- | M] ()
64bit-(vga) vga [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\vgapnp.sys -> [2008/01/20 20:47:00 | 00,029,184 | ---- | M] ()
64bit-(sffdisk) SFF Storage Class Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sffdisk.sys -> [2008/01/20 20:47:00 | 00,014,848 | ---- | M] ()
64bit-(sffp_mmc) SFF Storage Protocol Driver for MMC [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sffp_mmc.sys -> [2008/01/20 20:47:00 | 00,014,336 | ---- | M] ()
64bit-(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sffp_sd.sys -> [2008/01/20 20:47:00 | 00,013,824 | ---- | M] ()
64bit-(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\elxstor.sys -> [2008/01/20 20:46:59 | 00,397,368 | ---- | M] ()
64bit-(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iastorv.sys -> [2008/01/20 20:46:59 | 00,290,872 | ---- | M] ()
64bit-(iScsiPrt) iScsiPort Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\msiscsi.sys -> [2008/01/20 20:46:59 | 00,215,096 | ---- | M] ()
64bit-(gagp30kx) Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\gagp30kx.sys -> [2008/01/20 20:46:59 | 00,068,152 | ---- | M] ()
64bit-(uagp35) Microsoft AGPv3.5 Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uagp35.sys -> [2008/01/20 20:46:59 | 00,067,128 | ---- | M] ()
64bit-(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\hpcisss.sys -> [2008/01/20 20:46:59 | 00,047,672 | ---- | M] ()
64bit-(mouclass) Mouse Class Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\mouclass.sys -> [2008/01/20 20:46:59 | 00,039,992 | ---- | M] ()
64bit-(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\megasas.sys -> [2008/01/20 20:46:59 | 00,035,896 | ---- | M] ()
64bit-(sermouse) Serial Mouse Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sermouse.sys -> [2008/01/20 20:46:59 | 00,026,624 | ---- | M] ()
64bit-(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mouhid.sys -> [2008/01/20 20:46:59 | 00,019,968 | ---- | M] ()
64bit-(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -> [2008/01/20 20:46:57 | 00,286,720 | ---- | M] ()
64bit-(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\megasr.sys -> [2008/01/20 20:46:56 | 00,438,328 | ---- | M] ()
64bit-(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\uliahci.sys -> [2008/01/20 20:46:56 | 00,284,728 | ---- | M] ()
64bit-(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\E1G6032E.sys -> [2008/01/20 20:46:56 | 00,146,176 | ---- | M] ()
64bit-(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas.sys -> [2008/01/20 20:46:56 | 00,105,016 | ---- | M] ()
64bit-(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sisraid2.sys -> [2008/01/20 20:46:56 | 00,045,624 | ---- | M] ()
64bit-(flpydisk) Floppy Disk Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\flpydisk.sys -> [2008/01/20 20:46:55 | 00,024,576 | ---- | M] ()
64bit-(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\hidusb.sys -> [2008/01/20 20:46:55 | 00,015,872 | ---- | M] ()
64bit-(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adpahci.sys -> [2008/01/20 20:46:54 | 00,342,584 | ---- | M] ()
64bit-(nvraid) NVIDIA nForce RAID Driver	[Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\nvraid.sys -> [2008/01/20 20:46:54 | 00,128,056 | ---- | M] ()
64bit-(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adpu160m.sys -> [2008/01/20 20:46:54 | 00,126,520 | ---- | M] ()
64bit-(cdrom) CD-ROM Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\cdrom.sys -> [2008/01/20 20:46:54 | 00,079,872 | ---- | M] ()
64bit-(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\nvstor.sys -> [2008/01/20 20:46:54 | 00,054,328 | ---- | M] ()
64bit-(umbus) UMBus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\umbus.sys -> [2008/01/20 20:46:54 | 00,041,984 | ---- | M] ()
64bit-(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\adp94xx.sys -> [2008/01/20 20:46:53 | 00,486,456 | ---- | M] ()
64bit-(disk) Disk Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\disk.sys -> [2008/01/20 20:46:53 | 00,068,664 | ---- | M] ()
64bit-(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ql2300.sys -> [2008/01/20 20:46:52 | 01,221,176 | ---- | M] ()
64bit-(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ulsata2.sys -> [2008/01/20 20:46:52 | 00,174,696 | ---- | M] ()
64bit-(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\arc.sys -> [2008/01/20 20:46:52 | 00,090,680 | ---- | M] ()
64bit-(crcdisk) Crcdisk Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\crcdisk.sys -> [2008/01/20 20:46:52 | 00,027,704 | ---- | M] ()
64bit-(rdpdr) Terminal Server Device Redirector Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\rdpdr.sys -> [2008/01/20 20:46:51 | 00,314,368 | ---- | M] ()
64bit-(pci) PCI Bus Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pci.sys -> [2008/01/20 20:46:51 | 00,179,768 | ---- | M] ()
64bit-(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nv_agp.sys -> [2008/01/20 20:46:51 | 00,126,520 | ---- | M] ()
64bit-(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\lsi_fc.sys -> [2008/01/20 20:46:51 | 00,113,720 | ---- | M] ()
64bit-(volmgr) Volume Manager Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\volmgr.sys -> [2008/01/20 20:46:51 | 00,068,664 | ---- | M] ()
64bit-(uliagpkx) Uli AGP Bus Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\uliagpkx.sys -> [2008/01/20 20:46:51 | 00,068,152 | ---- | M] ()
64bit-(agp440) Intel AGP Bus Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\agp440.sys -> [2008/01/20 20:46:51 | 00,064,568 | ---- | M] ()
64bit-(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\HDAudBus.sys -> [2008/01/20 20:46:51 | 00,050,688 | ---- | M] ()
64bit-(AmdK8) AMD K8 Processor Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\amdk8.sys -> [2008/01/20 20:46:51 | 00,050,688 | ---- | M] ()
64bit-(intelppm) Intel Processor Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\intelppm.sys -> [2008/01/20 20:46:51 | 00,048,128 | ---- | M] ()
64bit-(Processor) Processor Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\processr.sys -> [2008/01/20 20:46:51 | 00,047,104 | ---- | M] ()
64bit-(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mssmbios.sys -> [2008/01/20 20:46:51 | 00,034,872 | ---- | M] ()
64bit-(isapnp) PnP ISA/EISA Bus Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\isapnp.sys -> [2008/01/20 20:46:51 | 00,023,608 | ---- | M] ()
