Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!! I don't know what I'm infected with


  • This topic is locked This topic is locked
19 replies to this topic

#1 pilotguy1900

pilotguy1900

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 04 January 2010 - 01:36 PM

Please I need some help here..

My IE Explorer and Firefox browsers have been crashing for the last week. Everytime I click on a google link in IE, the "tab" gets recovered. It's rather annoying. Firefox just crashed all together and requires a restart. I've really tried to remedy this myself by running SUPERAntiSpyware, Malware Anti-Malware, Norton, and webroot. Nothing works, SUPERAntiSpyware finds cookies at best, removes them, restarts and the problem happens all over again.

Anyway, I've read the how-to post for posting here and hope I'm doing this correctly. I should mention though that RootRepeal refuses to run on my system. Keep getting all sorts of strange errors and never a completed log. I'll attach what it gives me though. ANyway here is the DDS log..


DDS (Ver_09-12-01.01) - NTFSx86
Run by John at 12:17:31.04 on 04/01/2010
Internet Explorer: 8.0.7100.0
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.2.1033.18.2046.517 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.1.0.19\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [D-Link RangeBooster G WUA-2340] "c:\program files\d-link\rangebooster g wua-2340\AirPlusCFG.exe"
mRun: [ANIWZCS2Service] "c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] "rundll32.exe" c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\qw1apmea.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-4 64288]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1101000.013\SymDS.sys [2009-12-30 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1101000.013\SymEFA.sys [2009-12-30 171056]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20091205.001\BHDrvx86.sys [2009-12-4 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1101000.013\cchpx86.sys [2009-12-30 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20091217.002\IDSvix86.sys [2009-12-30 343088]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-12-22 20384]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-12-30 102224]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1101000.013\Ironx86.sys [2009-12-30 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1101000.013\symtdiv.sys [2009-12-30 339504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-31 235344]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.1.0.19\ccSvcHst.exe [2009-12-30 126392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-4 1153368]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-12-29 1201640]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\AGUx86.sys [2009-12-22 905728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-31 102448]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2009-12-22 27248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-31 19160]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-4-21 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-4-21 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-4-21 661504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-21 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-23 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-23 8456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-3 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\rangebooster g wua-2340\jswutilvst\jswpsapi.exe [2009-12-22 954368]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2010-01-04 18:08:17 0 d-----w- c:\program files\Trend Micro
2010-01-04 17:53:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-04 17:52:56 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-04 17:52:56 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 17:47:51 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-04 17:47:23 0 d-----w- c:\programdata\Lavasoft
2010-01-04 17:47:23 0 d-----w- c:\program files\Lavasoft
2010-01-03 18:12:09 0 d-----w- c:\users\john\Tracing
2010-01-03 18:11:44 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-03 18:11:27 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-03 18:09:32 20 ----a-w- c:\windows\ ¨c
2010-01-03 18:09:32 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-03 18:08:10 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-03 17:58:06 0 d-----w- c:\program files\common files\Windows Live
2010-01-03 17:57:34 0 d-----w- c:\windows\nvtmpinst
2010-01-03 17:55:54 0 d-----w- c:\program files\Microsoft
2010-01-02 04:34:32 0 d-----w- c:\program files\DVD Decrypter
2010-01-02 03:34:55 0 d-----w- c:\program files\Alex Feinman
2010-01-01 23:18:02 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-01 23:18:02 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-01 23:17:22 0 d-----w- c:\program files\iPod
