Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 Infection - Is Farbar Available?


  • This topic is locked This topic is locked
18 replies to this topic

#1 steedross

steedross

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 28 December 2009 - 08:36 AM

I started getting pop-ups for the IS 2010. I tried to use the removal guide, but probably did something wrong, as now my computer is very unstable.

Rkill didn't seem to be able to stop it, then I got a script error message for my desktop. Now I don't have my desktop, I use my task manager to open programs.

I'm hesitant about going through the steps for creating a log by your "Prep" guide, as it seems to hijack everything I try. My AV runs as scheduled, but isn't able to get rid of the problem, and when I was able to install a new version of MW, it would get a script error and stop.

Thanks as always for all your help. If Farbar is on, I would be willing to wait until he's available - he's helped me before.

Best regards -

Steedross

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 28 December 2009 - 12:06 PM

Hi Steedross,

Let's start with OTL logs. You may download it to a flash drive and run it from there. I may need a rootkit scanner later on as soon as the computer is more stable.
  • I understand the desktop is not loading (properly), tell me also if you are able to copy and paste in case we wanted to use OTL to fix something.

  • Also tell me if the desktop loads if you go to Safe Mode:

    Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.
    • Log to your usual account.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • In Services section check All.
    • In Drivers section check All.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Note: If the logs did not open they are made on the same location as the tool is run.


#3 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 28 December 2009 - 05:18 PM

:( Farbar!!

Holiday Greetings from Texas!

Here's what you requested - FYI, shamefully I do not have a flash drive, but I can run get one if you think I'll need it for this fix.

1. I can copy and paste
2. I cannot get into Safe Mode - I get a blue screen error message.
3. Here is the OTL Log - Problem: I've run OTL twice and it's not producing an Extra.txt file

OTL logfile created on: 12/28/2009 1:41:12 PM - Run 4
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Dad and Mom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 17.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 13.99 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
Drive D: | 588.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADNMOM
Current User Name: Dad and Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/28 13:36:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
PRC - [2009/10/28 00:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/11 18:58:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 18:58:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/02 17:02:45 | 00,296,208 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/10 12:58:54 | 00,472,568 | ---- | M] (Turbine, Inc.) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
PRC - [2009/04/27 22:30:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/14 20:41:12 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/18 13:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 12:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/12/12 17:10:19 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/10/24 08:14:38 | 00,079,136 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 16:13:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0500Mon.exe
PRC - [2007/10/01 16:56:26 | 00,061,440 | ---- | M] (2Wire) -- C:\Program Files\2Wire Wireless Manager\2Wire.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/19 05:57:34 | 00,356,352 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VBTUCopy\VBTUCopy.exe
PRC - [2006/10/26 18:48:16 | 00,813,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
PRC - [2006/10/26 18:48:14 | 00,434,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
PRC - [2006/01/25 15:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2005/12/13 17:56:25 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/09/08 19:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/09/08 19:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/01/27 01:02:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/12/14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2001/04/08 17:40:24 | 00,454,656 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2000/09/28 09:57:08 | 00,040,960 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\SHPC32.EXE
PRC - [2000/08/02 14:44:10 | 00,290,816 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LexBceS.exe
PRC - [2000/05/12 08:17:24 | 00,168,960 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/28 13:36:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
MOD - [2009/09/28 11:04:55 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\pepekusu.dll
MOD - [2009/09/25 11:06:03 | 00,054,272 | -HS- | M] () -- C:\WINDOWS\system32\miniyodi.dll
MOD - [2000/11/29 15:49:44 | 00,049,152 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll


========== Win32 Services (All) ==========

SRV - [2009/10/11 18:58:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/02 17:02:45 | 00,296,208 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/06/10 00:14:49 | 00,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/10 12:58:54 | 00,267,760 | ---- | M] (Turbine, Inc.) [Auto | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/05/10 12:58:54 | 00,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/04/27 22:30:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/04/27 20:20:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/04/25 18:17:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/09 06:10:48 | 00,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 06:10:48 | 00,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 05:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 05:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/12/12 17:10:19 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 14:26:58 | 00,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 11:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/13 18:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 18:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 18:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt)
SRV - [2008/04/13 18:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 18:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 18:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 18:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 18:12:28 | 00,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 18:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 18:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 18:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 18:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 18:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 18:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 18:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 18:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 18:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/13 18:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 18:12:11 | 00,483,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 18:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 18:12:11 | 00,006,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 18:12:10 | 00,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 18:12:09 | 00,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 18:12:08 | 00,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 18:12:08 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 18:12:08 | 00,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (w32time)
SRV - [2008/04/13 18:12:08 | 00,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 18:12:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 18:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 18:12:07 | 00,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 18:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 18:12:07 | 00,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 18:12:07 | 00,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 18:12:07 | 00,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 18:12:05 | 00,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 18:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 18:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 18:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 18:12:05 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/13 18:12:05 | 00,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 18:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 18:12:03 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 18:12:03 | 00,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 18:12:03 | 00,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 18:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 18:12:01 | 00,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/13 18:11:59 | 00,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 18:11:57 | 00,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 18:11:56 | 00,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 18:11:56 | 00,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 18:11:55 | 00,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 18:11:53 | 00,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 18:11:52 | 00,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 18:11:52 | 00,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/13 18:11:52 | 00,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 18:11:52 | 00,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 18:11:51 | 00,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 18:11:51 | 00,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 18:11:50 | 00,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 18:11:50 | 00,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 18:11:49 | 00,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/01/28 13:44:28 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\MsPMSNSv.dll -- (WmdmPmSN)
SRV - [2004/08/04 05:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2001/04/08 17:40:24 | 00,454,656 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2000/08/02 14:44:10 | 00,290,816 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LexBceS.exe -- (LexBceS)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2009/12/07 14:28:59 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/20 10:20:16 | 00,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 05:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 00:13:23 | 03,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/30 17:23:30 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/30 17:23:30 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/31 17:51:03 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/12/11 04:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2008/10/24 05:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2008/08/14 04:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 05:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/06/16 02:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 18:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 18:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 18:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 18:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 13:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 13:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 13:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 13:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 13:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 13:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 13:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 13:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 13:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 13:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 13:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 13:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 13:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 13:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 13:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 12:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 12:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 12:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 12:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 12:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 12:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 12:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 12:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 12:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 12:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 12:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 12:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 12:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 12:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 12:46:26 | 00,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 12:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 12:46:24 | 00,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 12:46:24 | 00,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2008/04/13 12:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008/04/13 12:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008/04/13 12:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/04/13 12:45:40 | 00,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 12:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 12:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 12:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 12:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 12:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 12:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 12:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 12:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 12:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 12:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 12:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 12:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 12:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/13 12:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 12:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 12:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 12:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 12:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 12:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 12:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 12:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 12:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 12:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 12:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 12:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 12:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 12:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 12:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 12:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 12:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 12:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 12:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 12:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 12:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 12:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 12:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 12:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 12:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 12:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 12:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 12:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 12:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 12:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 12:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 12:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 12:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 12:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 12:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 12:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 12:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 12:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 10:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/03/19 16:13:00 | 00,251,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0500Vid.sys -- (V0500Dev)
DRV - [2007/10/01 16:20:40 | 00,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/05/14 23:03:24 | 00,445,696 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/24 13:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/12/13 17:56:28 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/05 11:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2005/04/05 19:46:28 | 00,830,684 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/03/22 17:08:40 | 00,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 05:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 05:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 05:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 05:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 05:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 05:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 05:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/10 20:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 21:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/04/09 18:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 14:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn)
DRV - [2001/08/17 14:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2)
DRV - [2001/08/17 14:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 14:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 13:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2001/08/17 13:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 13:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2001/08/17 13:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 13:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 13:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 13:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 13:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 13:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
DRV - [2001/08/17 13:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 12:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 11:48:48 | 00,070,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atiragem.sys -- (atirage)
DRV - [2001/08/17 11:48:40 | 00,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)
DRV - [2001/04/09 08:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)
DRV - [2000/08/28 12:19:50 | 00,040,960 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\S-1-5-21-2053655248-3956180858-2247237638-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [2Wire Wireless Manager] C:\Program Files\2Wire Wireless Manager\2Wire.exe (2Wire)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LexStart] C:\WINDOWS\System32\LexStart.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe File not found
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\Printray.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SHPC32] C:\WINDOWS\System32\SHPC32.EXE (Lexmark International)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.)
O4 - HKLM..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VBTUCopy] C:\Program Files\VBTUCopy\VBTUCopy.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\System32\winupdate86.exe File not found
O4 - HKLM..\Run: [xkstartup] C:\WINDOWS\insxk50c.dll ()
O4 - HKLM..\Run: [yasajikup] C:\WINDOWS\System32\pepekusu.DLL ()
O4 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.co...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242485911218 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (tutogupo.dll) - File not found
O20 - AppInit_DLLs: (nodefaja.dll) - File not found
O20 - AppInit_DLLs: (miniyodi.dll) - C:\WINDOWS\System32\miniyodi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\pepekusu.dll) - C:\WINDOWS\system32\pepekusu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\System32\winlogon86.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - File not found
O21 - SSODL: vodanulin - {382fb4fa-04b0-42a1-b9b4-8a99a651e256} - C:\WINDOWS\system32\pepekusu.dll ()
O22 - SharedTaskScheduler: {382fb4fa-04b0-42a1-b9b4-8a99a651e256} - jugezatag - C:\WINDOWS\system32\pepekusu.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/26 20:45:53 | 00,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 13:36:44 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
[2009/12/26 23:05:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\AntiVirus Plus
[2009/12/26 23:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Application Data\AntiVirus Plus
[2009/12/26 20:13:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 20:13:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 20:12:23 | 04,844,280 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dad and Mom\Desktop\mbam-setup.exe
[2009/12/25 21:44:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Desktop\Unused Desktop Shortcuts
[2009/12/25 15:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/25 15:46:44 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/12/23 21:13:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\Lucasarts
[2009/12/03 22:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/29 07:38:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/26 06:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/10/08 23:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/03/03 20:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/28 10:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 12:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/12/28 13:46:00 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\degenitu
[2009/12/28 13:36:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
[2009/12/28 13:35:07 | 00,000,299 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2009/12/28 13:34:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 13:34:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 13:34:46 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 13:31:36 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Dad and Mom\NTUSER.DAT
[2009/12/28 13:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\lvnrkfip.job
[2009/12/28 08:34:40 | 00,018,360 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Application Data\wklnhst.dat
[2009/12/28 08:34:39 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Dec. 2009 Budget.xlr
[2009/12/27 22:19:34 | 00,924,672 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Hi and welcome to the Bleeping Computer malware removal forum.doc
[2009/12/27 22:19:34 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\~$ and welcome to the Bleeping Computer malware removal forum.doc
[2009/12/26 23:05:05 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\System32\tirowefa.dll
[2009/12/26 21:42:23 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Desktop\rkill.scr
[2009/12/26 20:41:15 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad and Mom\ntuser.ini
[2009/12/26 20:37:29 | 04,282,876 | -H-- | M] () -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\IconCache.db
[2009/12/26 20:33:00 | 00,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 20:12:23 | 04,844,280 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dad and Mom\Desktop\mbam-setup.exe
[2009/12/26 20:08:07 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Desktop\rkill.com
[2009/12/26 19:54:39 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Desktop\Internet Security 2010.lnk
[2009/12/26 19:38:53 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/26 18:24:52 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Boy Scout Camp Gear List.xlr
[2009/12/25 23:04:59 | 00,005,838 | -HS- | M] () -- C:\WINDOWS\System32\jevodode.dll
[2009/12/25 23:04:48 | 00,005,811 | -HS- | M] () -- C:\WINDOWS\System32\bivegedu.exe
[2009/12/25 17:48:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2009/12/25 17:48:31 | 00,279,040 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Automated Removal Instructions for Internet Security 2010 using Malwarebytes.doc
[2009/12/25 17:28:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2009/12/25 17:08:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2009/12/25 16:48:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2009/12/25 16:28:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2009/12/25 16:08:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2009/12/25 15:48:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/12/25 15:28:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/12/25 15:08:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/12/25 14:48:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/25 14:28:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/25 14:08:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/12/25 13:48:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/12/25 13:28:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/12/25 13:08:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/12/25 12:48:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/12/25 12:28:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/12/25 12:08:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/25 11:48:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/23 21:12:54 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch LEGO Star Wars II.lnk
[2009/12/23 12:40:27 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\jagex_runescape_preferences.dat
[2009/12/23 12:39:23 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\jagex_runescape_preferences2.dat
[2009/12/21 23:31:19 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\What makes me ANGRY.doc
[2009/12/12 21:54:41 | 00,852,327 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-TimeRemoteFreepages.pdf
[2009/12/12 21:54:09 | 00,325,969 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-SlyFoxandtheChicksFreepages.pdf
[2009/12/12 21:53:47 | 00,555,419 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-UglyCaterpillarFreepages.pdf
[2009/12/12 21:53:16 | 00,554,467 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-YourJobIsEasyFreepages.pdf
[2009/12/12 21:52:32 | 00,575,907 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-ItsNotFairFreepages.pdf
[2009/12/12 21:51:54 | 00,356,974 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-NoOneWillEverKnowFrepages.pdf
[2009/12/12 21:51:23 | 00,169,666 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Phonics_Bingo0809.pdf
[2009/12/12 21:51:06 | 00,149,370 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Addition_Subtraction_Bingo_Complete.pdf
[2009/12/12 21:51:00 | 03,879,936 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Free.Bird.pdf
[2009/12/12 21:50:21 | 01,206,989 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\KnQ-BlacklineMapsofWorldHistoryFreeDwonload.pdf
[2009/12/12 21:49:30 | 00,241,942 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\HOW_TO_START_USING_CTT_-_Nov_2009.pdf
[2009/12/12 21:48:39 | 00,197,382 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\How_To_Do_CTT_Cs_Cs_rev_May_30_08_pdf.pdf
[2009/12/12 21:48:09 | 09,492,453 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Genesis_Bible_Notebooking_Pages.zip
[2009/12/12 21:46:54 | 03,007,807 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\SchoolChoreCharts.pdf
[2009/12/12 21:45:36 | 03,748,123 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Discoverers.pdf
[2009/12/12 21:44:46 | 00,216,426 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Spiders.pdf
[2009/12/12 21:44:02 | 01,067,369 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Native_American_Chart.pdf
[2009/12/12 21:43:41 | 02,868,496 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\PresidentsDay.pdf
[2009/12/12 21:42:57 | 01,019,601 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\s_Big_Issues.pdf
[2009/12/12 21:42:25 | 02,347,815 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Shamrocks_and_Shillelaghs_DB.pdf
[2009/12/12 21:41:43 | 01,177,843 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Holiday-_Helper--St-_Patricks-_Day.pdf
[2009/12/12 21:40:22 | 00,317,001 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Chocolate_Fractions_Part_One_Is_My_Child_Ready_for_This.pdf
[2009/12/12 21:38:53 | 00,581,519 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Bird_Order_Chart.pdf
[2009/12/12 21:38:03 | 01,669,412 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Parable_of_the_Lost_Sheep.pdf
[2009/12/12 21:37:44 | 03,687,575 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\TBB_Periodic_Table_of_Elements_Card_Kits.pdf
[2009/12/12 21:36:17 | 02,679,799 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Coins_Nets_Treasure.pdf
[2009/12/12 21:35:27 | 00,189,788 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Clouds_Mini_Helper_-_Freebie.pdf
[2009/12/12 21:34:52 | 00,347,712 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\WhyUseDramaArticle2[1].pdf
[2009/12/12 21:34:07 | 02,645,040 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Ten_Lepers.pdf
[2009/12/12 20:47:31 | 86,112,218 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath07.mp4
[2009/12/12 20:39:15 | 94,134,555 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath06-Quiz.mp4
[2009/12/12 20:30:52 | 11,117,451 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\GreekAlphabet.m4v
[2009/12/12 20:28:54 | 00,343,166 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-05.pdf
[2009/12/12 20:28:22 | 00,443,442 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-04.pdf
[2009/12/12 20:28:06 | 01,281,260 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-03.pdf
[2009/12/12 20:27:26 | 00,457,586 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-02.pdf
[2009/12/12 20:26:49 | 00,549,126 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-01.pdf
[2009/12/12 20:25:56 | 14,346,653 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Teacher_Book_Bag_Fall_2009_Book_Bag_Sampler.pdf
[2009/12/12 20:23:04 | 00,206,229 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover B.pdf
[2009/12/12 20:22:37 | 00,206,229 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover.pdf
[2009/12/12 20:22:14 | 00,206,229 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover[1].pdf
[2009/12/12 20:19:50 | 05,808,073 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\States Sample_book.pdf
[2009/12/12 20:18:31 | 01,971,367 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\FamilyHistory.pdf
[2009/12/12 20:15:49 | 03,359,445 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\All_Apples_-_A_Fun_Study[1].pdf
[2009/12/10 13:12:09 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Aragon 09-10 Searting Chart.doc
[2009/12/09 03:30:09 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 01:01:13 | 00,001,866 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Desktop\The Lord of the Rings Online.lnk
[2009/12/08 10:13:57 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/07 14:28:59 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 11:55:51 | 02,112,979 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Mentoring Handbook.pdf
[2009/12/01 19:32:58 | 00,060,928 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Nov. 2009 Budget.xlr