64bit-(msisadrv) ISA/EISA Class Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\msisadrv.sys -> [2008/01/20 20:46:51 | 00,017,976 | ---- | M] ()
64bit-(CmBatt) Microsoft AC Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 20:46:51 | 00,017,792 | ---- | M] ()
64bit-(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\drmkaud.sys -> [2008/01/20 20:46:51 | 00,006,144 | ---- | M] ()
64bit-(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\acpi.sys -> [2008/01/20 20:46:50 | 00,326,712 | ---- | M] ()
64bit-(TermDD) Terminal Device Driver [Kernel | System | Running] -> C:\Windows\SysNative\DRIVERS\termdd.sys -> [2008/01/20 20:46:50 | 00,063,544 | ---- | M] ()
64bit-(msahci) msahci [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\msahci.sys -> [2008/01/20 20:46:50 | 00,031,288 | ---- | M] ()
64bit-(Compbatt) Microsoft Composite Battery Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\compbatt.sys -> [2008/01/20 20:46:50 | 00,023,608 | ---- | M] ()
64bit-(atapi) IDE Channel [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\atapi.sys -> [2008/01/20 20:46:50 | 00,022,584 | ---- | M] ()
64bit-(intelide) intelide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\intelide.sys -> [2008/01/20 20:46:50 | 00,019,512 | ---- | M] ()
64bit-(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\viaide.sys -> [2008/01/20 20:46:50 | 00,018,024 | ---- | M] ()
64bit-(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\cmdide.sys -> [2008/01/20 20:46:50 | 00,018,024 | ---- | M] ()
64bit-(amdide) amdide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\amdide.sys -> [2008/01/20 20:46:50 | 00,015,976 | ---- | M] ()
64bit-(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\aliide.sys -> [2008/01/20 20:46:50 | 00,015,976 | ---- | M] ()
64bit-(WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wmiacpi.sys -> [2008/01/20 20:46:50 | 00,014,336 | ---- | M] ()
64bit-(pciide) pciide [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\pciide.sys -> [2008/01/20 20:46:50 | 00,013,416 | ---- | M] ()
64bit-(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\swenum.sys -> [2008/01/20 20:46:50 | 00,013,032 | ---- | M] ()
64bit-(ErrDev) Microsoft Hardware Error Device Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\errdev.sys -> [2008/01/20 20:46:50 | 00,008,704 | ---- | M] ()
64bit-(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\nfrd960.sys -> [2006/11/02 06:03:03 | 00,051,816 | ---- | M] ()
64bit-(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\symc8xx.sys -> [2006/11/02 06:02:52 | 00,049,256 | ---- | M] ()
64bit-(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sym_u3.sys -> [2006/11/02 06:02:47 | 00,048,232 | ---- | M] ()
64bit-(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iirsp.sys -> [2006/11/02 06:02:39 | 00,044,648 | ---- | M] ()
64bit-(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sym_hi.sys -> [2006/11/02 06:02:37 | 00,044,648 | ---- | M] ()
64bit-(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\mraid35x.sys -> [2006/11/02 06:02:24 | 00,039,016 | ---- | M] ()
64bit-(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iteraid.sys -> [2006/11/02 06:02:09 | 00,037,480 | ---- | M] ()
64bit-(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iteatapi.sys -> [2006/11/02 06:02:09 | 00,037,480 | ---- | M] ()
64bit-(pcmcia) pcmcia [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\pcmcia.sys -> [2006/11/02 05:51:30 | 00,203,368 | ---- | M] ()
64bit-(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ulsata.sys -> [2006/11/02 05:50:54 | 00,148,072 | ---- | M] ()
64bit-(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ql40xx.sys -> [2006/11/02 05:50:27 | 00,124,008 | ---- | M] ()
64bit-(sbp2port) SBP-2 Transport/Protocol Bus Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sbp2port.sys -> [2006/11/02 05:50:06 | 00,090,216 | ---- | M] ()
64bit-(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\djsvs.sys -> [2006/11/02 05:50:06 | 00,088,168 | ---- | M] ()
64bit-(usbprint) Microsoft USB PRINTER Class [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\usbprint.sys -> [2006/11/02 04:27:53 | 00,024,064 | ---- | M] ()
64bit-(BTHMODEM) Bluetooth Serial Communications Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\bthmodem.sys -> [2006/11/02 03:44:02 | 00,050,688 | ---- | M] ()
64bit-(HidBth) Microsoft Bluetooth HID Miniport [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\hidbth.sys -> [2006/11/02 03:44:01 | 00,034,304 | ---- | M] ()
64bit-(ohci1394) NEC FireWarden OHCI Compliant IEEE 1394 Host Controller [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\ohci1394.sys -> [2006/11/02 03:43:56 | 00,072,192 | ---- | M] ()
64bit-(usbcir) eHome Infrared Receiver (USBCIR) [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\usbcir.sys -> [2006/11/02 03:43:46 | 00,079,360 | ---- | M] ()
64bit-(HidIr) Microsoft Infrared HID Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\hidir.sys -> [2006/11/02 03:43:36 | 00,025,600 | ---- | M] ()
64bit-(WacomPen) Wacom Serial Pen HID Driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\wacompen.sys -> [2006/11/02 03:40:24 | 00,026,624 | ---- | M] ()
64bit-(sfloppy) High-Capacity Floppy Disk Drive [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\sfloppy.sys -> [2006/11/02 03:38:24 | 00,016,384 | ---- | M] ()
64bit-(Serial) Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\serial.sys -> [2006/11/02 03:38:02 | 00,094,208 | ---- | M] ()
64bit-(Serenum) Serenum Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\serenum.sys -> [2006/11/02 03:37:58 | 00,023,040 | ---- | M] ()
64bit-(Parport) Parallel port driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\parport.sys -> [2006/11/02 03:37:57 | 00,096,768 | ---- | M] ()
64bit-(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSPCLOCK.sys -> [2006/11/02 03:37:30 | 00,007,040 | ---- | M] ()
64bit-(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MSPQM.sys -> [2006/11/02 03:37:30 | 00,006,656 | ---- | M] ()
64bit-(Null) Null [Kernel | System | Running] -> C:\Windows\SysNative\drivers\null.sys -> [2006/11/02 03:37:16 | 00,006,144 | ---- | M] ()
64bit-(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\brserid.sys -> [2006/11/02 02:43:25 | 00,086,528 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/01 23:28:10 | 00,273,920 | ---- | M] ()
64bit-(PEAUTH) PEAUTH [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\peauth.sys -> [2006/10/23 20:08:37 | 00,712,704 | ---- | M] ()