2010-01-01 23:17:21 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 23:17:21 0 d-----w- c:\program files\iTunes
2010-01-01 23:16:01 0 d-----w- c:\program files\Bonjour
2010-01-01 23:15:19 0 d-----w- c:\programdata\Apple Computer
2010-01-01 23:14:03 0 d-----w- c:\programdata\Apple
2010-01-01 23:02:31 0 d-----w- c:\windows\system32\AGEIA
2010-01-01 22:59:44 0 d-----w- C:\NVIDIA
2010-01-01 22:53:59 0 d-----w- c:\program files\SystemRequirementsLab
2009-12-31 23:03:50 0 d-----w- c:\users\john\appdata\roaming\Malwarebytes
2009-12-31 23:03:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 23:03:19 0 d-----w- c:\programdata\Malwarebytes
2009-12-31 23:03:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 23:03:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 22:52:17 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-31 22:51:10 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 22:51:08 0 d-----w- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2009-12-31 22:48:19 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-31 17:50:03 309940067 ----a-w- c:\windows\MEMORY.DMP
2009-12-30 20:09:32 0 d-----w- c:\programdata\Axara
2009-12-30 20:09:17 0 d-----w- c:\users\john\appdata\roaming\Axara
2009-12-30 20:08:35 0 d-----w- c:\program files\common files\Axara
2009-12-30 20:08:32 0 d-----w- c:\program files\Axara
2009-12-30 17:06:02 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-30 17:06:02 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-30 17:06:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-30 17:06:02 0 d-----w- c:\program files\Symantec
2009-12-30 17:06:02 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-30 17:05:33 0 d-----w- c:\windows\system32\drivers\NAV
2009-12-30 17:05:33 0 d-----w- c:\program files\Norton AntiVirus
2009-12-30 17:05:22 0 d-----w- c:\program files\NortonInstaller
2009-12-30 07:01:00 102224 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2009-12-30 06:29:48 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-30 06:27:56 0 d-----w- c:\users\john\appdata\roaming\BitDefender
2009-12-30 05:26:21 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-30 05:26:21 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-30 05:26:21 0 ----a-w- c:\windows\system32\ab_bl.sig
2009-12-30 05:24:20 385 ----a-w- c:\windows\system32\user_gensett.xml
2009-12-30 05:24:04 0 d-----w- c:\programdata\BitDefender
2009-12-30 05:20:20 0 d-----w- c:\users\john\appdata\roaming\The Shield Deluxe
2009-12-30 05:19:39 0 d-----w- c:\programdata\The Shield Deluxe
2009-12-30 05:19:39 0 d-----w- c:\program files\The Shield Deluxe
2009-12-30 05:19:39 0 d-----w- c:\program files\common files\The Shield Deluxe
2009-12-30 05:12:49 0 d-----w- c:\program files\common files\BitDefender
2009-12-30 04:28:30 0 d-----w- c:\program files\Ask.com
2009-12-30 04:28:08 0 d-----w- c:\program files\MSSOAP
2009-12-30 04:28:08 0 d-----w- c:\program files\common files\MSSoap
2009-12-30 04:27:53 1563008 ----a-w- c:\windows\WRSetup.dll
2009-12-30 04:27:53 0 d-----w- c:\users\john\appdata\roaming\Webroot
2009-12-30 04:27:53 0 d-----w- c:\programdata\Webroot
2009-12-30 04:27:53 0 d-----w- c:\program files\Webroot
2009-12-30 04:24:11 164 ----a-w- c:\windows\install.dat
2009-12-30 01:36:03 524288 --sha-w- c:\users\john\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TMContainer00000000000000000002.regtrans-ms
2009-12-30 01:36:03 524288 --sha-w- c:\users\john\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TMContainer00000000000000000001.regtrans-ms
2009-12-30 01:36:02 65536 --sha-w- c:\users\john\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TM.blf
2009-12-29 23:06:53 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-29 21:39:04 0 d-----w- c:\program files\ImTOO
2009-12-29 21:30:39 0 d-----w- c:\program files\common files\Common Share
2009-12-29 19:07:21 972 ----a-w- c:\windows\system32\tversity.cookies
2009-12-29 19:03:21 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-29 19:03:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-29 19:03:21 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-12-29 19:03:20 0 d-----w- c:\program files\ffdshow
2009-12-29 19:03:07 0 d-----w- c:\program files\TVersity Codec Pack
2009-12-29 19:02:53 0 d-----w- c:\program files\TVersity
2009-12-29 18:32:49 65536 --sha-w- c:\users\john\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TM.blf
2009-12-29 18:32:49 524288 --sha-w- c:\users\john\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TMContainer00000000000000000002.regtrans-ms
2009-12-29 18:32:49 524288 --sha-w- c:\users\john\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TMContainer00000000000000000001.regtrans-ms
2009-12-29 16:51:44 0 d-----w- c:\program files\common files\Macrovision Shared
