Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Malware


  • This topic is locked This topic is locked
38 replies to this topic

#1 sharky911

sharky911

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 26 December 2009 - 04:52 PM

Network connectivity is slow and periodically pop ups appear. I tried to install malwarebytes' anti-malware and the executable would be gone. Superantispyware does not detect anything and neither does spybot search and destroy. Will not allow me to boot to any safemode - blue screen of death and quick reboot occurs when attempting to do so. I appreciate any help I can get to resolve this.

Attached Files



BC AdBot (Login to Remove)

 


#2 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 26 December 2009 - 07:13 PM

I cannot find where any of the scans indicates what kind of malware this is - I did notice in the hijackthis log a yorejego.dll file

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 26 December 2009 - 07:21 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 December 2009 - 03:23 AM

combofix was not able to install the recovery console. It was looking for a network connection and could not find one. Can I manually install it and then run combo-fix again? I am attaching the log with combo-fix run without the recovery console. - Thanks for all of your help.

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 December 2009 - 03:32 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
stxxdohr

Rootkit::
c:\windows\system32\drivers\pkhylgjf.sys

File::
c:\windows\system32\rowehulu.dll
c:\windows\system32\sabedole.dll
c:\windows\system32\zadinuhe.dll
c:\windows\system32\zeyitisi.dll
c:\windows\system32\ziwimola.dll
c:\windows\system32\kaleguli.dll

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de7480f8-a6dc-4424-a771-f8620ce36812}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"narikolaf"=-
"tomuyukeha"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{623b86e7-856c-4eca-a983-6f0389ca25a2}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gubiwemig"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.




Please download TDSSKiller.zip and unzip it to your Desktop

Run the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)

The log shall be named something like this one..

(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)

Edited by fenzodahl512, 27 December 2009 - 03:32 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 December 2009 - 04:36 AM

Here are the files you requested.

Attached Files


Edited by sharky911, 27 December 2009 - 04:38 AM.


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 27 December 2009 - 06:28 AM

Hi.. I think you've done the CFScript part wrongly.. What I need you to do is..

1. Open a Notepad (go to Start >> Run >> copy/paste notepad >> Enter)

2. Copy/paste the content of the codebox into the Notepad

3. Save the Notepad as CFScript on your Desktop right next to ComboFix icon

4. Drag the CFScript that you saved before on top of the ComboFix icon as decipher in the picture at my previous post

5. Let it run and go have some coffee

6. When it finishes, please post the log here :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 December 2009 - 01:54 PM

I ran the CFScript.txt again and here are the files

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 28 December 2009 - 06:26 AM

Please run TDSSKiller once again, find the log and post it here.. Then do below..


Please download OTL by OldTimer and save it to your desktop.

Under the Custom Scans/Fixes box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%SYSTEMDRIVE%\eventlog.dll /md5 /s
%SYSTEMDRIVE%\scecli.dll /md5 /s
%SYSTEMDRIVE%\netlogon.dll /md5 /s
%SYSTEMDRIVE%\cngaudit.dll /md5 /s
%SYSTEMDRIVE%\sceclt.dll /md5 /s
%SYSTEMDRIVE%\ntelogon.dll /md5 /s
%SYSTEMDRIVE%\logevent.dll /md5 /s
%SYSTEMDRIVE%\iaStor.sys /md5 /s
%SYSTEMDRIVE%\nvstor.sys /md5 /s
%SYSTEMDRIVE%\atapi.sys /md5 /s
%SYSTEMDRIVE%\IdeChnDr.sys /md5 /s
%SYSTEMDRIVE%\viasraid.sys /md5 /s
%SYSTEMDRIVE%\AGP440.sys /md5 /s
%SYSTEMDRIVE%\vaxscsi.sys /md5 /s
%SYSTEMDRIVE%\nvatabus.sys /md5 /s
%SYSTEMDRIVE%\viamraid.sys /md5 /s
%SYSTEMDRIVE%\nvata.sys /md5 /s
%SYSTEMDRIVE%\nvgts.sys /md5 /s
%SYSTEMDRIVE%\iastorv.sys /md5 /s
%SYSTEMDRIVE%\ViPrt.sys /md5 /s
%SYSTEMDRIVE%\eNetHook.dll /md5 /s
%SYSTEMDRIVE%\ahcix86.sys /md5 /s
%SYSTEMDRIVE%\KR10N.sys /md5 /s
%SYSTEMDRIVE%\nvstor32.sys /md5 /s
%SYSTEMDRIVE%\CLASSPNP.SYS /md5 /s
%SYSTEMDRIVE%\ACPI.sys /md5 /s
%SYSTEMDRIVE%\ntoskrnl.exe /md5 /s
%SYSTEMDRIVE%\disk.sys /md5 /s
CREATERESTOREPOINT