64bit-(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\secdrv.sys -> [2006/09/29 17:51:44 | 00,023,040 | ---- | M] ()
64bit-(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\brusbser.sys -> [2006/09/19 05:42:33 | 00,014,720 | ---- | M] ()
64bit-(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\brserwdm.sys -> [2006/09/18 15:30:18 | 00,047,104 | ---- | M] ()
64bit-(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\brusbmdm.sys -> [2006/09/18 15:30:18 | 00,014,976 | ---- | M] ()
64bit-(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\brfiltlo.sys -> [2006/09/18 15:30:15 | 00,018,432 | ---- | M] ()
64bit-(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\brfiltup.sys -> [2006/09/18 15:30:15 | 00,008,704 | ---- | M] ()
64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -> [2006/06/18 23:27:24 | 00,017,024 | ---- | M] ()
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -> [2009/08/06 16:47:57 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -> [2009/06/23 10:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -> [2009/06/23 10:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(a2exec) a-squared OnExecution scan driver. [Kernel | On_Demand | Running] -> C:\Program Files (x86)\a-squared Anti-Malware\a2exec64.sys -> [2008/04/11 08:20:06 | 00,010,608 | ---- | M] (Emsi Software GmbH)
(DKbFltr) Dritek Keyboard Filter Driver (64-bit) [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\drivers\DKbFltr.sys -> [2006/11/02 23:01:28 | 00,025,872 | ---- | M] (Dritek System Inc.)
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 15:36:40 | 00,003,066 | ---- | M] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 15:35:23 | 00,001,088 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysWOW64\mdmxsdk.dll -> [2006/06/18 23:26:50 | 00,094,208 | ---- | M] (Conexant)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0509&m=nv52_series -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/webhp?rls=ig -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
64bit-HKEY_CURRENT_USER\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysNative\ieframe.dll [Microsoft Url Search Hook] -> [2009/07/21 16:06:30 | 12,458,496 | ---- | M] ()
HKEY_CURRENT_USER\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\Windows\SysWOW64\ieframe.dll [Microsoft Url Search Hook] -> [2009/07/21 15:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Hoochie addy\AppData\Roaming\Mozilla\FireFox\Profiles\gwek86ho.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.com/" ->
extensions.enabledItems -> {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.95 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 ->
extensions.enabledItems -> elemhidehelper@adblockplus.org:1.0.6 ->
extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5 ->
extensions.enabledItems -> {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1 ->
extensions.enabledItems -> {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.77 ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 ->
extensions.enabledItems -> {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.3 ->
extensions.enabledItems -> {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.071101000055 ->
extensions.enabledItems -> nosquint@urandom.ca:2.0b6 ->
extensions.enabledItems -> {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.5 ->
extensions.enabledItems -> undoclosedtabsbutton@supernova00.biz:3.5.1 ->
extensions.enabledItems -> {340c2bbc-ce74-4362-90b5-7c26312808ef}:0.4.0 ->
extensions.enabledItems -> myfxva@Merci.chao:1.2.1 ->
extensions.enabledItems -> kempelton-fx@arvidaxelsson.se:3.1.1 ->
extensions.enabledItems -> {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608 ->
extensions.enabledItems -> {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}:1.8.50 ->
< FireFox Settings [User.js] > -> C:\Users\Hoochie addy\AppData\Roaming\Mozilla\FireFox\Profiles\gwek86ho.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX] -> [2009/07/11 18:08:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/11/09 23:48:38 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/11/08 16:03:28 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Extensions -> [2009/09/23 13:15:40 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com -> [2009/09/23 13:15:40 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions -> [2009/11/27 20:01:28 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2009/07/11 03:08:26 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} -> [2009/10/29 01:47:16 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} -> [2009/07/11 03:52:16 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} -> [2009/11/11 12:15:06 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} -> [2009/10/12 20:39:21 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a} -> [2009/11/16 12:06:24 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} -> [2009/08/06 18:08:25 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/10/14 01:57:03 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/08/17 22:37:56 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(434) -> [2009/08/12 15:00:40 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61} -> [2009/11/10 02:19:49 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} -> [2009/11/08 01:50:01 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2009/10/29 01:47:22 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/10/12 21:11:12 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} -> [2009/07/11 03:52:16 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} -> [2009/09/16 20:25:15 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\afom@idevfh -> [2009/10/12 21:11:12 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\elemhidehelper@adblockplus.org -> [2009/07/11 03:04:49 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\extra-dim@firefox.ext -> [2009/10/14 23:55:48 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\keyscrambler@qfx.software.corporation -> [2009/09/06 22:22:31 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\nosquint@urandom(48).ca -> [2009/11/04 17:30:21 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\nosquint@urandom.ca -> [2009/11/06 15:58:51 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\silvermelxt@pardal.de -> [2009/10/14 23:55:47 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\twoDslow@firefox.theme -> [2009/10/14 23:42:06 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\undoclosedtabsbutton@supernova00.biz -> [2009/07/15 02:57:19 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\dwv5opwk.