========== Files Created - No Company Name ==========

[2009/12/27 23:04:47 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\lvnrkfip.job
[2009/12/27 22:19:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\~$ and welcome to the Bleeping Computer malware removal forum.doc
[2009/12/27 22:19:19 | 00,924,672 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Hi and welcome to the Bleeping Computer malware removal forum.doc
[2009/12/26 23:05:05 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\System32\tirowefa.dll
[2009/12/26 21:42:22 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Desktop\rkill.scr
[2009/12/26 20:13:24 | 00,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 20:08:03 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Desktop\rkill.com
[2009/12/26 19:54:38 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Desktop\Internet Security 2010.lnk
[2009/12/25 23:04:59 | 00,005,838 | -HS- | C] () -- C:\WINDOWS\System32\jevodode.dll
[2009/12/25 23:04:48 | 00,005,811 | -HS- | C] () -- C:\WINDOWS\System32\bivegedu.exe
[2009/12/25 17:48:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2009/12/25 17:48:27 | 00,279,040 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Automated Removal Instructions for Internet Security 2010 using Malwarebytes.doc
[2009/12/25 17:28:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2009/12/25 17:08:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2009/12/25 16:48:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2009/12/25 16:28:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2009/12/25 16:08:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2009/12/25 15:48:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/12/25 15:28:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/12/25 15:08:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/12/25 14:48:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/12/25 14:28:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/12/25 14:08:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/12/25 13:48:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/12/25 13:28:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/12/25 13:08:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/12/25 12:48:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/12/25 12:28:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/12/25 12:08:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/12/25 11:48:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/12/25 11:07:12 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/23 21:12:54 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch LEGO Star Wars II.lnk
[2009/12/21 23:31:13 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\What makes me ANGRY.doc
[2009/12/12 21:54:37 | 00,852,327 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-TimeRemoteFreepages.pdf
[2009/12/12 21:54:08 | 00,325,969 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-SlyFoxandtheChicksFreepages.pdf
[2009/12/12 21:53:43 | 00,555,419 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-UglyCaterpillarFreepages.pdf
[2009/12/12 21:53:14 | 00,554,467 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-YourJobIsEasyFreepages.pdf
[2009/12/12 21:52:30 | 00,575,907 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-ItsNotFairFreepages.pdf
[2009/12/12 21:51:53 | 00,356,974 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-NoOneWillEverKnowFrepages.pdf
[2009/12/12 21:51:22 | 00,169,666 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Phonics_Bingo0809.pdf
[2009/12/12 21:51:05 | 00,149,370 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Addition_Subtraction_Bingo_Complete.pdf
[2009/12/12 21:51:00 | 03,879,936 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Free.Bird.pdf
[2009/12/12 21:50:14 | 01,206,989 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\KnQ-BlacklineMapsofWorldHistoryFreeDwonload.pdf
[2009/12/12 21:49:29 | 00,241,942 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\HOW_TO_START_USING_CTT_-_Nov_2009.pdf
[2009/12/12 21:48:38 | 00,197,382 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\How_To_Do_CTT_Cs_Cs_rev_May_30_08_pdf.pdf
[2009/12/12 21:48:09 | 09,492,453 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Genesis_Bible_Notebooking_Pages.zip
[2009/12/12 21:46:54 | 03,007,807 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\SchoolChoreCharts.pdf
[2009/12/12 21:45:36 | 03,748,123 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Discoverers.pdf
[2009/12/12 21:44:45 | 00,216,426 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Spiders.pdf
[2009/12/12 21:43:57 | 01,067,369 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Native_American_Chart.pdf
[2009/12/12 21:43:41 | 02,868,496 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\PresidentsDay.pdf
[2009/12/12 21:42:52 | 01,019,601 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\s_Big_Issues.pdf
[2009/12/12 21:42:13 | 02,347,815 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Shamrocks_and_Shillelaghs_DB.pdf
[2009/12/12 21:41:35 | 01,177,843 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Holiday-_Helper--St-_Patricks-_Day.pdf
[2009/12/12 21:40:20 | 00,317,001 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Chocolate_Fractions_Part_One_Is_My_Child_Ready_for_This.pdf
[2009/12/12 21:38:50 | 00,581,519 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Bird_Order_Chart.pdf
[2009/12/12 21:37:55 | 01,669,412 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Parable_of_the_Lost_Sheep.pdf
[2009/12/12 21:37:43 | 03,687,575 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\TBB_Periodic_Table_of_Elements_Card_Kits.pdf
[2009/12/12 21:36:03 | 02,679,799 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Coins_Nets_Treasure.pdf
[2009/12/12 21:35:26 | 00,189,788 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Clouds_Mini_Helper_-_Freebie.pdf
[2009/12/12 21:34:51 | 00,347,712 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\WhyUseDramaArticle2[1].pdf
[2009/12/12 21:34:05 | 02,645,040 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Ten_Lepers.pdf
[2009/12/12 20:47:02 | 86,112,218 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath07.mp4
[2009/12/12 20:38:04 | 94,134,555 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath06-Quiz.mp4
[2009/12/12 20:30:48 | 11,117,451 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\GreekAlphabet.m4v
[2009/12/12 20:28:52 | 00,343,166 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-05.pdf
[2009/12/12 20:28:20 | 00,443,442 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-04.pdf
[2009/12/12 20:27:58 | 01,281,260 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-03.pdf
[2009/12/12 20:27:23 | 00,457,586 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-02.pdf
[2009/12/12 20:26:45 | 00,549,126 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-01.pdf
[2009/12/12 20:25:55 | 14,346,653 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Teacher_Book_Bag_Fall_2009_Book_Bag_Sampler.pdf
[2009/12/12 20:23:03 | 00,206,229 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover B.pdf
[2009/12/12 20:22:36 | 00,206,229 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover.pdf
[2009/12/12 20:22:14 | 00,206,229 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover[1].pdf
[2009/12/12 20:19:50 | 05,808,073 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\States Sample_book.pdf
[2009/12/12 20:18:21 | 01,971,367 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\FamilyHistory.pdf
[2009/12/12 20:15:49 | 03,359,445 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\All_Apples_-_A_Fun_Study[1].pdf
[2009/12/11 15:24:31 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Dec. 2009 Budget.xlr
[2009/12/10 10:32:45 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Aragon 09-10 Searting Chart.doc
[2009/12/09 01:01:13 | 00,001,866 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Desktop\The Lord of the Rings Online.lnk
[2009/12/02 11:55:51 | 02,112,979 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Mentoring Handbook.pdf
[2009/10/11 14:16:04 | 33,961,728 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009/10/08 12:55:57 | 00,014,527 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/28 11:04:55 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\pepekusu.dll
[2009/09/28 11:04:55 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\debiwuju.dll
[2009/09/27 23:04:46 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\nawidiga.dll
[2009/09/27 23:04:46 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\pegegeja.dll
[2009/09/27 23:04:46 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pemahuvu.dll
[2009/09/27 11:04:25 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\hegepihu.dll
[2009/09/27 11:04:24 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vehesepo.dll
[2009/09/26 23:04:21 | 00,021,504 | -HS- | C] () -- C:\WINDOWS\System32\sayiwido.dll
[2009/09/26 23:04:21 | 00,004,096 | -HS- | C] () -- C:\WINDOWS\System32\fihasine.dll
[2009/09/26 23:04:20 | 00,093,184 | -HS- | C] () -- C:\WINDOWS\System32\zamineti.dll
[2009/09/26 23:04:20 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\yejedotu.dll
[2009/09/26 11:03:58 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\nezapuju.dll
[2009/09/26 11:03:57 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\toyumohe.dll
[2009/09/25 11:06:03 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\miniyodi.dll
[2009/09/25 11:06:02 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\runuzonu.dll
[2009/09/25 11:06:02 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\mopakije.dll
[2009/09/25 11:05:12 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vegitagi.dll
[2009/09/25 11:04:44 | 00,054,272 | -HS- | C] () -- C:\WINDOWS\System32\bekozafo.dll
[2009/09/25 11:04:44 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\wikogegu.dll
[2009/09/25 11:04:41 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\rulukizi.dll
[2009/09/11 11:48:14 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/26 11:09:37 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/08/26 11:09:37 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/07/10 18:17:25 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\degenitu
[2009/05/21 09:35:49 | 00,012,160 | ---- | C] () -- C:\WINDOWS\LxUsbOpn.dll
[2009/05/21 09:35:49 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2009/05/21 09:35:48 | 00,061,440 | ---- | C] () -- C:\WINDOWS\insxk50c.dll
[2008/12/31 23:45:53 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/31 23:45:53 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F13BA36F45.sys
[2008/12/31 20:41:38 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\fusioncache.dat
[2008/12/31 17:51:00 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/12/31 17:51:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/12/25 08:35:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/12/25 08:35:23 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/11/30 19:19:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/11/30 19:19:23 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/11/30 19:14:20 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2008/11/30 19:14:20 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2008/11/30 19:13:40 | 00,013,344 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2008/11/30 19:13:40 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2008/11/29 16:45:18 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Application Data\suinc.sns
[2008/11/29 16:12:16 | 00,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/11/29 16:12:10 | 00,000,186 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/11/29 16:00:04 | 00,000,174 | ---- | C] () -- C:\WINDOWS\SMRTGAMS.INI
[2008/10/26 19:33:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/16 16:45:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/07/15 18:37:33 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/07/01 19:34:49 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 05:30:08 | 00,018,360 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Application Data\wklnhst.dat
[2005/12/13 18:09:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/13 18:03:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/13 17:56:59 | 00,001,110 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/13 17:27:12 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/13 17:27:10 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 28 December 2009 - 06:00 PM