2009-12-29 16:51:17 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-12-29 16:14:45 0 d-----w- c:\programdata\FLEXnet
2009-12-29 16:09:19 0 d-----w- c:\programdata\Adobe
2009-12-29 04:44:00 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-29 04:40:00 0 d-----w- c:\windows\PCHEALTH
2009-12-29 04:35:31 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-29 04:33:01 0 d-----w- c:\programdata\Microsoft Help
2009-12-29 04:12:07 0 d-----w- c:\programdata\DAEMON Tools Pro
2009-12-29 04:12:07 0 d-----w- c:\program files\DAEMON Tools Pro
2009-12-29 03:59:44 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-29 03:58:50 0 d-----w- c:\users\john\appdata\roaming\DAEMON Tools Pro
2009-12-29 01:27:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-24 06:36:56 0 d-----w- c:\windows\system32\appmgmt
2009-12-24 05:46:10 1306 ---ha-w- c:\windows\EPMBatch.ept
2009-12-24 05:08:56 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-12-24 05:08:56 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-12-24 05:08:56 1673216 ----a-w- c:\windows\system32\BootMan.exe
2009-12-24 05:08:56 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-12-24 05:08:56 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2009-12-24 05:08:50 0 d-----w- c:\program files\EASEUS
2009-12-24 04:52:51 0 d-----w- c:\programdata\WinZip
2009-12-24 03:36:17 0 d-----w- C:\Usenet Downloads
2009-12-23 16:15:01 0 d-----w- c:\programdata\Sony
2009-12-23 15:32:45 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2009-12-23 15:32:45 2560 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-23 15:32:45 2432 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-23 15:32:45 118520 ----a-w- c:\windows\system32\PxInsI64.exe
2009-12-23 15:32:45 115960 ----a-w- c:\windows\system32\PxCpyI64.exe
2009-12-23 15:32:39 0 d-----w- c:\program files\Sony
2009-12-23 15:31:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-23 15:31:17 0 d-----w- c:\programdata\Sony Corporation
2009-12-22 22:30:04 90112 ----a-w- c:\windows\system32\snymsico.dll
2009-12-22 22:30:04 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2009-12-22 22:30:04 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2009-12-22 22:30:04 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2009-12-22 22:30:04 172032 ----a-w- c:\windows\system32\rixdicon.dll
2009-12-22 22:29:37 0 d-----w- C:\dell
2009-12-22 18:31:59 0 d-----w- c:\windows\Panther
2009-12-22 18:31:47 8192 --sha-r- C:\BOOTSECT.BAK
2009-12-22 18:31:45 383200 --sha-r- C:\bootmgr
2009-12-22 18:31:44 0 d-sh--w- C:\Boot
2009-12-22 17:42:10 0 d-----w- c:\program files\Nero
2009-12-22 17:41:48 0 d-----w- c:\programdata\Nero
2009-12-22 17:36:50 0 d-----w- c:\users\john\appdata\roaming\UseNeXT
2009-12-22 17:36:42 0 d-----w- c:\program files\UseNeXT
2009-12-22 17:33:21 0 d-sh--w- c:\windows\Installer
2009-12-22 17:12:11 0 d-----w- c:\program files\Lavalys
2009-12-22 17:07:45 0 d-----w- c:\programdata\NVIDIA
2009-12-22 17:04:49 797216 ----a-w- c:\windows\system32\nvcplui.exe
2009-12-22 17:04:49 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2009-12-22 17:04:49 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2009-12-22 17:04:48 453152 ----a-w- c:\windows\system32\nvuninst.exe
2009-12-22 17:03:59 299520 ----a-w- c:\windows\system32\wmpdxm.dll
2009-12-22 17:03:54 194560 ----a-w- c:\windows\system32\ListSvc.dll
2009-12-22 17:03:33 306688 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-22 16:58:18 0 d-----w- c:\programdata\NortonInstaller
2009-12-22 16:57:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-22 16:55:11 3284 ----a-w- c:\windows\system32\ANIWZCS{0D91FE6E-9B68-489A-90E5-2CFEE51E76F5}
2009-12-22 16:54:11 5 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{0D91FE6E-9B68-489A-90E5-2CFEE51E76F5}
2009-12-22 16:53:15 0 d-----w- c:\programdata\Norton
2009-12-22 16:52:57 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-22 16:52:57 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-22 16:52:57 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-22 16:52:57 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-22 16:52:57 266240 ----a-w- c:\windows\system32\wnicapi.dll
2009-12-22 16:52:57 262144 ----a-w- c:\windows\system32\wlanapp.dll
2009-12-22 16:52:57 204800 ----a-w- c:\windows\system32\aIPH.dll
2009-12-22 16:52:57 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-22 16:52:57 0 d-----w- c:\program files\ANI
2009-12-22 16:52:29 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2009-12-22 16:52:27 905728 ----a-w- c:\windows\system32\drivers\AGUx86.sys
2009-12-22 16:52:27 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-22 16:52:27 0 d-----w- c:\program files\D-Link
2009-12-22 16:43:45 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-12-22 16:43:01 0 d-----w- c:\windows\system32\wbem\Performance