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com -> [2009/09/20 18:51:19 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions -> [2009/07/11 01:55:57 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2009/07/11 01:55:36 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} -> [2009/07/11 01:55:38 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{1726d1f0-983d-11dd-ad8b-0800200c9a66} -> [2009/07/11 01:55:39 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} -> [2009/07/11 01:55:40 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} -> [2009/07/11 01:55:44 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} -> [2009/07/11 01:55:46 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8} -> [2009/07/11 01:55:47 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} -> [2009/07/11 01:55:47 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} -> [2009/07/11 01:55:48 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2009/07/11 01:55:49 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a} -> [2009/07/11 01:55:50 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/07/11 01:55:53 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/07/11 01:55:54 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2009/07/11 01:55:56 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} -> [2009/07/11 01:56:02 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\elemhidehelper@adblockplus.org -> [2009/07/11 01:55:22 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\kempelton-fx@arvidaxelsson.se -> [2009/07/11 01:55:23 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\moveplayer@movenetworks.com -> [2009/07/11 01:55:23 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\myfxva@Merci.chao -> [2009/07/11 01:55:28 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\nosquint@urandom.ca -> [2009/07/11 01:55:28 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\undoclosedtabsbutton@supernova00.biz -> [2009/07/11 01:55:34 | 00,000,000 | ---D | M]
  -> C:\Users\Hoochie addy\AppData\Roaming\mozilla\Firefox\Profiles\gwek86ho.default\extensions\video-dowloader@magic-imv.ro -> [2009/07/11 01:55:35 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 ask.xml -> C:\Users\Hoochie addy\AppData\Roaming\Mozilla\FireFox\Profiles\gwek86ho.default\searchplugins\ask.xml -> [2009/05/23 21:12:42 | 00,000,682 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2009/11/27 20:01:28 | 00,000,000 | ---D | M]
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} [HKLM] -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [KeyScramblerBHO Class] -> [2009/08/08 06:17:56 | 01,036,016 | ---- | M] (QFX Software Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2009/07/10 22:54:50 | 00,346,736 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [Google Toolbar Notifier BHO] -> [2009/11/09 18:08:05 | 00,318,960 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 11:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} [HKLM] -> C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll [KeyScramblerBHO Class] -> [2009/09/06 22:22:07 | 00,793,328 | ---- | M] (QFX Software Corporation)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value error.] -> [2009/08/02 20:11:12 | 05,960,520 | ---- | M] (Siber Systems Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2008/11/18 14:47:06 | 00,408,952 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009/07/10 22:54:49 | 00,256,112 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/11/09 18:08:05 | 00,764,912 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009/07/10 22:54:47 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/14 02:10:17 | 00,041,368 | ---- | M] (Sun Microsystems, Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009/07/10 22:54:50 | 00,346,736 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/07/10 22:54:49 | 00,256,112 | ---- | M] (Google Inc.)
"{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}" [HKLM] -> C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll [FireShot] -> File not found
"{724d43a0-0d85-11d4-9908-00400523e39a}" [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2009/08/02 20:11:12 | 05,960,520 | ---- | M] (Siber Systems Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009/07/10 22:54:50 | 00,346,736 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/07/10 22:54:49 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2009/08/02 20:11:12 | 05,960,520 | ---- | M] (Siber Systems Inc.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2009/11/25 15:58:56 | 08,955,664 | ---- | M] (COMODO)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 20:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"a-squared" -> C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe ["C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60] -> [2009/11/05 11:28:00 | 03,279,192 | ---- | M] (Emsi Software GmbH)
"avast!" -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/08/17 10:07:23 | 00,081,000 | ---- | M] (ALWIL Software)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 13:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SUPERAntiSpyware" -> C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2009/11/24 02:44:00 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/07/10 22:48:42 | 00,068,856 | ---- | M] (Google Inc.)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"LogonHoursAction" ->  [2] -> File not found
\\"DontDisplayLogonHoursWarnings" ->  [1] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Customize Menu -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html] -> [2009/08/02 20:12:24 | 00,000,212 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000] -> [2001/02/16 00:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)
Fill Forms -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html] -> [2009/08/02 20:12:24 | 00,000,206 | ---- | M] ()
RoboForm Toolbar -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html] -> [2009/08/02 20:12:24 | 00,000,208 | ---- | M] ()