A warm holiday Greetings to you too steedross. :(

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c dir /a c:\windows\system32\userinit.exe > log.txt&start log.txt

A text file (log.txt) will be open. Please post its content to your reply.

#5 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 28 December 2009 - 06:16 PM

This is what I get.

Volume in drive C has no label.
Volume Serial Number is 6C82-93AA

Directory of c:\windows\system32

04/13/2008 06:12 PM 26,112 userinit.exe
1 File(s) 26,112 bytes
0 Dir(s) 14,322,642,944 bytes free

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 28 December 2009 - 06:23 PM

Please open OTL.
  • Copy the text in code box and paste it to Custom Scans/Fixes section:

    :Processes
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    :otl
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\iexplore.exe File not found
    O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\System32\winupdate86.exe File not found
    O4 - HKLM..\Run: [xkstartup] C:\WINDOWS\insxk50c.dll ()
    O4 - HKLM..\Run: [yasajikup] C:\WINDOWS\System32\pepekusu.DLL ()
    O4 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe 
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O20 - AppInit_DLLs: (tutogupo.dll) - File not found
    O20 - AppInit_DLLs: (nodefaja.dll) - File not found
    O20 - AppInit_DLLs: (miniyodi.dll) - C:\WINDOWS\System32\miniyodi.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\pepekusu.dll) - C:\WINDOWS\system32\pepekusu.dll ()
    O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - File not found
    O21 - SSODL: vodanulin - {382fb4fa-04b0-42a1-b9b4-8a99a651e256} - C:\WINDOWS\system32\pepekusu.dll ()
    O22 - SharedTaskScheduler: {382fb4fa-04b0-42a1-b9b4-8a99a651e256} - jugezatag - C:\WINDOWS\system32\pepekusu.dll ()
    :files
    C:\Program Files\InternetSecurity2010
    C:\WINDOWS\System32\pepekusu.dll
    C:\WINDOWS\System32\debiwuju.dll
    C:\WINDOWS\System32\nawidiga.dll
    C:\WINDOWS\System32\pegegeja.dll
    C:\WINDOWS\System32\pemahuvu.dll
    C:\WINDOWS\System32\hegepihu.dll
    C:\WINDOWS\System32\vehesepo.dll
    C:\WINDOWS\System32\sayiwido.dll
    C:\WINDOWS\System32\fihasine.dll
    C:\WINDOWS\System32\zamineti.dll
    C:\WINDOWS\System32\yejedotu.dll
    C:\WINDOWS\System32\nezapuju.dll
    C:\WINDOWS\System32\toyumohe.dll
    C:\WINDOWS\System32\miniyodi.dll
    C:\WINDOWS\System32\runuzonu.dll
    C:\WINDOWS\System32\mopakije.dll
    C:\WINDOWS\System32\vegitagi.dll
    C:\WINDOWS\System32\bekozafo.dll
    C:\WINDOWS\System32\wikogegu.dll
    C:\WINDOWS\System32\rulukizi.dll
    C:\WINDOWS\system32\miniyodi.dll
    C:\Documents and Settings\Dad and Mom\Application Data\AntiVirus Plus
    C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\AntiVirus Plus
    C:\Documents and Settings\Dad and Mom\Desktop\Internet Security 2010.lnk
    C:\WINDOWS\System32\critical_warning.html
    C:\WINDOWS\System32\jevodode.dll
    C:\WINDOWS\System32\bivegedu.exe
    C:\WINDOWS\System32\32391.exe
    C:\WINDOWS\System32\5436.exe
    C:\WINDOWS\System32\4827.exe
    C:\WINDOWS\System32\11942.exe
    C:\WINDOWS\System32\2995.exe
    C:\WINDOWS\System32\491.exe
    C:\WINDOWS\System32\9961.exe
    C:\WINDOWS\System32\16827.exe
    C:\WINDOWS\System32\23281.exe
    C:\WINDOWS\System32\28145.exe
    C:\WINDOWS\System32\5705.exe
    C:\WINDOWS\System32\24464.exe
    C:\WINDOWS\System32\26962.exe
    C:\WINDOWS\System32\29358.exe
    C:\WINDOWS\System32\11478.exe
    C:\WINDOWS\System32\15724.exe
    C:\WINDOWS\System32\19169.exe
    C:\WINDOWS\System32\26500.exe
    C:\WINDOWS\System32\6334.exe
    D:\Autorun.inf
    c:\recycler
    C:\WINDOWS\System32\lowsec
    C:\WINDOWS\System32\degenitu
    C:\WINDOWS\tasks\lvnrkfip.job
    C:\WINDOWS\System32\tirowefa.dll
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

  • Click Run Fix button.
  • If the fix needed a reboot please do it.
  • After finished a log will open. Copy and paste the log to your reply.


#7 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 28 December 2009 - 06:36 PM