Don't change any setting... Just click on the Run Scan button.. Let it scan till finish..

Then a log will pop-up at your Desktop. Post the content of the log here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 28 December 2009 - 12:43 PM

Here is the log

Attached Files



#11 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 28 December 2009 - 02:11 PM

-

Edited by sharky911, 28 December 2009 - 08:26 PM.


#12 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 28 December 2009 - 02:12 PM

wrong ---- OTL.txt file

Attached Files

  • Attached File  OTL.Txt   109.86KB   62 downloads

Edited by sharky911, 29 December 2009 - 01:21 AM.


#13 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 28 December 2009 - 08:25 PM

tds log

Attached Files



#14 sharky911

sharky911
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 29 December 2009 - 01:01 AM

Correct OTL log

Attached Files

  • Attached File  OTL2.Txt   160.81KB   43 downloads


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 29 December 2009 - 07:35 AM

Don't attach logs unless specifically requested.. Just post here as it is.. I'll post your OTL log for you


OTL logfile created on: 12/29/2009 12:17:46 AM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Karl\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 97.80 Gb Free Space | 35.00% Space Free | Partition Type: NTFS
Drive D: | 696.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PSYCHODELIC1
Current User Name: Karl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/28 12:40:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl\Desktop\OTL.exe
PRC - [2009/12/14 14:19:57 | 11,196,560 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\Wow.exe
PRC - [2009/12/12 14:34:06 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 14:33:49 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 14:33:48 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/09 00:31:37 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/09 00:31:36 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/09 00:31:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/20 10:03:04 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/14 21:08:26 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/06/29 14:55:22 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/05/12 15:58:10 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Karl\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/04/22 16:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 16:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/11/10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008/04/14 04:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2005/12/04 15:38:58 | 00,437,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/12/14 01:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/06/06 23:42:30 | 00,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe
PRC - [2004/04/23 10:00:36 | 00,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2003/12/18 08:50:00 | 00,038,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/03/19 16:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2009/12/28 12:40:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl\Desktop\OTL.exe
MOD - [2008/04/14 04:42:02 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2003/12/18 08:50:00 | 00,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/12/18 08:50:00 | 00,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/09 00:31:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/01 19:41:40 | 00,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/20 10:03:04 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/14 21:08:26 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/07/14 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/08/02 16:18:49 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/01 02:40:52 | 00,077,824 | R--- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/03/01 02:40:52 | 00,073,728 | R--- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/26 15:15:12 | 00,047,408 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2009/12/09 00:31:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/09 00:31:50 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/09 00:31:48 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/14 23:20:10 | 04,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/26 09:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 09:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/26 09:05:52 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/15 23:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/12/26 12:03:54 | 00,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/11/17 01:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:10:32 | 00,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 21:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/27 16:04:45 | 00,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\litsgt.sys -- (litsgt)
DRV - [2008/01/27 16:04:18 | 00,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tansgt.sys -- (tansgt)
DRV - [2007/12/06 09:51:00 | 00,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/19 02:12:16 | 00,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/05/07 22:30:44 | 00,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/03/27 22:03:12 | 00,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2005/10/28 16:11:00 | 00,027,648 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteatapi.sys -- (iteatapi)
DRV - [2005/08/04 04:51:58 | 00,026,112 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
DRV - [2005/08/02 16:10:13 | 00,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/24 18:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/05/22 23:03:45 | 00,039,264 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2005/05/22 23:03:43 | 00,068,960 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pcatip.sys -- (Pcatip)
DRV - [2005/05/12 13:39:56 | 01,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004/10/25 19:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2004/08/12 21:56:20 | 00,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/16 15:47:14 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/07/16 03:24:34 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/05/05 12:40:38 | 00,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/30 08:37:02 | 00,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/04/30 08:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/04/06 13:08:06 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 13:07:58 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 13:07:54 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/17 14:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2003/12/11 08:50:00 | 00,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 08:50:00 | 00,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/11 08:50:00 | 00,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/06/02 22:28:02 | 00,040,060 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulink.sys -- (Usblink)
DRV - [2003/04/04 12:48:06 | 00,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2002/12/16 18:11:02 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/16 18:11:02 | 00,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [1997/04/22 09:16:00 | 00,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {328C1134-605D-A619-3E65-C85791291948} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {94A0E512-EFBE-18DE-9964-820E962F7FAD} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cisco.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.cisco.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 20:46:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 03:11:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 03:11:22 | 00,000,000 | ---D | M]