Save Forms -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html] -> [2009/08/02 20:12:24 | 00,000,205 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Customize Menu -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html] -> [2009/08/02 20:12:24 | 00,000,212 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000] -> [2001/02/16 00:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)
Fill Forms -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html] -> [2009/08/02 20:12:24 | 00,000,206 | ---- | M] ()
RoboForm Toolbar -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html] -> [2009/08/02 20:12:24 | 00,000,208 | ---- | M] ()
Save Forms -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html [file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html] -> [2009/08/02 20:12:24 | 00,000,205 | ---- | M] ()
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}:{B745F984-EF2E-40D6-A9AC-D8CED7230E61} [HKLM] -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [Menu: &KeyScrambler...] -> [2009/08/08 06:17:56 | 01,036,016 | ---- | M] (QFX Software Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2008/12/02 23:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2008/12/02 23:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> Reg Error: Key error. [Button: Send to OneNote] -> File not found
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> Reg Error: Key error. [Menu: S&end to OneNote] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Button: Fill Forms] -> [2009/08/02 20:12:24 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Menu: Fill Forms] -> [2009/08/02 20:12:24 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Button: Save] -> [2009/08/02 20:12:24 | 00,000,205 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Menu: Save Forms] -> [2009/08/02 20:12:24 | 00,000,205 | ---- | M] ()
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}:{B745F984-EF2E-40D6-A9AC-D8CED7230E61} [HKLM] -> C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll [Menu: &KeyScrambler...] -> [2009/09/06 22:22:07 | 00,793,328 | ---- | M] (QFX Software Corporation)
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Button: RoboForm] -> [2009/08/02 20:12:24 | 00,000,208 | ---- | M] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Menu: RoboForm Toolbar] -> [2009/08/02 20:12:24 | 00,000,208 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> Reg Error: Key error. [Button: Research] -> File not found
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://support.gateway.com/support/profiler/PCPitStop.CAB [PCPitstop Utility] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 10.0.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{D049B8F1-C64F-4284-9DF3-CD83101611E8}\\DhcpNameServer -> 10.0.0.1   (Ralink 802.11n Wireless LAN Card) -> 
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\Windows\system32\guard64.dll -> C:\Windows\SysNative\guard64.dll -> [2009/11/25 15:59:02 | 00,239,616 | ---- | M] ()
*MultiFile Done* -> -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\Windows\SysWOW64\guard32.dll -> C:\Windows\SysWOW64\guard32.dll -> [2009/11/25 15:59:02 | 00,171,552 | ---- | M] (COMODO)
*MultiFile Done* -> -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 00:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2008/01/20 20:49:46 | 00,028,160 | ---- | M] ()
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2008/01/20 20:50:36 | 00,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/10 00:49:43 | 00,548,352 | ---- | M] (SUPERAntiSpyware.com)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\Windows\SysNative\webcheck.dll [WebCheck] -> [2009/03/08 05:41:09 | 00,304,640 | ---- | M] ()
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\Windows\SysWOW64\webcheck.dll [WebCheck] -> [2009/03/08 05:34:47 | 00,236,544 | ---- | M] (Microsoft Corporation)
< 64bit-SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\Windows\SysNative\browseui.dll [Component Categories cache daemon] -> [2008/01/20 20:49:58 | 01,654,784 | ---- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\Windows\SysWOW64\browseui.dll [Component Categories cache daemon] -> [2008/01/20 20:50:57 | 01,324,032 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
credssp.dll -> C:\Windows\SysNative\credssp.dll -> [2008/01/20 20:49:14 | 00,018,432 | ---- | M] ()
*MultiFile Done* -> -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
credssp.dll -> C:\Windows\SysWow64\credssp.dll -> [2008/01/20 20:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
64bit-*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\Windows\SysNative\msv1_0.dll -> [2009/06/15 09:44:24 | 00,268,800 | ---- | M] ()
*MultiFile Done* -> -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\Windows\SysWow64\msv1_0.dll -> [2009/06/15 09:22:19 | 00,213,504 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\Windows\SysNative\kerberos.dll -> [2009/06/15 09:43:24 | 00,656,384 | ---- | M] ()
msv1_0 -> C:\Windows\SysNative\msv1_0.dll -> [2009/06/15 09:44:24 | 00,268,800 | ---- | M] ()
schannel -> C:\Windows\SysNative\schannel.dll -> [2009/06/15 09:46:04 | 00,338,944 | ---- | M] ()
wdigest -> C:\Windows\SysNative\wdigest.dll -> [2009/06/15 09:46:54 | 00,205,312 | ---- | M] ()
tspkg -> C:\Windows\SysNative\tspkg.dll -> [2008/01/20 20:49:14 | 00,078,848 | ---- | M] ()
*MultiFile Done* -> -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\Windows\SysWow64\kerberos.dll -> [2009/06/15 09:21:07 | 00,499,712 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\Windows\SysWow64\msv1_0.dll -> [2009/06/15 09:22:19 | 00,213,504 | ---- | M] (Microsoft Corporation)
schannel -> C:\Windows\SysWow64\schannel.dll -> [2009/06/15 09:24:02 | 00,270,848 | ---- | M] (Microsoft Corporation)
wdigest -> C:\Windows\SysWow64\wdigest.dll -> [2009/06/15 09:24:38 | 00,175,104 | ---- | M] (Microsoft Corporation)
tspkg -> C:\Windows\SysWow64\tspkg.dll -> [2008/01/20 20:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{2AC8AABC-2040-4DD8-A9F6-8130D7E5950D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{9A0AA128-240F-4384-AC56-01172EDDEB48} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{2F2F9FF7-8B5F-410D-8066-FB0C56A14633} -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{AE9423A8-5FB4-4819-A4DC-5F4EC926EE55} -> profile=public | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{B8C1058C-EC5D-4C95-8B3A-3B65E92EB904} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{D6DBFF85-D058-4EF8-8D82-B1D2C51422A1} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{E6D55DF0-E9C1-4EAB-A3A6-D5679FB46F5C} -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{E9B0DE4A-D956-4C04-902B-524D7E0D31F6} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