========== PROCESSES ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\xkstartup deleted successfully.
C:\WINDOWS\insxk50c.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yasajikup deleted successfully.
C:\WINDOWS\system32\pepekusu.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2053655248-3956180858-2247237638-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
File C:\Program Files\InternetSecurity2010\IS2010.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2053655248-3956180858-2247237638-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:tutogupo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nodefaja.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:miniyodi.dll deleted successfully.
C:\WINDOWS\system32\miniyodi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pepekusu.dll deleted successfully.
File C:\WINDOWS\system32\pepekusu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SwUpdate deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{009541A0-3B00-1F1C-00F3-040224001C01}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vodanulin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{382fb4fa-04b0-42a1-b9b4-8a99a651e256}\ deleted successfully.
File C:\WINDOWS\system32\pepekusu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{382fb4fa-04b0-42a1-b9b4-8a99a651e256} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{382fb4fa-04b0-42a1-b9b4-8a99a651e256}\ deleted successfully.
File C:\WINDOWS\system32\pepekusu.dll not found.
========== FILES ==========
File\Folder C:\Program Files\InternetSecurity2010 not found.
File\Folder C:\WINDOWS\System32\pepekusu.dll not found.
C:\WINDOWS\System32\debiwuju.dll moved successfully.
C:\WINDOWS\System32\nawidiga.dll moved successfully.
C:\WINDOWS\System32\pegegeja.dll moved successfully.
C:\WINDOWS\System32\pemahuvu.dll moved successfully.
C:\WINDOWS\System32\hegepihu.dll moved successfully.
C:\WINDOWS\System32\vehesepo.dll moved successfully.
C:\WINDOWS\System32\sayiwido.dll moved successfully.
C:\WINDOWS\System32\fihasine.dll moved successfully.
C:\WINDOWS\System32\zamineti.dll moved successfully.
C:\WINDOWS\System32\yejedotu.dll moved successfully.
C:\WINDOWS\System32\nezapuju.dll moved successfully.
C:\WINDOWS\System32\toyumohe.dll moved successfully.
File\Folder C:\WINDOWS\System32\miniyodi.dll not found.
C:\WINDOWS\System32\runuzonu.dll moved successfully.
C:\WINDOWS\System32\mopakije.dll moved successfully.
C:\WINDOWS\System32\vegitagi.dll moved successfully.
C:\WINDOWS\System32\bekozafo.dll moved successfully.
C:\WINDOWS\System32\wikogegu.dll moved successfully.
C:\WINDOWS\System32\rulukizi.dll moved successfully.
File\Folder C:\WINDOWS\system32\miniyodi.dll not found.
C:\Documents and Settings\Dad and Mom\Application Data\AntiVirus Plus folder moved successfully.
C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\AntiVirus Plus folder moved successfully.
C:\Documents and Settings\Dad and Mom\Desktop\Internet Security 2010.lnk moved successfully.
C:\WINDOWS\System32\critical_warning.html moved successfully.
C:\WINDOWS\System32\jevodode.dll moved successfully.
C:\WINDOWS\System32\bivegedu.exe moved successfully.
C:\WINDOWS\System32\32391.exe moved successfully.
C:\WINDOWS\System32\5436.exe moved successfully.
C:\WINDOWS\System32\4827.exe moved successfully.
C:\WINDOWS\System32\11942.exe moved successfully.
C:\WINDOWS\System32\2995.exe moved successfully.
C:\WINDOWS\System32\491.exe moved successfully.
C:\WINDOWS\System32\9961.exe moved successfully.
C:\WINDOWS\System32\16827.exe moved successfully.
C:\WINDOWS\System32\23281.exe moved successfully.
C:\WINDOWS\System32\28145.exe moved successfully.
C:\WINDOWS\System32\5705.exe moved successfully.
C:\WINDOWS\System32\24464.exe moved successfully.
C:\WINDOWS\System32\26962.exe moved successfully.
C:\WINDOWS\System32\29358.exe moved successfully.
C:\WINDOWS\System32\11478.exe moved successfully.
C:\WINDOWS\System32\15724.exe moved successfully.
C:\WINDOWS\System32\19169.exe moved successfully.
C:\WINDOWS\System32\26500.exe moved successfully.
C:\WINDOWS\System32\6334.exe moved successfully.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
c:\RECYCLER\S-1-5-21-2053655248-3956180858-2247237638-1006 folder moved successfully.
c:\RECYCLER folder moved successfully.
Folder move failed. C:\WINDOWS\System32\lowsec scheduled to be moved on reboot.
C:\WINDOWS\System32\degenitu moved successfully.
C:\WINDOWS\tasks\lvnrkfip.job moved successfully.
C:\WINDOWS\System32\tirowefa.dll moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!

OTL by OldTimer - Version 3.1.20.1 log created on 12282009_172631

Files\Folders moved on Reboot...
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\System32\lowsec scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 28 December 2009 - 06:42 PM

You may uninstall Malwarebytes first.

After running Malwarebyte tell me how is your computer is running. We will run a rootkit scanner the next round.


Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 28 December 2009 - 07:31 PM

Malwarebytes' Anti-Malware 1.42
Database version: 3446
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/28/2009 6:25:21 PM
mbam-log-2009-12-28 (18-25-21).txt

Scan type: Quick Scan
Objects scanned: 135232
Time elapsed: 25 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yasajikup (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55518e54-fbf1-4e10-8ed5-d35b3391fe44}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.1.254 -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\temp\rdl4D8.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\L5PC2SF4\dfghfghgfj[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\W096BYNE\SetupIS2010[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad and Mom\Local Settings\temp\n.exn (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad and Mom\Local Settings\Temporary Internet Files\Content.IE5\25HWHS6C\dfghfghgfj[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad and Mom\Local Settings\Temporary Internet Files\Content.IE5\64DVEHDU\load[1].php (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad and Mom\Local Settings\Temporary Internet Files\Content.IE5\WANOHI0O\SetupIS2010[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\UTemp.dtd (Malware.Trace) -> Quarantined and deleted successfully.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 28 December 2009 - 08:02 PM

One or more of the identified infections is a backdoor trojan.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified, because of it's backdoor functionality, your PC is very likely compromised. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

If you decide to remove the infection please go on with the following steps.


Removal Instructions
  • Please run MBAM Quick Scan once more, let remove what it found, reboot if needed and post the log after reboot.

  • Open OTL. Under Extra Registry section check Use SafeList. Click Run Scan. Please post both the logs it creates on your desktop.

  • Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    • Show All (this one also should be unchecked)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.


#11 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 28 December 2009 - 09:41 PM

Crud, crud, crud!! :(

Let me think about the reformat/reinstall thing. In the meantime, I'm going with the "remove the infection" thing. Here are my logs, GMER coming shortly.


Malwarebytes' Anti-Malware 1.42
Database version: 3446
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/28/2009 8:28:13 PM
mbam-log-2009-12-28 (20-28-13).txt