==================== Find3M ====================

2009-12-30 23:04:17 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-06 18:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 18:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 18:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-04-22 08:14:13 174 --sha-w- c:\program files\desktop.ini
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

============= FINISH: 12:20:41.56 ===============


any help would be greatly appreciated.

Thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 06 January 2010 - 10:25 AM

Just adding some additional information. The website I keep getting redircted too is Searchfindsite.com.

Does anyone have a solution to Root Repeal not running on Win 7??? Alternate program? I would like to have all the logs needed available.

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 06 January 2010 - 09:55 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Spybot

It will interfere with my fixes.

Additional instructions can be found here if needed.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Download LockSearch by jpshortstuff to your desktop
  • A window will pop up, Press 2 and then Enter.
  • A scan will start, let it run uninterrupted.
  • It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop.
  • Post the contents of the log in your reply
==========

With your next post please provide:

* OTL.txt
* Extra.txt
* LockSearch log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 10 January 2010 - 10:13 AM

Do you desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 January 2010 - 06:03 PM

Sorry I was away for a few days... As requested the logs

OTL logfile created on: 10/01/2010 4:42:39 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\John\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107.03 Gb Total Space | 76.09 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/10 16:26:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/02 07:19:02 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/02 07:19:01 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 21:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/02 00:00:00 | 02,430,048 | ---- | M] (Lavalys, Inc.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2009/09/23 13:38:18 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 12:40:36 | 00,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/05 04:17:12 | 00,204,800 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/21 23:23:15 | 00,674,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/21 23:19:37 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/21 23:19:35 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/21 23:19:02 | 02,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/06 11:52:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/23 22:45:00 | 01,667,072 | ---- | M] (D-Link) -- C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/01/19 11:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (SafeList) ==========