{F240DF7E-03FF-4316-AC3A-76F9EFF23438} -> profile=public | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{F72DEEB2-5370-48CB-9BC3-A06BF92E32AF} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 20:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{c4df33d5-d610-11de-9c15-001f169dfe0b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4df33d5-d610-11de-9c15-001f169dfe0b}\shell\AutoRun\command
\{c4df33d5-d610-11de-9c15-001f169dfe0b}\shell\AutoRun\command\\"" -> E:\InstallTomTomHOME.exe [E:\InstallTomTomHOME.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 Comodo -> C:\ProgramData\Comodo -> [2009/11/25 15:59:12 | 00,000,000 | ---D | C]
 guard32.dll -> C:\Windows\SysWow64\guard32.dll -> [2009/11/25 15:59:08 | 00,171,552 | ---- | C] (COMODO)
 COMODO -> C:\Program Files\COMODO -> [2009/11/25 15:59:03 | 00,000,000 | ---D | C]
 Fashion_Bomb-Devils_To_Some_2CAngels_To_Others_by_Junkhead -> C:\Users\Hoochie addy\Desktop\Fashion_Bomb-Devils_To_Some_2CAngels_To_Others_by_Junkhead -> [2009/11/24 04:04:48 | 00,000,000 | ---D | C]
 Identity Finder -> C:\Users\Hoochie addy\AppData\Local\Identity Finder -> [2009/11/15 23:00:29 | 00,000,000 | ---D | C]
 Identity Finder 4 -> C:\Program Files (x86)\Identity Finder 4 -> [2009/11/15 22:57:03 | 00,000,000 | ---D | C]
 MS PowerPoint Extract Images From Presentations Software -> C:\Program Files (x86)\MS PowerPoint Extract Images From Presentations Software -> [2009/11/15 22:02:18 | 00,000,000 | ---D | C]
 CCleaner -> C:\Program Files (x86)\CCleaner -> [2009/11/12 00:04:31 | 00,000,000 | ---D | C]
 a-squared Anti-Malware -> C:\Program Files (x86)\a-squared Anti-Malware -> [2009/11/11 23:47:58 | 00,000,000 | ---D | C]
 Unity -> C:\Users\Hoochie addy\AppData\Local\Unity -> [2009/11/11 00:47:43 | 00,000,000 | ---D | C]
 HiJackThis -> C:\HiJackThis -> [2009/11/10 21:12:12 | 00,000,000 | ---D | C]
 koobface -> C:\Users\Hoochie addy\Desktop\koobface -> [2009/11/10 20:05:13 | 00,000,000 | ---D | C]
 MetaProducts -> C:\Users\Hoochie addy\AppData\Roaming\MetaProducts -> [2009/11/10 02:18:39 | 00,000,000 | ---D | C]
 Halloween -> C:\Users\Hoochie addy\Desktop\Halloween -> [2009/11/10 00:10:59 | 00,000,000 | ---D | C]
 durango and fridge -> C:\Users\Hoochie addy\Desktop\durango and fridge -> [2009/11/09 23:43:34 | 00,000,000 | ---D | C]
 Duplicate Cleaner -> C:\Program Files (x86)\Duplicate Cleaner -> [2009/11/01 23:55:54 | 00,000,000 | ---D | C]
 CDex_170b2 -> C:\Program Files (x86)\CDex_170b2 -> [2009/10/31 13:36:04 | 00,000,000 | ---D | C]
 1 C:\Users\Hoochie addy\AppData\Local\*.tmp files -> C:\Users\Hoochie addy\AppData\Local\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 ntuser.dat -> C:\Users\Hoochie addy\ntuser.dat -> [2009/11/28 17:21:34 | 03,145,728 | -HS- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009/11/28 17:11:00 | 00,000,898 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/28 16:53:13 | 00,003,216 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/28 16:53:13 | 00,003,216 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009/11/28 16:11:00 | 00,000,894 | ---- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/28 02:53:15 | 00,000,006 | -H-- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/28 02:53:00 | 00,067,584 | --S- | M] ()
 ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms -> [2009/11/28 02:51:20 | 00,524,288 | -HS- | M] ()
 ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TM.blf -> C:\Users\Hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TM.blf -> [2009/11/28 02:51:20 | 00,065,536 | -HS- | M] ()
 IconCache.db -> C:\Users\Hoochie addy\AppData\Local\IconCache.db -> [2009/11/28 02:51:17 | 02,239,787 | -H-- | M] ()
 NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2009/11/25 20:32:47 | 00,000,069 | ---- | M] ()
 guard64.dll -> C:\Windows\SysNative\guard64.dll -> [2009/11/25 15:59:02 | 00,239,616 | ---- | M] ()
 guard32.dll -> C:\Windows\SysWow64\guard32.dll -> [2009/11/25 15:59:02 | 00,171,552 | ---- | M] (COMODO)
 cmdguard.sys -> C:\Windows\SysNative\drivers\cmdguard.sys -> [2009/11/25 15:59:02 | 00,118,600 | ---- | M] ()
 inspect.sys -> C:\Windows\SysNative\drivers\inspect.sys -> [2009/11/25 15:59:02 | 00,084,104 | ---- | M] ()
 cmdhlp.sys -> C:\Windows\SysNative\drivers\cmdhlp.sys -> [2009/11/25 15:59:02 | 00,033,128 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Hoochie addy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/23 01:49:52 | 00,059,392 | ---- | M] ()
 bootvis.msi -> C:\Users\Hoochie addy\Desktop\bootvis.msi -> [2009/11/22 15:06:28 | 00,990,720 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/11/20 20:28:34 | 00,690,960 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/11/20 20:28:34 | 00,595,684 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/11/20 20:28:34 | 00,101,350 | ---- | M] ()
 Normandy - 1944 & Today.pps -> C:\Users\Hoochie addy\Desktop\Normandy - 1944 & Today.pps -> [2009/11/16 20:17:02 | 06,303,744 | ---- | M] ()
 29396_DjoDjo.pps -> C:\Users\Hoochie addy\Desktop\29396_DjoDjo.pps -> [2009/11/16 19:55:26 | 07,075,840 | ---- | M] ()
 Identity Finder.lnk -> C:\Users\Public\Desktop\Identity Finder.lnk -> [2009/11/15 22:58:29 | 00,001,889 | ---- | M] ()
 oh blog2.rtf -> C:\Users\Hoochie addy\Desktop\oh blog2.rtf -> [2009/11/15 02:00:30 | 00,002,160 | ---- | M] ()
 oh blog.rtf -> C:\Users\Hoochie addy\Desktop\oh blog.rtf -> [2009/11/15 01:02:05 | 00,001,376 | ---- | M] ()
 KGyGaAvL.sys -> C:\Windows\SysWow64\KGyGaAvL.sys -> [2009/11/14 01:26:52 | 00,001,004 | -HS- | M] ()
 ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms -> [2009/11/10 00:50:26 | 00,524,288 | -HS- | M] ()
 Windows6.1-KB974431-x64.msu -> C:\Users\Hoochie addy\Desktop\Windows6.1-KB974431-x64.msu -> [2009/11/09 17:29:56 | 21,775,990 | ---- | M] ()
 ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Hoochie addy\ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms -> [2009/11/06 14:45:51 | 00,524,288 | -HS- | M] ()
 ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TM.blf -> C:\Users\Hoochie addy\ntuser.dat{4e7094a9-b69b-11de-81b7-001f169dfe0b}.TM.blf -> [2009/11/06 14:45:51 | 00,065,536 | -HS- | M] ()
 1 C:\Users\Hoochie addy\AppData\Local\*.tmp files -> C:\Users\Hoochie addy\AppData\Local\*.tmp -> 
 