[2008/08/27 15:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Mozilla\Extensions
[2009/12/27 14:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\v3sp7j3u.default\extensions
[2009/01/15 00:31:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\v3sp7j3u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/09 00:34:52 | 00,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Karl\Application Data\Mozilla\Firefox\Profiles\v3sp7j3u.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/12/27 14:46:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [narikolaf] C:\WINDOWS\System32\loganini.DLL File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe (Mobipocket.com)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Karl\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstall...own&unknown (MetaStreamCtl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.pestpatrol.com/pestscan/pestscan.cab (PSFormX Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\windows\system32\loganini.dll) - C:\WINDOWS\System32\loganini.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/11 13:11:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/04/11 13:11:15 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{4f6c3c53-d9df-414c-8893-46c254f10e10} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP50 - vp5vfw.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173478272663552)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 12:40:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karl\Desktop\OTL.exe
[2009/12/27 14:36:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karl\Desktop\Malware logs
[2009/12/27 04:03:45 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/26 21:49:06 | 00,000,000 | ---D | C] -- C:\Program Files\ACW
[2009/12/26 21:08:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/12/26 20:51:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/26 20:51:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/26 20:51:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/26 20:51:26 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/26 20:50:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/26 20:40:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/26 16:15:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/26 15:56:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 15:56:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 15:56:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/26 15:28:48 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Karl\Desktop\mbam-setup.exe
[2009/12/26 15:15:12 | 00,047,408 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2009/12/26 15:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/12/25 04:32:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/09 00:32:19 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/12/09 00:31:50 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/09 00:31:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/09 00:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/09 00:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/09 00:27:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/09 00:27:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/22 11:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/03/22 11:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/22 11:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/11/01 13:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2007/03/06 01:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2005/05/22 23:11:11 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2005/05/22 23:11:11 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/05/04 23:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/04/29 23:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2004/11/24 13:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/29 00:12:01 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2009/12/28 18:34:48 | 47,177,190 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/28 17:08:35 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/12/28 17:08:20 | 00,000,275 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2009/12/28 12:41:54 | 07,602,176 | ---- | M] () -- C:\Documents and Settings\Karl\NTUSER.DAT
[2009/12/28 12:40:25 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl\Desktop\OTL.exe
[2009/12/28 08:40:39 | 00,128,154 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/27 22:10:22 | 00,350,199 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/27 22:08:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 22:06:36 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/12/27 22:06:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/27 22:06:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/27 22:03:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Karl\ntuser.ini
[2009/12/27 12:17:41 | 00,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/27 12:16:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/27 11:51:56 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wahinelo
[2009/12/27 04:41:33 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Karl\Desktop\mbam-setup.exe
[2009/12/27 04:39:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 04:03:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/27 04:01:01 | 03,867,085 | R--- | M] () -- C:\Documents and Settings\Karl\Desktop\ComboFix.exe
[2009/12/26 16:15:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Karl\Desktop\HijackThis.lnk
[2009/12/26 15:15:12 | 00,047,408 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2009/12/26 15:14:57 | 00,000,094 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/12/25 04:32:53 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/22 13:44:45 | 00,019,802 | ---- | M] () -- C:\Documents and Settings\Karl\Desktop\oh deer.jpg
[2009/12/18 14:30:57 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Karl\Desktop\Spybot - Search & Destroy.lnk
[2009/12/10 14:10:03 | 00,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 14:10:03 | 00,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 14:09:59 | 00,555,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 13:33:09 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 00:31:51 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/09 00:31:51 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/09 00:31:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/09 00:31:50 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/09 00:31:48 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/09 00:31:48 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/07 02:28:15 | 00,076,801 | ---- | M] () -- C:\Documents and Settings\Karl\Desktop\missmonster-krampus.jpg
[2009/12/07 02:26:16 | 00,457,309 | ---- | M] () -- C:\Documents and Settings\Karl\Desktop\Krampus.png
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 08:59:08 | 00,139,776 | ---- | M] () -- C:\Documents and Settings\Karl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/30 13:39:45 | 00,050,669 | ---- | M] () -- C:\Documents and Settings\Karl\Desktop\map_of_ireland.jpg
[2009/11/30 00:37:13 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/27 04:03:56 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/27 04:03:53 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/26 20:51:26 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/26 20:51:26 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/26 20:51:26 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/26 20:51:26 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/26 20:51:26 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/26 20:39:20 | 03,867,085 | R--- | C] () -- C:\Documents and Settings\Karl\Desktop\ComboFix.exe
[2009/12/26 16:15:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Karl\Desktop\HijackThis.lnk