MOD - [2010/01/10 16:26:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2009/04/21 23:22:04 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/04/21 23:21:49 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/04/21 23:21:46 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/04/21 23:21:43 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/04/21 23:21:19 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/04/21 23:20:43 | 00,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/04/21 23:20:19 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/04/21 23:20:14 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/04/21 23:20:07 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/04/21 23:20:00 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/04/21 23:00:58 | 01,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.0_none_d75e6751736615f2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WRConsumerService)
SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/29 10:51:44 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/02 07:19:01 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe -- (NAV)
SRV - [2009/09/23 13:38:18 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/22 12:40:36 | 00,884,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 15:53:41 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/21 23:22:25 | 00,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/04/21 23:22:12 | 00,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/04/21 23:22:10 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/04/21 23:22:07 | 00,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/04/21 23:22:02 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/04/21 23:21:49 | 00,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/21 23:21:46 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/04/21 23:21:43 | 00,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/04/21 23:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/04/21 23:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/04/21 23:21:42 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/04/21 23:21:40 | 01,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/21 23:20:52 | 00,680,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/21 23:20:30 | 00,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/21 23:20:14 | 00,252,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/04/21 23:20:13 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/04/21 23:19:55 | 00,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/04/21 23:19:54 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/04/21 23:19:51 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/04/21 23:19:20 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/06 11:52:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/05/19 03:36:40 | 00,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/30 11:06:02 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/28 21:59:44 | 00,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/21 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/21 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/21 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/21 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100109.006\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/04 22:54:05 | 00,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/02 07:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/05 16:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 16:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/20 00:35:50 | 00,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 19:50:48 | 00,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1101000.013\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/10/08 20:55:01 | 00,171,056 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 20:54:25 | 00,114,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 20:54:10 | 00,325,168 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NAV\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 20:54:10 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/10/02 00:00:00 | 00,027,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Users\John\AppData\Local\Temp\EverestDriver.sys -- (EverestDriver)
DRV - [2009/09/16 16:55:00 | 00,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/08/26 12:45:10 | 00,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/08/05 22:48:42 | 00,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/21 23:24:35 | 00,422,992 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/04/21 23:24:29 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/04/21 23:24:23 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/04/21 23:24:21 | 00,332,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/04/21 23:24:21 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/04/21 23:24:21 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/04/21 23:24:20 | 00,236,112 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/04/21 23:24:19 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/04/21 23:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/04/21 23:24:16 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/04/21 23:24:14 | 00,117,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/04/21 23:24:14 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/04/21 23:24:13 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/04/21 23:24:13 | 00,077,904 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/04/21 23:24:12 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/04/21 23:24:12 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/04/21 23:24:08 | 00,070,736 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/04/21 23:24:08 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/04/21 23:24:06 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/04/21 23:24:05 | 00,045,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/04/21 23:24:05 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/04/21 23:24:04 | 00,042,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/04/21 23:24:04 | 00,023,120 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/04/21 23:24:04 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/04/21 23:24:04 | 00,014,416 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/04/21 23:24:02 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/04/21 23:23:59 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/04/21 23:23:56 | 01,383,504 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/04/21 23:23:55 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/04/21 23:23:55 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/04/21 23:23:53 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/04/21 23:23:52 | 00,158,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/04/21 23:23:52 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/04/21 23:23:49 | 00,105,552 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/04/21 23:23:49 | 00,077,904 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/04/21 23:23:47 | 00,040,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/04/21 23:23:45 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/04/21 23:23:44 | 00,032,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/04/21 23:23:44 | 00,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/04/21 23:23:43 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/04/21 23:23:43 | 00,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/21 23:23:42 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/04/21 23:23:29 | 00,369,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/04/21 22:53:34 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/04/21 22:01:13 | 00,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/04/21 22:00:12 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/04/21 21:53:30 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/04/21 21:52:25 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/04/21 21:51:14 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/04/21 21:50:28 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/04/21 21:50:20 | 00,162,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/04/21 21:50:00 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/04/21 21:49:36 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/04/21 21:49:31 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/04/21 21:45:25 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/04/21 21:43:54 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/04/21 21:35:06 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/04/21 21:32:05 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/04/21 21:26:30 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/04/21 21:26:29 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/04/21 21:21:35 | 00,032,768 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/04/21 21:16:45 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/04/21 21:13:47 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/04/21 21:08:28 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/04/21 20:52:05 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/04/21 20:51:17 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/04/21 20:51:17 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/04/21 20:51:16 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/04/21 20:51:15 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/04/21 20:51:15 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/04/21 20:11:52 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/04/21 20:11:52 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/04/21 20:11:52 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/04/21 20:01:07 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/04/21 20:01:07 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/21 20:01:07 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/04/21 20:01:07 | 00,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/21 18:51:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/03/06 11:52:00 | 07,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/07 02:09:32 | 00,905,728 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGUx86.sys -- (A5AGU)
DRV - [2008/05/15 03:28:44 | 00,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/02/15 17:42:42 | 00,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 00,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 00,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/14 16:17:16 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PxHelp20.sys -- (PxHelp20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 59 E1 5C 14 8F CA 01 [binary data]
IE - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\S-1-5-21-2945833319-3008934198-3135900196-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\S-1-5-21-2945833319-3008934198-3135900196-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2009/12/30 11:07:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/04 11:14:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/04 11:14:05 | 00,000,000 | ---D | M]