Scan type: Quick Scan
Objects scanned: 134896
Time elapsed: 25 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 12/28/2009 8:32:48 PM - Run 6
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Dad and Mom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 13.32 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
Drive D: | 588.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADNMOM
Current User Name: Dad and Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/28 13:36:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
PRC - [2009/10/28 00:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/11 18:58:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 18:58:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/02 17:02:45 | 00,296,208 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/10 12:58:54 | 00,472,568 | ---- | M] (Turbine, Inc.) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
PRC - [2009/04/27 22:30:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/14 20:41:12 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/18 13:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 12:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/12/12 17:10:19 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/10/24 08:14:38 | 00,079,136 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 16:13:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0500Mon.exe
PRC - [2007/10/01 16:56:26 | 00,061,440 | ---- | M] (2Wire) -- C:\Program Files\2Wire Wireless Manager\2Wire.exe
PRC - [2006/01/25 15:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2005/12/13 17:56:25 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/09/08 19:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/09/08 19:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/01/27 01:02:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/12/14 03:44:30 | 00,065,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2001/04/08 17:40:24 | 00,454,656 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2000/09/28 09:57:08 | 00,040,960 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\SHPC32.EXE
PRC - [2000/08/02 14:44:10 | 00,290,816 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LexBceS.exe
PRC - [2000/05/12 08:17:24 | 00,168,960 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/28 13:36:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
MOD - [2000/11/29 15:49:44 | 00,049,152 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 18:58:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/02 17:02:45 | 00,296,208 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/10 12:58:54 | 00,267,760 | ---- | M] (Turbine, Inc.) [Auto | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/05/10 12:58:54 | 00,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/04/27 22:30:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/04/27 20:20:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/04/25 18:17:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 17:10:19 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2001/04/08 17:40:24 | 00,454,656 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2000/08/02 14:44:10 | 00,290,816 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LexBceS.exe -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 14:28:59 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 00:13:23 | 03,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/30 17:23:30 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/30 17:23:30 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/31 17:51:03 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/06/16 02:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/03/19 16:13:00 | 00,251,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0500Vid.sys -- (V0500Dev)
DRV - [2007/10/01 16:20:40 | 00,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/05/14 23:03:24 | 00,445,696 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/24 13:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/12/13 17:56:28 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/05 11:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2005/04/05 19:46:28 | 00,830,684 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/03/22 17:08:40 | 00,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/10 20:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/17 21:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/04/09 18:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:48:48 | 00,070,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atiragem.sys -- (atirage)
DRV - [2001/08/17 11:48:40 | 00,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)
DRV - [2001/04/09 08:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)
DRV - [2000/08/28 12:19:50 | 00,040,960 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [2Wire Wireless Manager] C:\Program Files\2Wire Wireless Manager\2Wire.exe (2Wire)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LexStart] C:\WINDOWS\System32\LexStart.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\Printray.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SHPC32] C:\WINDOWS\System32\SHPC32.EXE (Lexmark International)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.)
O4 - HKLM..\Run: [V0500Mon.exe] C:\WINDOWS\V0500Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VBTUCopy] C:\Program Files\VBTUCopy\VBTUCopy.exe (VIA Technologies, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.co...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1242485911218 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (c:\windows\system32\pepekusu.dll) - C:\WINDOWS\System32\pepekusu.dll File not found
O20 - AppInit_DLLs: (miniyodi.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: vodanulin - {382fb4fa-04b0-42a1-b9b4-8a99a651e256} - C:\WINDOWS\System32\pepekusu.dll File not found
O22 - SharedTaskScheduler: {382fb4fa-04b0-42a1-b9b4-8a99a651e256} - jugezatag - C:\WINDOWS\System32\pepekusu.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/26 20:45:53 | 00,000,027 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 17:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Application Data\Malwarebytes
[2009/12/28 17:56:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/28 17:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/28 17:56:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 17:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/28 17:55:35 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dad and Mom\Desktop\mbam-setup.exe
[2009/12/28 17:48:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/28 13:36:44 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
[2009/12/25 21:44:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Desktop\Unused Desktop Shortcuts
[2009/12/25 15:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/23 21:13:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\Lucasarts
[2009/12/03 22:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/29 07:38:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/26 06:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/10/08 23:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/03/03 20:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/28 10:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 12:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/12/28 20:31:22 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Dad and Mom\NTUSER.DAT
[2009/12/28 18:27:49 | 00,000,299 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2009/12/28 18:27:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 18:27:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 18:26:55 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 17:56:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 17:55:36 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dad and Mom\Desktop\mbam-setup.exe
[2009/12/28 17:27:46 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\degenitu
[2009/12/28 13:36:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad and Mom\Desktop\OTL.exe
[2009/12/28 08:34:40 | 00,018,360 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Application Data\wklnhst.dat
[2009/12/28 08:34:39 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Dec. 2009 Budget.xlr
[2009/12/26 20:41:15 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad and Mom\ntuser.ini
[2009/12/26 20:37:29 | 04,282,876 | -H-- | M] () -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\IconCache.db
[2009/12/26 18:24:52 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Boy Scout Camp Gear List.xlr
[2009/12/23 21:12:54 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch LEGO Star Wars II.lnk
[2009/12/23 12:40:27 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\jagex_runescape_preferences.dat
[2009/12/23 12:39:23 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\jagex_runescape_preferences2.dat
[2009/12/21 23:31:19 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\What makes me ANGRY.doc
[2009/12/12 21:54:41 | 00,852,327 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-TimeRemoteFreepages.pdf
[2009/12/12 21:54:09 | 00,325,969 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-SlyFoxandtheChicksFreepages.pdf
[2009/12/12 21:53:47 | 00,555,419 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-UglyCaterpillarFreepages.pdf
[2009/12/12 21:53:16 | 00,554,467 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-YourJobIsEasyFreepages.pdf
[2009/12/12 21:52:32 | 00,575,907 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-ItsNotFairFreepages.pdf
[2009/12/12 21:51:54 | 00,356,974 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-NoOneWillEverKnowFrepages.pdf
[2009/12/12 21:51:23 | 00,169,666 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Phonics_Bingo0809.pdf
[2009/12/12 21:51:06 | 00,149,370 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Addition_Subtraction_Bingo_Complete.pdf
[2009/12/12 21:51:00 | 03,879,936 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Free.Bird.pdf
[2009/12/12 21:50:21 | 01,206,989 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\KnQ-BlacklineMapsofWorldHistoryFreeDwonload.pdf
[2009/12/12 21:49:30 | 00,241,942 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\HOW_TO_START_USING_CTT_-_Nov_2009.pdf
[2009/12/12 21:48:39 | 00,197,382 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\How_To_Do_CTT_Cs_Cs_rev_May_30_08_pdf.pdf
[2009/12/12 21:48:09 | 09,492,453 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Genesis_Bible_Notebooking_Pages.zip
[2009/12/12 21:46:54 | 03,007,807 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\SchoolChoreCharts.pdf
[2009/12/12 21:45:36 | 03,748,123 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Discoverers.pdf
[2009/12/12 21:44:46 | 00,216,426 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Spiders.pdf
[2009/12/12 21:44:02 | 01,067,369 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Native_American_Chart.pdf
[2009/12/12 21:43:41 | 02,868,496 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\PresidentsDay.pdf
[2009/12/12 21:42:57 | 01,019,601 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\s_Big_Issues.pdf
[2009/12/12 21:42:25 | 02,347,815 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Shamrocks_and_Shillelaghs_DB.pdf
[2009/12/12 21:41:43 | 01,177,843 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Holiday-_Helper--St-_Patricks-_Day.pdf
[2009/12/12 21:40:22 | 00,317,001 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Chocolate_Fractions_Part_One_Is_My_Child_Ready_for_This.pdf
[2009/12/12 21:38:53 | 00,581,519 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Bird_Order_Chart.pdf
[2009/12/12 21:38:03 | 01,669,412 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Parable_of_the_Lost_Sheep.pdf
[2009/12/12 21:37:44 | 03,687,575 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\TBB_Periodic_Table_of_Elements_Card_Kits.pdf
[2009/12/12 21:36:17 | 02,679,799 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Coins_Nets_Treasure.pdf
[2009/12/12 21:35:27 | 00,189,788 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Clouds_Mini_Helper_-_Freebie.pdf
[2009/12/12 21:34:52 | 00,347,712 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\WhyUseDramaArticle2[1].pdf
[2009/12/12 21:34:07 | 02,645,040 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Ten_Lepers.pdf
[2009/12/12 20:47:31 | 86,112,218 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath07.mp4
[2009/12/12 20:39:15 | 94,134,555 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath06-Quiz.mp4
[2009/12/12 20:30:52 | 11,117,451 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\GreekAlphabet.m4v
[2009/12/12 20:28:54 | 00,343,166 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-05.pdf
[2009/12/12 20:28:22 | 00,443,442 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-04.pdf
[2009/12/12 20:28:06 | 01,281,260 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-03.pdf
[2009/12/12 20:27:26 | 00,457,586 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-02.pdf
[2009/12/12 20:26:49 | 00,549,126 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-01.pdf
[2009/12/12 20:25:56 | 14,346,653 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Teacher_Book_Bag_Fall_2009_Book_Bag_Sampler.pdf
[2009/12/12 20:23:04 | 00,206,229 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover B.pdf
[2009/12/12 20:22:37 | 00,206,229 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover.pdf
[2009/12/12 20:22:14 | 00,206,229 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover[1].pdf
[2009/12/12 20:19:50 | 05,808,073 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\States Sample_book.pdf
[2009/12/12 20:18:31 | 01,971,367 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\FamilyHistory.pdf
[2009/12/12 20:15:49 | 03,359,445 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\All_Apples_-_A_Fun_Study[1].pdf
[2009/12/10 13:12:09 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Aragon 09-10 Searting Chart.doc
[2009/12/09 03:30:09 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 01:01:13 | 00,001,866 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\Desktop\The Lord of the Rings Online.lnk
[2009/12/08 10:13:57 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/07 14:28:59 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 11:55:51 | 02,112,979 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Mentoring Handbook.pdf
[2009/12/01 19:32:58 | 00,060,928 | ---- | M] () -- C:\Documents and Settings\Dad and Mom\My Documents\Nov. 2009 Budget.xlr