[2009/12/26 15:56:24 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 13:44:45 | 00,019,802 | ---- | C] () -- C:\Documents and Settings\Karl\Desktop\oh deer.jpg
[2009/12/09 00:31:51 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/07 02:28:24 | 00,076,801 | ---- | C] () -- C:\Documents and Settings\Karl\Desktop\missmonster-krampus.jpg
[2009/12/07 02:26:33 | 00,457,309 | ---- | C] () -- C:\Documents and Settings\Karl\Desktop\Krampus.png
[2009/11/30 15:45:59 | 00,050,669 | ---- | C] () -- C:\Documents and Settings\Karl\Desktop\map_of_ireland.jpg
[2009/10/20 09:57:13 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Karl\Application Data\PnkBstrK.sys
[2009/10/10 02:55:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2008/12/31 11:57:01 | 00,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/12/31 11:40:36 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/19 16:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 16:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 16:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/12 00:03:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/05 15:44:58 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/01/27 16:04:45 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008/01/27 16:04:18 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2007/11/26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/30 12:28:17 | 00,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 00:33:51 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/05 00:33:51 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/09/05 00:33:41 | 00,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/09/05 00:33:41 | 00,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/02/27 23:46:16 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/22 13:04:48 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/01 07:14:09 | 00,005,423 | ---- | C] () -- C:\Documents and Settings\Karl\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/06/01 07:14:09 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/18 20:29:21 | 00,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2006/05/08 09:04:06 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/27 22:03:11 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2006/03/27 22:03:11 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2006/03/27 20:27:02 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/01/28 15:55:59 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/01/28 15:55:58 | 00,003,567 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/01/28 15:55:42 | 00,000,652 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/01/28 15:42:50 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/01/15 20:30:31 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Udetect.dll
[2006/01/15 20:30:05 | 00,040,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2005/12/16 13:35:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/31 14:09:59 | 00,000,275 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/08/02 16:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/18 01:41:32 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/07/15 19:39:36 | 00,000,094 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/05/05 01:16:12 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/29 23:22:00 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/04/26 22:58:32 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/04/13 13:54:34 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/04/13 00:37:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/12 18:27:34 | 00,139,776 | ---- | C] () -- C:\Documents and Settings\Karl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/12 04:21:39 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/04/12 03:44:49 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Karl\Local Settings\Application Data\fusioncache.dat
[2005/04/11 14:39:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/04/11 14:37:16 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/04/11 14:37:13 | 00,006,360 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/04/11 14:37:10 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/10/26 17:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/12 00:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 07:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/03/18 06:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 17:30:00 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 16:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/04/12 03:45:57 | 00,030,505 | ---- | M] () -- C:\AFUDOS.exe
[2005/04/04 18:10:00 | 03,231,198 | ---- | M] () -- C:\EAC41508l.exe
[2005/04/13 15:10:24 | 00,724,960 | ---- | M] (RealVNC Ltd. ) -- C:\vnc-4_1_1-x86_win32.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2009/06/29 16:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\12989684
[2009/10/10 10:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
[2005/05/25 00:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/26 15:40:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/09/22 09:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/27 12:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/12/09 00:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/10/14 20:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 20:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/03/25 13:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boson
[2009/01/15 00:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/11 00:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2009/04/29 20:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/01/28 16:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/12/26 12:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/12/31 12:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/10/30 11:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/12/22 17:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2005/12/23 15:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/12/11 00:11:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/12/12 23:49:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2006/05/18 21:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/10/26 14:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/04/24 22:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/26 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2005/04/15 11:43:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007/12/11 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/05/18 20:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/02/13 16:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/15 18:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/07/26 15:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/12 17:23:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/01/18 23:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/07/26 22:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/09/13 17:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/12/09 00:31:39 | 01,074,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgcmgr.exe
[2009/12/09 00:31:27 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
[2009/12/09 00:31:25 | 00,744,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgscanx.exe
[2009/12/09 00:31:25 | 00,361,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgsrmax.exe
[2009/12/12 14:34:13 | 04,043,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgui.exe
[2009/12/09 16:34:46 | 00,844,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.exe
[2009/12/12 14:33:56 | 03,776,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\setup.exe
[2008/09/16 17:20:14 | 00,121,064 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Fallout3\setup.exe