[2010/01/04 11:26:40 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/01/04 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qw1apmea.default\extensions
[2010/01/04 11:14:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2945833319-3008934198-3135900196-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 09:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/06 15:34:17 | 00,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/04/22 00:17:33 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WRConsumerService - File not found
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRConsumerService - File not found
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D2E4335-D56A-BC1C-7D04-C74AD59F730A} - Themes Setup
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9DC43288-2F64-3B0A-475E-A6FD81909B63} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/10 16:26:33 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/01/06 15:34:17 | 00,000,000 | ---D | C] -- C:\Autoruns
[2010/01/06 09:29:12 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Tific
[2010/01/06 09:29:11 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Tific
[2010/01/06 09:29:10 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Symantec
[2010/01/04 22:51:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/04 12:20:04 | 00,472,064 | ---- | C] ( ) -- C:\Users\John\Desktop\RootRepeal.exe
[2010/01/04 12:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/04 11:53:51 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/01/04 11:52:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/04 11:52:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/04 11:47:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/04 11:47:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/01/04 11:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/04 11:26:23 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2010/01/04 11:26:23 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2010/01/04 11:14:01 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/03 12:12:09 | 00,000,000 | ---D | C] -- C:\Users\John\Tracing
[2010/01/03 12:12:08 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/01/03 12:11:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/03 12:11:27 | 00,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/01/03 12:10:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/01/03 12:09:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/01/03 12:08:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/01/03 12:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/01/03 11:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/03 11:57:34 | 00,000,000 | ---D | C] -- C:\Windows\nvtmpinst
[2010/01/03 11:55:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/01 22:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/01/01 21:43:25 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ImgBurn
[2010/01/01 21:39:32 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/01/01 21:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2010/01/01 17:18:21 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Apple Computer
[2010/01/01 17:18:21 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apple Computer
[2010/01/01 17:18:02 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/01 17:18:02 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/01 17:18:02 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/01/01 17:17:22 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/01 17:17:21 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/01 17:17:21 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/01 17:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/01/01 17:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/01 17:15:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/01/01 17:15:02 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apple
[2010/01/01 17:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/01/01 17:14:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/01/01 17:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/01/01 17:02:31 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/01/01 17:02:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2010/01/01 16:59:44 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2010/01/01 16:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/12/31 17:03:50 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2009/12/31 17:03:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/31 17:03:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/31 17:03:18 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/31 17:03:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 16:52:17 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/31 16:51:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/31 16:51:08 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/31 16:48:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/31 11:50:37 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/30 16:22:10 | 00,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\symtdiv.sys
[2009/12/30 16:22:09 | 00,328,752 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\SymDS.sys
[2009/12/30 16:22:09 | 00,325,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\srtsp.sys
[2009/12/30 16:22:09 | 00,171,056 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\SymEFA.sys
[2009/12/30 16:22:09 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\srtspx.sys
[2009/12/30 16:22:08 | 00,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\cchpx86.sys
[2009/12/30 16:22:08 | 00,114,736 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\Ironx86.sys
[2009/12/30 16:21:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1101000.013
[2009/12/30 14:09:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Axara
[2009/12/30 14:09:17 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Axara
[2009/12/30 14:08:37 | 00,061,440 | ---- | C] (AxaraMedia.com) -- C:\Windows\System32\mslvddsfilter.ax
[2009/12/30 14:08:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Axara
[2009/12/30 14:08:34 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2009/12/30 14:08:34 | 00,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2009/12/30 14:08:34 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2009/12/30 14:08:33 | 00,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divx.dll
[2009/12/30 14:08:33 | 00,413,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg4c32.dll
[2009/12/30 14:08:33 | 00,261,632 | ---- | C] (MainConcept) -- C:\Windows\System32\mcdvd_32.dll
[2009/12/30 14:08:33 | 00,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\System32\divxdec.ax
[2009/12/30 14:08:33 | 00,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\L3CODECX.AX
[2009/12/30 14:08:33 | 00,082,944 | ---- | C] (Voxware, Inc.) -- C:\Windows\System32\vct3216.acm