[Files - No Company Name]
 guard64.dll -> C:\Windows\SysNative\guard64.dll -> [2009/11/25 15:59:08 | 00,239,616 | ---- | C] ()
 cmdguard.sys -> C:\Windows\SysNative\drivers\cmdguard.sys -> [2009/11/25 15:59:08 | 00,118,600 | ---- | C] ()
 inspect.sys -> C:\Windows\SysNative\drivers\inspect.sys -> [2009/11/25 15:59:08 | 00,084,104 | ---- | C] ()
 cmdhlp.sys -> C:\Windows\SysNative\drivers\cmdhlp.sys -> [2009/11/25 15:59:08 | 00,033,128 | ---- | C] ()
 bootvis.msi -> C:\Users\Hoochie addy\Desktop\bootvis.msi -> [2009/11/22 15:06:27 | 00,990,720 | ---- | C] ()
 Normandy - 1944 & Today.pps -> C:\Users\Hoochie addy\Desktop\Normandy - 1944 & Today.pps -> [2009/11/16 20:17:01 | 06,303,744 | ---- | C] ()
 29396_DjoDjo.pps -> C:\Users\Hoochie addy\Desktop\29396_DjoDjo.pps -> [2009/11/16 19:55:15 | 07,075,840 | ---- | C] ()
 Identity Finder.lnk -> C:\Users\Public\Desktop\Identity Finder.lnk -> [2009/11/15 22:58:29 | 00,001,889 | ---- | C] ()
 oh blog2.rtf -> C:\Users\Hoochie addy\Desktop\oh blog2.rtf -> [2009/11/15 02:00:30 | 00,002,160 | ---- | C] ()
 to len.rtf -> C:\Users\Hoochie addy\Documents\to len.rtf -> [2009/11/15 01:26:46 | 00,006,964 | ---- | C] ()
 oh blog.rtf -> C:\Users\Hoochie addy\Desktop\oh blog.rtf -> [2009/11/15 01:02:05 | 00,001,376 | ---- | C] ()
 Windows6.1-KB974431-x64.msu -> C:\Users\Hoochie addy\Desktop\Windows6.1-KB974431-x64.msu -> [2009/11/09 17:29:32 | 21,775,990 | ---- | C] ()
 ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000002.regtrans-ms -> [2009/11/06 15:52:40 | 00,524,288 | -HS- | C] ()
 ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TMContainer00000000000000000001.regtrans-ms -> [2009/11/06 15:52:40 | 00,524,288 | -HS- | C] ()
 ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TM.blf -> C:\Users\Hoochie addy\ntuser.dat{3308c3c2-cb11-11de-ad34-001f169dfe0b}.TM.blf -> [2009/11/06 15:52:39 | 00,065,536 | -HS- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2009/10/25 23:06:43 | 00,000,376 | ---- | C] ()
 GraphicsDesk.INI -> C:\Windows\GraphicsDesk.INI -> [2009/09/17 19:19:13 | 00,000,340 | ---- | C] ()
 NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2009/08/23 16:23:37 | 00,000,069 | ---- | C] ()
 Irremote.ini -> C:\Windows\Irremote.ini -> [2009/08/23 15:55:10 | 00,000,026 | ---- | C] ()
 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2009/07/12 16:02:17 | 00,168,448 | ---- | C] ()
 avisplitter.ini -> C:\Windows\avisplitter.ini -> [2009/07/12 16:02:16 | 00,000,038 | ---- | C] ()
 qt-dx331.dll -> C:\Windows\SysWow64\qt-dx331.dll -> [2009/07/12 16:02:13 | 03,596,288 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2009/07/12 16:02:13 | 00,881,664 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2009/07/12 16:02:13 | 00,205,824 | ---- | C] ()
 ff_vfw.dll.manifest -> C:\Windows\SysWow64\ff_vfw.dll.manifest -> [2009/07/12 16:02:10 | 00,000,547 | ---- | C] ()
 ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2009/07/12 16:02:09 | 00,085,504 | ---- | C] ()
 KGyGaAvL.sys -> C:\Windows\SysWow64\KGyGaAvL.sys -> [2009/07/11 23:14:11 | 00,001,004 | -HS- | C] ()
 LaunApp.ini -> C:\Windows\LaunApp.ini -> [2009/05/12 16:28:54 | 00,000,033 | ---- | C] ()
 iconv.dll -> C:\Windows\iconv.dll -> [2009/03/04 15:49:37 | 00,872,448 | ---- | C] ()
 libxml2.dll -> C:\Windows\libxml2.dll -> [2009/03/04 15:49:37 | 00,743,424 | ---- | C] ()
 Prelaunch.ini -> C:\Windows\Prelaunch.ini -> [2009/03/04 15:48:52 | 00,000,061 | ---- | C] ()
 WisLangCode.ini -> C:\Windows\WisLangCode.ini -> [2009/03/04 15:48:52 | 00,000,028 | ---- | C] ()
 tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 20:50:05 | 00,060,124 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 20:49:49 | 00,368,640 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 09:07:25 | 00,030,808 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 09:07:25 | 00,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 09:07:25 | 00,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 09:07:25 | 00,026,040 | ---- | C] ()
 LFFPX7.DLL -> C:\Windows\SysWow64\LFFPX7.DLL -> [2000/04/12 13:24:10 | 00,338,944 | ---- | C] ()
 sysres.dll -> C:\Windows\SysWow64\sysres.dll -> [1998/08/16 06:00:00 | 00,004,096 | ---- | C] ()
 LFKODAK.DLL -> C:\Windows\SysWow64\LFKODAK.DLL -> [1997/09/30 12:30:02 | 00,122,880 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EBAA0CD9
< End of report >