========== Files Created - No Company Name ==========

[2009/12/28 17:56:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 17:27:46 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\degenitu
[2009/12/23 21:12:54 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch LEGO Star Wars II.lnk
[2009/12/21 23:31:13 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\What makes me ANGRY.doc
[2009/12/12 21:54:37 | 00,852,327 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-TimeRemoteFreepages.pdf
[2009/12/12 21:54:08 | 00,325,969 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-SlyFoxandtheChicksFreepages.pdf
[2009/12/12 21:53:43 | 00,555,419 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-UglyCaterpillarFreepages.pdf
[2009/12/12 21:53:14 | 00,554,467 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-YourJobIsEasyFreepages.pdf
[2009/12/12 21:52:30 | 00,575,907 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-ItsNotFairFreepages.pdf
[2009/12/12 21:51:53 | 00,356,974 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\AdvPub-NoOneWillEverKnowFrepages.pdf
[2009/12/12 21:51:22 | 00,169,666 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Phonics_Bingo0809.pdf
[2009/12/12 21:51:05 | 00,149,370 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Addition_Subtraction_Bingo_Complete.pdf
[2009/12/12 21:51:00 | 03,879,936 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Free.Bird.pdf
[2009/12/12 21:50:14 | 01,206,989 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\KnQ-BlacklineMapsofWorldHistoryFreeDwonload.pdf
[2009/12/12 21:49:29 | 00,241,942 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\HOW_TO_START_USING_CTT_-_Nov_2009.pdf
[2009/12/12 21:48:38 | 00,197,382 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\How_To_Do_CTT_Cs_Cs_rev_May_30_08_pdf.pdf
[2009/12/12 21:48:09 | 09,492,453 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Genesis_Bible_Notebooking_Pages.zip
[2009/12/12 21:46:54 | 03,007,807 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\SchoolChoreCharts.pdf
[2009/12/12 21:45:36 | 03,748,123 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Discoverers.pdf
[2009/12/12 21:44:45 | 00,216,426 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Spiders.pdf
[2009/12/12 21:43:57 | 01,067,369 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Native_American_Chart.pdf
[2009/12/12 21:43:41 | 02,868,496 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\PresidentsDay.pdf
[2009/12/12 21:42:52 | 01,019,601 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\s_Big_Issues.pdf
[2009/12/12 21:42:13 | 02,347,815 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Shamrocks_and_Shillelaghs_DB.pdf
[2009/12/12 21:41:35 | 01,177,843 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Holiday-_Helper--St-_Patricks-_Day.pdf
[2009/12/12 21:40:20 | 00,317,001 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Chocolate_Fractions_Part_One_Is_My_Child_Ready_for_This.pdf
[2009/12/12 21:38:50 | 00,581,519 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Bird_Order_Chart.pdf
[2009/12/12 21:37:55 | 01,669,412 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Parable_of_the_Lost_Sheep.pdf
[2009/12/12 21:37:43 | 03,687,575 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\TBB_Periodic_Table_of_Elements_Card_Kits.pdf
[2009/12/12 21:36:03 | 02,679,799 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Coins_Nets_Treasure.pdf
[2009/12/12 21:35:26 | 00,189,788 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Clouds_Mini_Helper_-_Freebie.pdf
[2009/12/12 21:34:51 | 00,347,712 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\WhyUseDramaArticle2[1].pdf
[2009/12/12 21:34:05 | 02,645,040 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Final_Ten_Lepers.pdf
[2009/12/12 20:47:02 | 86,112,218 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath07.mp4
[2009/12/12 20:38:04 | 94,134,555 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath06-Quiz.mp4
[2009/12/12 20:30:48 | 11,117,451 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\GreekAlphabet.m4v
[2009/12/12 20:28:52 | 00,343,166 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-05.pdf
[2009/12/12 20:28:20 | 00,443,442 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-04.pdf
[2009/12/12 20:27:58 | 01,281,260 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-03.pdf
[2009/12/12 20:27:23 | 00,457,586 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-02.pdf
[2009/12/12 20:26:45 | 00,549,126 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\BasicMath-01.pdf
[2009/12/12 20:25:55 | 14,346,653 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Teacher_Book_Bag_Fall_2009_Book_Bag_Sampler.pdf
[2009/12/12 20:23:03 | 00,206,229 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover B.pdf
[2009/12/12 20:22:36 | 00,206,229 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover.pdf
[2009/12/12 20:22:14 | 00,206,229 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Atoms_lesson_with_cover[1].pdf
[2009/12/12 20:19:50 | 05,808,073 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\States Sample_book.pdf
[2009/12/12 20:18:21 | 01,971,367 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\FamilyHistory.pdf
[2009/12/12 20:15:49 | 03,359,445 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\All_Apples_-_A_Fun_Study[1].pdf
[2009/12/11 15:24:31 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Dec. 2009 Budget.xlr
[2009/12/10 10:32:45 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Aragon 09-10 Searting Chart.doc
[2009/12/09 01:01:13 | 00,001,866 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Desktop\The Lord of the Rings Online.lnk
[2009/12/02 11:55:51 | 02,112,979 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\My Documents\Mentoring Handbook.pdf
[2009/10/11 14:16:04 | 33,961,728 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009/10/08 12:55:57 | 00,014,527 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/11 11:48:14 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/26 11:09:37 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/08/26 11:09:37 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/07/10 18:17:25 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\degenitu
[2009/05/21 09:35:49 | 00,012,160 | ---- | C] () -- C:\WINDOWS\LxUsbOpn.dll
[2009/05/21 09:35:49 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2008/12/31 23:45:53 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/31 23:45:53 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F13BA36F45.sys
[2008/12/31 20:41:38 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\fusioncache.dat
[2008/12/31 17:51:00 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/12/31 17:51:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/12/25 08:35:23 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/12/25 08:35:23 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/11/30 19:19:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/11/30 19:19:23 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/11/30 19:14:20 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2008/11/30 19:14:20 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2008/11/30 19:13:40 | 00,013,344 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2008/11/30 19:13:40 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2008/11/29 16:45:18 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Application Data\suinc.sns
[2008/11/29 16:12:16 | 00,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/11/29 16:12:10 | 00,000,186 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/11/29 16:00:04 | 00,000,174 | ---- | C] () -- C:\WINDOWS\SMRTGAMS.INI
[2008/10/26 19:33:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/16 16:45:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/07/15 18:37:33 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/07/01 19:34:49 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 05:30:08 | 00,018,360 | ---- | C] () -- C:\Documents and Settings\Dad and Mom\Application Data\wklnhst.dat
[2005/12/13 18:09:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/13 18:03:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/13 17:56:59 | 00,001,110 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/13 17:27:12 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/13 17:27:10 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
< End of report >

OTL Extras logfile created on: 12/28/2009 8:32:48 PM - Run 6
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Dad and Mom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 13.32 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
Drive D: | 588.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADNMOM
Current User Name: Dad and Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58204:TCP" = 58204:TCP:*:Enabled:Pando Media Booster
"58204:UDP" = 58204:UDP:*:Enabled:Pando Media Booster
"56619:TCP" = 56619:TCP:*:Enabled:Pando Media Booster
"56619:UDP" = 56619:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\WINDOWS\temp\alg.exe" = C:\WINDOWS\temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)
"C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE" = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE:*:Enabled:DW20 -- (Microsoft Corporation)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS -- (Lexmark International, Inc.)
"C:\Sun\SDK\jdk\bin\javaw.exe" = C:\Sun\SDK\jdk\bin\javaw.exe:*:Enabled:javaw -- File not found
"C:\Program Files\2Wire Wireless Manager\2Wire.exe" = C:\Program Files\2Wire Wireless Manager\2Wire.exe:*:Enabled:2Wire -- (2Wire)
"C:\Program Files\Common Files\Motive\McciServiceHost.exe" = C:\Program Files\Common Files\Motive\McciServiceHost.exe:*:Enabled:McciServiceHost -- (Alcatel-Lucent)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\NETGEAR\WG111T\wlan111t.exe" = C:\Program Files\NETGEAR\WG111T\wlan111t.exe:*:Enabled:wlan111t -- (NETGEAR)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe:*:Enabled:TurbineDownloadManagerIcon -- (Turbine, Inc.)
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe" = C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe:*:Enabled:MMDiag -- (Musicmatch, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32 -- (Adobe Systems Incorporated)
"C:\WINDOWS\temp\alg.exe" = C:\WINDOWS\temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier -- (Google Inc.)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0C98E73E-D495-CA87-EF1D-50D3A719351E}" = CCC Help Dutch
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FF1802B-4FE0-81D5-D28F-5095543CB57B}" = Skins
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}" = CCC Help English
"{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}" = Catalyst Control Center Graphics Previews Common
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20D1D37A-817B-3A45-FDF5-507BD8A79680}" = CCC Help Chinese Traditional
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21879F6C-52F6-7A6F-6736-A7C912653608}" = CCC Help Danish
"{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}" = CCC Help Chinese Standard
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}" = Catalyst Control Center Localization All
"{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}" = ccc-utility
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38DCE347-CE45-219E-56AD-30FCB04CF71A}" = CCC Help Hungarian
"{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}" = CCC Help Portuguese
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{581CE7EA-A30D-0000-1211-088635773309}" = 2WIRE Wireless LAN - USB Driver
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C844F60-CFF2-33DE-FD0D-09F3C392679B}" = Catalyst Control Center HydraVision Full
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}" = CCC Help Korean
"{61709405-4DB8-410C-53DC-A76945D7EBC1}" = CCC Help Turkish
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}" = CCC Help Japanese
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EF0B467-8FDD-845E-F168-C7F0C6124C26}" = CCC Help Finnish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{74FF7813-4878-AB41-8503-22287CF11F37}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79469AEF-FF16-C52B-F7F8-E1E203A036E5}" = CCC Help Italian
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83E08A1E-963B-8846-8082-88B996FC060E}" = CCC Help Swedish
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABF04DC-A40D-B4DA-189B-89497B599AB7}" = CCC Help French
"{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}" = CCC Help Norwegian
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}" = CCC Help Thai
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C37810F2-3983-B864-EB7F-DCCB67703FB0}" = Catalyst Control Center Graphics Full New
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}" = ccc-core-preinstall
"{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}" = CCC Help German
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}" = CCC Help Polish
"{DD76E812-359A-FEA9-FB17-2E55EBB36543}" = Catalyst Control Center Core Implementation
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}" = CCC Help Greek
"{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}" = ccc-core-static
"{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}" = Catalyst Control Center Graphics Full Existing
"{F07717A3-8376-AA87-6BE2-D560F1EBABF0}" = CCC Help Spanish
"{F371C899-B40A-811A-2825-30BE7E941CC9}" = CCC Help Czech
"{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}" = CCC Help Russian
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.00.05.801
"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATT-SST-UversePortal" = AT&T Uverse Portal
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dynex VF0500" = Dynex 1.3MP Webcam Driver (1.00.03.0000)
"EADM" = EA Download Manager
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PROSet" = Intel® PRO Network Adapters and Drivers
"Puzzle Play Dot-to-Dots" = Puzzle Play Dot-to-Dots
"Quarter Mile Math Levels 1-3 IP" = Quarter Mile Math Levels 1-3 IP
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"UnityWebPlayer" = Unity Web Player
"Wacom Tablet Driver" = Wacom Tablet Driver
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Xerox XK50cx Print" = Xerox XK50cx Printer Driver
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Dad and Mom
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2009 10:19:13 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:21:11 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:23:30 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:25:22 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:27:28 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:29:06 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:30:28 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:31:48 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:33:08 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

Error - 12/28/2009 10:34:32 PM | Computer Name = DADNMOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 turbinemessageservice.exe, P2 1.2.3411.26345,
P3 49ff45bf, P4 turbinemessageservice, P5 1.2.3411.26345, P6 49ff45bf, P7 78, P8
10, P9 system.nullreferenceexception, P10 NIL.