< %APPDATA%\*. >
[2008/05/31 13:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Adobe
[2005/04/18 12:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\AdobeUM
[2006/01/03 21:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Apple Computer
[2006/01/19 22:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Arcsoft
[2006/08/20 16:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\ATI
[2005/04/19 22:22:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\atitray
[2006/10/01 03:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Azureus
[2008/12/01 15:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\DivX
[2006/05/07 14:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Ethereal
[2005/10/25 23:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Gearbox Software
[2008/12/31 13:42:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\GlarySoft
[2005/12/15 19:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Google
[2005/09/18 19:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Help
[2008/12/26 12:04:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\HotSync
[2009/12/02 00:34:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\HpUpdate
[2005/04/11 13:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Identities
[2008/12/31 12:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Lavasoft
[2005/05/21 22:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Leadertech
[2005/07/16 14:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Macromedia
[2008/12/22 17:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Malwarebytes
[2007/05/21 20:33:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Karl\Application Data\Microsoft
[2008/10/22 22:18:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Move Networks
[2008/08/27 15:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Mozilla
[2007/02/27 12:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\MySpace
[2008/10/26 14:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\PlayFirst
[2009/05/12 15:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\SanDisk
[2006/12/19 23:26:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Smith Micro
[2006/04/05 14:11:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Sony Corporation
[2005/04/15 22:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\spweng
[2006/09/24 17:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Sun
[2009/06/15 18:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\SUPERAntiSpyware.com
[2008/01/01 21:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\teamspeak2
[2009/07/23 15:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\U3
[2009/01/17 12:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Ventrilo
[2007/01/18 23:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Viewpoint
[2008/09/10 07:58:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Windows Desktop Search
[2008/09/28 17:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Windows Search
[2006/09/07 15:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2006/07/31 17:01:50 | 01,112,354 | ---- | M] () -- C:\Documents and Settings\Karl\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2008/12/09 08:17:09 | 00,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Karl\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2009/03/25 11:39:05 | 00,026,694 | R--- | M] () -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\ARPPRODUCTICON.exe
[2009/03/25 11:39:05 | 00,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\NewShortcut1_12F69331DCBB46D5B4756BFD0F9048B3.exe
[2009/03/25 11:39:05 | 00,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{12F69331-DCBB-46D5-B475-6BFD0F9048B3}\NewShortcut2_12F69331DCBB46D5B4756BFD0F9048B3.exe
[2006/10/03 14:09:04 | 00,000,766 | R--- | M] () -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\ARPPRODUCTICON.exe
[2006/10/03 14:09:04 | 00,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut12_6778954C13C24333AF77F5C885EB280F.exe
[2006/10/03 14:09:04 | 00,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut13_6778954C13C24333AF77F5C885EB280F.exe
[2006/10/03 14:09:04 | 00,002,238 | R--- | M] () -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut15_6778954C13C24333AF77F5C885EB280F_1.exe
[2006/10/03 14:09:04 | 00,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut1_6778954C13C24333AF77F5C885EB280F.exe
[2006/10/03 14:09:04 | 00,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut8_6778954C13C24333AF77F5C885EB280F.exe
[2006/10/03 14:09:04 | 00,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{6778954C-13C2-4333-AF77-F5C885EB280F}\NewShortcut9_6778954C13C24333AF77F5C885EB280F.exe
[2008/12/26 12:07:09 | 00,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{FF8157AA-F640-45BD-B7C2-BAA1016B267A}\ARPPRODUCTICON.exe
[2008/12/26 12:07:09 | 00,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Karl\Application Data\Microsoft\Installer\{FF8157AA-F640-45BD-B7C2-BAA1016B267A}\PalmDesktopShortcut.exe
[2008/06/15 00:02:44 | 00,099,704 | ---- | M] () -- C:\Documents and Settings\Karl\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2008/10/22 22:18:08 | 00,034,064 | ---- | M] () -- C:\Documents and Settings\Karl\Application Data\Move Networks\ie_bin\Uninst.exe
[2007/11/15 17:06:55 | 03,544,240 | ---- | M] (MySpace Inc.) -- C:\Documents and Settings\Karl\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.716.0-static.exe
[2009/05/12 15:58:10 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Karl\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
[2009/05/12 15:58:10 | 00,541,696 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Karl\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
[2009/05/12 15:58:11 | 00,349,184 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Karl\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
[2006/05/23 17:05:50 | 00,110,592 | ---- | M] () -- C:\Documents and Settings\Karl\Application Data\U3\temp\cleanup.exe