Also, I have noticed that the koobface has not been popping up over the past couple days. It's occurrence started to slow down some when I made the 3rd post in this thread back on the 17th, and now it seems to have all but stopped showing up. I am not using this machine as much as I usually would due to the ongoing work being done to it, but I would of guessed it would of showed up once or twice.


Thanks...
Jim

s522Dck.jpg


#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:43 AM

Posted 29 November 2009 - 11:02 AM

Hi cyberski,


There's nothing wrong on your log, but to be sure please do the following:


Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
  • Click on I Agree.
  • If an Active X warning box will appear Click on Install.
    Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
    "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
    Click on that and select: Install Active x.
  • Now Click On Start Scan. Please wait as it might take some time.
  • If it found anything when it finished click Click here to export the scan report
  • Give the report a name and save it. The file will be a .HTML file.
  • Please attach the file to your reply.
  • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
  • Highlight the file and click Open then press the green UPLOAD button.

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 01 December 2009 - 08:58 PM

Semp....

I seem to be stuck here. I go to the bitdefender scan page, allow it to install, but nothing happens. I get to the prompt that asks me to agree with their terms and conditions, which I do, then the active-x prompt pops up and I allow it to run. The install prompt comes up and I allow the bitdefender program to install, but then nothing happens. I've let that prompt stay open about 45 minutes and still nothing happens. :(

s522Dck.jpg


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:43 AM

Posted 02 December 2009 - 08:38 AM

Hi cyberski,

Let's use ESET online scan instead.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 04 December 2009 - 04:55 AM

Semp....

Got eset to run and it found nothing.

It didn't have any log to save since there was nothing found, but I still snagged a screenshot of it and will attach it.

s522Dck.jpg


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:43 AM

Posted 04 December 2009 - 08:19 AM

Hi cyberski,

You're clean and good to go :( But let's do some housekeeping first.


1. CleanUp! with OTS
  • Double click OTS.exe to launch the program.
  • Click on the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTS.
  • The tool will delete itself once it finishes, if not delete it by yourself.


2. Your Log is Clean, please take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

How to prevent Malware: by miekiemoes

How to increase PC speed: by miekiemoes


Thanks to kahdah who is also working on this log behind the scene. :(

With regards,
~ Semp :)

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:09:43 PM

Posted 05 December 2009 - 12:26 AM

Thanks allot Semp...i do really appreciate it. :(

s522Dck.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users