[ System Events ]
Error - 12/28/2009 10:19:44 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:22:20 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:23:59 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:26:09 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:28:03 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:29:25 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:30:46 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:32:05 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:33:30 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/28/2009 10:34:54 PM | Computer Name = DADNMOM | Source = Service Control Manager | ID = 7031
Description = The Turbine Message Service - Live service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.


< End of report >

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 29 December 2009 - 05:37 AM

I'll wait for the GMER report. :(

#13 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 29 December 2009 - 04:48 PM

F -

Sorry this took so long - I had a few stupid moments with this one, :( but I'm pretty sure I got it now.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-29 14:10:17
Windows 5.1.2600 Service Pack 3
Running: jv0gxndf.exe; Driver: C:\DOCUME~1\DADAND~1\LOCALS~1\Temp\axddapog.sys


---- System - GMER 1.0.15 ----

SSDT F8C4C6BE ZwCreateKey
SSDT F8C4C6B4 ZwCreateThread
SSDT F8C4C6C3 ZwDeleteKey
SSDT F8C4C6CD ZwDeleteValueKey
SSDT F8C4C6D2 ZwLoadKey
SSDT F8C4C6A0 ZwOpenProcess
SSDT F8C4C6A5 ZwOpenThread
SSDT F8C4C6DC ZwReplaceKey
SSDT F8C4C6D7 ZwRestoreKey
SSDT F8C4C6C8 ZwSetValueKey
SSDT F8C4C6AF ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A9D04D20
Device A9CFD60A

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@DWQueuedReporting "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

---- EOF - GMER 1.0.15 ----

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:24 PM

Posted 29 December 2009 - 05:35 PM

You have done very well. Just a few small thing to take care.
  • You may uninstall NetWaiting if you don't have a dial-up connection.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#15 steedross

steedross
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 29 December 2009 - 07:20 PM

ComboFix 09-12-29.04 - Dad and Mom 12/29/2009 17:32:22.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.202 [GMT -6:00]
Running from: c:\documents and settings\Dad and Mom\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Dad and Mom\Start Menu\Internet Security 2010.lnk
c:\windows\EventSystem.log
c:\windows\xobglu16.dll

----- BITS: Possible infected sites -----

hxxp://patch.starwarsgalaxies.com:7041
hxxp://82.98.235.29
hxxp://82.98.231.102
hxxp://77.74.48.116
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2009-12-28 23:56 . 2009-12-28 23:56 -------- d-----w- c:\documents and settings\Dad and Mom\Application Data\Malwarebytes
2009-12-28 23:56 . 2009-12-28 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 23:56 . 2009-12-29 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-25 20:52 . 2009-12-25 20:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-12-24 03:13 . 2009-12-24 03:13 -------- d-----w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\Lucasarts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 23:56 . 2008-12-01 01:14 299 ----a-w- c:\windows\system32\wacom.dat
2009-12-29 22:50 . 2005-12-13 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 14:34 . 2008-07-01 11:30 18360 ----a-w- c:\documents and settings\Dad and Mom\Application Data\wklnhst.dat
2009-12-26 01:55 . 2009-07-15 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-24 03:02 . 2009-08-05 21:11 -------- d-----w- c:\program files\LucasArts
2009-12-24 03:01 . 2009-11-24 03:48 -------- d-----w- c:\program files\LEGO Company
2009-12-23 18:40 . 2009-01-01 01:08 39 ----a-w- c:\documents and settings\Dad and Mom\jagex_runescape_preferences.dat
2009-12-23 18:39 . 2009-09-06 00:38 69 ----a-w- c:\documents and settings\Dad and Mom\jagex_runescape_preferences2.dat
2009-12-20 20:42 . 2009-10-23 21:32 -------- d-----w- c:\program files\StarWarsGalaxies
2009-12-08 17:22 . 2009-05-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-07 20:28 . 2009-10-11 20:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-05 21:37 . 2009-06-21 19:32 -------- d-----w- c:\documents and settings\Dad and Mom\Application Data\LEGO Company
2009-11-18 00:34 . 2009-11-18 00:34 -------- d-----w- c:\program files\Citrix
2009-11-18 00:34 . 2009-11-18 00:34 60744 ----a-w- c:\documents and settings\Dad and Mom\g2mdlhlpx.exe
2009-11-16 01:28 . 2009-11-16 01:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-29 07:46 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-10 18:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 18:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 18:51 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 14:42 . 2009-10-12 14:43 389120 ----a-w- c:\windows\system32\CF20539.exe
2009-10-12 13:38 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 18:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 00:58 . 2009-10-12 00:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 20:16 . 2009-10-11 20:16 33961728 ----a-w- c:\program files\avira_antivir_personal_en.exe
2009-10-08 18:55 . 2009-10-08 18:55 14527 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-10-06 02:28 . 2008-07-02 01:37 69600 -c--a-w- c:\documents and settings\Dad and Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-03 16:56 . 2009-01-01 05:45 56 --sh--r- c:\windows\system32\F13BA36F45.sys
2009-01-03 16:56 . 2009-01-01 05:45 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-13 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-13 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"2Wire Wireless Manager"="c:\program files\2Wire Wireless Manager\2Wire.exe" [2007-10-01 61440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2009-05-10 472568]
"VBTUCopy"="c:\program files\VBTUCopy\VBTUCopy.exe" [2007-01-19 356352]
"LexStart"="lexstart.exe" [2000-09-20 32771]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-05-02 40960]
"SHPC32"="shpc32.exe" [2000-09-28 40960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-12 149280]
"V0500Mon.exe"="c:\windows\V0500Mon.exe" [2008-03-19 32768]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-13 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2008-12-31 884840]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\2Wire Wireless Manager\\2Wire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
"c:\\Program Files\\NETGEAR\\WG111T\\wlan111t.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineDownloadManagerIcon.exe"=
"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\MMDiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"56619:TCP"= 56619:TCP:Pando Media Booster
"56619:UDP"= 56619:UDP:Pando Media Booster

R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [10/24/2009 8:49 PM 296208]
S2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [3/18/2009 2:26 PM 267760]
S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [7/18/2009 12:13 PM 281600]
S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [7/18/2009 12:14 PM 70528]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [12/31/2008 5:51 PM 17149]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [3/18/2009 2:26 PM 218608]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [11/19/2009 10:30 AM 251264]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{382fb4fa-04b0-42a1-b9b4-8a99a651e256} - c:\windows\system32\pepekusu.dll
SSODL-vodanulin-{382fb4fa-04b0-42a1-b9b4-8a99a651e256} - c:\windows\system32\pepekusu.dll
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 17:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2053655248-3956180858-2247237638-1006\Software\SecuROM\License information*]
"datasecu"=hex:5b,19,e8,fa,a9,5a,9a,5c,8c,62,df,b5,6f,09,24,a3,44,87,89,c0,69,
be,26,57,ab,cf,64,13,8f,86,7b,d4,92,46,0f,58,ca,f6,6e,96,7c,7f,b4,7c,61,c4,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3576)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\shpc32.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE
.
**************************************************************************
.
Completion time: 2009-12-29 18:12:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 00:12
ComboFix2.txt 2009-10-12 14:34

Pre-Run: 15,045,869,568 bytes free
Post-Run: 17,341,788,160 bytes free

- - End Of File - - D5EEEA2EFA03A20A630247FB02079671




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users