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\eventlog.dll /md5 /s >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /md5 /s >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /md5 /s >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /md5 /s >

< %SYSTEMDRIVE%\sceclt.dll /md5 /s >

< %SYSTEMDRIVE%\ntelogon.dll /md5 /s >

< %SYSTEMDRIVE%\logevent.dll /md5 /s >

< %SYSTEMDRIVE%\iaStor.sys /md5 /s >

< %SYSTEMDRIVE%\nvstor.sys /md5 /s >

< %SYSTEMDRIVE%\atapi.sys /md5 /s >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /md5 /s >

< %SYSTEMDRIVE%\viasraid.sys /md5 /s >

< %SYSTEMDRIVE%\AGP440.sys /md5 /s >
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /md5 /s >

< %SYSTEMDRIVE%\nvatabus.sys /md5 /s >

< %SYSTEMDRIVE%\viamraid.sys /md5 /s >

< %SYSTEMDRIVE%\nvata.sys /md5 /s >

< %SYSTEMDRIVE%\nvgts.sys /md5 /s >

< %SYSTEMDRIVE%\iastorv.sys /md5 /s >

< %SYSTEMDRIVE%\ViPrt.sys /md5 /s >

< %SYSTEMDRIVE%\eNetHook.dll /md5 /s >

< %SYSTEMDRIVE%\ahcix86.sys /md5 /s >
[2007/12/19 14:43:54 | 00,171,024 | ---- | M] (AMD Technologies Inc.) MD5=1A54B47E4439C67C8B040BFCA3F292B9 -- C:\ATI\SUPPORT\8-4_xp32_dd_ccc_wdm_enu_60999\SBDrv\RAID7xx\x86\ahcix86.sys
[2008/03/07 20:24:52 | 00,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-5_xp32_dd_ccc_wdm_enu_63030\SBDrv\RAID7xx\x86\ahcix86.sys

< %SYSTEMDRIVE%\KR10N.sys /md5 /s >

< %SYSTEMDRIVE%\nvstor32.sys /md5 /s >

< %SYSTEMDRIVE%\CLASSPNP.SYS /md5 /s >
[2004/08/04 07:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
[2008/04/13 23:46:24 | 00,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
[2008/04/13 23:46:24 | 00,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys

< %SYSTEMDRIVE%\ACPI.sys /md5 /s >
[2004/08/04 07:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) MD5=A10C7534F7223F4A73A948967D00E69B -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
[2008/04/13 23:06:36 | 00,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008/04/13 23:06:36 | 00,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys

< %SYSTEMDRIVE%\ntoskrnl.exe /md5 /s >
[2005/03/01 20:04:22 | 02,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2006/12/19 11:51:12 | 02,182,016 | ---- | M] (Microsoft Corporation) MD5=CEF243F6DEFD20BE4ADDE26C7ECACB54 -- C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[2007/02/28 04:55:14 | 02,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[2009/02/07 18:35:26 | 02,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2008/08/14 15:11:10 | 02,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2007/02/28 04:08:48 | 02,136,064 | ---- | M] (Microsoft Corporation) MD5=1220FAF071DEA8653EE21DE7DCDA8BFD -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2004/08/04 07:00:00 | 02,148,352 | ---- | M] (Microsoft Corporation) MD5=626309040459C3915997EF98EC1C8D40 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
[2005/03/01 19:57:44 | 02,135,552 | ---- | M] (Microsoft Corporation) MD5=48B3E89AF7074CEE0314A3E0C7FAFFDB -- C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
[2006/12/19 09:15:09 | 02,136,064 | ---- | M] (Microsoft Corporation) MD5=8318ED54797F3E513FD5817A1D4BBD18 -- C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
[2008/08/14 05:09:26 | 02,145,280 | ---- | M] (Microsoft Corporation) MD5=F6F8245B3A2E9CA834DD318E7AE0C6D0 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2008/04/13 23:54:38 | 02,145,280 | ---- | M] (Microsoft Corporation) MD5=40F8880122A030A7E9E1FEDEA833B33D -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[2009/02/06 06:08:19 | 02,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2009/02/06 06:06:41 | 02,145,280 | ---- | M] (Microsoft Corporation) MD5=0CBA44D0938D57F334C0862424148B70 -- C:\WINDOWS\ERDNT\cache\ntoskrnl.exe
[2008/04/13 23:57:54 | 02,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2009/08/04 09:00:46 | 02,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe
[2009/08/04 07:51:17 | 02,185,984 | ---- | M] (Microsoft Corporation) MD5=8DF112C341425F29DB4566B8D2A96A7F -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe
[2009/08/04 19:44:46 | 02,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe
[2009/08/04 08:56:10 | 02,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe
[2009/02/06 06:06:41 | 02,145,280 | ---- | M] (Microsoft Corporation) MD5=0CBA44D0938D57F334C0862424148B70 -- C:\WINDOWS\system32\ntoskrnl.exe
[2009/02/06 06:08:19 | 02,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

< %SYSTEMDRIVE%\disk.sys /md5 /s >
[2004/08/04 07:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 23:10:48 | 00,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 23:10:48 | 00,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F31C4F
< End of report >

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users