[2009/12/30 14:08:33 | 00,081,920 | ---- | C] (fccHandler) -- C:\Windows\System32\AC3ACM.acm
[2009/12/30 14:08:33 | 00,038,912 | ---- | C] (NCT Company) -- C:\Windows\System32\alf2cd.acm
[2009/12/30 14:08:33 | 00,013,239 | ---- | C] (SHARP Corporation) -- C:\Windows\System32\Scg726.acm
[2009/12/30 14:08:32 | 00,000,000 | ---D | C] -- C:\Program Files\Axara
[2009/12/30 11:06:02 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/30 11:06:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/30 11:06:02 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/30 11:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/12/30 11:05:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2009/12/30 11:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/30 00:27:56 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\BitDefender
[2009/12/29 23:24:04 | 00,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2009/12/29 23:20:20 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\The Shield Deluxe
[2009/12/29 23:19:39 | 00,000,000 | ---D | C] -- C:\ProgramData\The Shield Deluxe
[2009/12/29 23:19:39 | 00,000,000 | ---D | C] -- C:\Program Files\The Shield Deluxe
[2009/12/29 23:19:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\The Shield Deluxe
[2009/12/29 23:12:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/12/29 22:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/12/29 22:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/12/29 22:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/12/29 22:27:53 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/12/29 17:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/12/29 15:41:17 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\dvdcss
[2009/12/29 15:39:04 | 00,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2009/12/29 15:30:52 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\OJOsoft Corporation
[2009/12/29 15:30:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2009/12/29 13:03:21 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2009/12/29 13:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/12/29 13:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\TVersity Codec Pack
[2009/12/29 13:02:53 | 00,000,000 | ---D | C] -- C:\Program Files\TVersity
[2009/12/29 10:51:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/12/29 10:51:17 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2009/12/29 10:14:45 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/12/29 10:13:35 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Adobe
[2009/12/29 10:09:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/12/29 10:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/12/29 10:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/12/28 22:44:00 | 00,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2009/12/28 22:41:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/12/28 22:40:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/12/28 22:40:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/12/28 22:40:00 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/12/28 22:40:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/12/28 22:35:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/28 22:33:15 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Help
[2009/12/28 22:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/12/28 22:33:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/12/28 22:29:21 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/12/28 22:12:07 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2009/12/28 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2009/12/28 21:58:50 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DAEMON Tools Pro
[2009/12/28 19:43:09 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\Pictures
[2009/12/24 00:36:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2009/12/23 23:08:50 | 00,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2009/12/23 22:52:51 | 00,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2009/12/23 22:52:50 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/12/23 21:36:17 | 00,000,000 | ---D | C] -- C:\Usenet Downloads
[2009/12/23 10:23:33 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Publish Providers
[2009/12/23 10:21:08 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Sony
[2009/12/23 10:21:08 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Sony
[2009/12/23 10:15:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/12/23 09:41:16 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Sony Corporation
[2009/12/23 09:41:16 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\Picture Motion Browser
[2009/12/23 09:35:50 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/12/23 09:35:49 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/12/23 09:35:49 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/12/23 09:35:49 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/12/23 09:35:49 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/12/23 09:35:49 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/12/23 09:35:48 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/12/23 09:35:48 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/12/23 09:35:48 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/12/23 09:35:47 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/12/23 09:35:47 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/12/23 09:35:47 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/12/23 09:35:47 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/12/23 09:35:47 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/12/23 09:35:47 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/12/23 09:35:47 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/12/23 09:35:46 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/12/23 09:35:42 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/12/23 09:35:41 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/12/23 09:35:41 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/12/23 09:35:41 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/12/23 09:35:41 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/12/23 09:35:41 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/12/23 09:35:41 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/12/23 09:35:40 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/12/23 09:32:45 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxInsI64.exe
[2009/12/23 09:32:45 | 00,115,960 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxCpyI64.exe
[2009/12/23 09:32:45 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2009/12/23 09:32:45 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxInsA64.exe
[2009/12/23 09:32:45 | 00,064,248 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\PxCpyA64.exe
[2009/12/23 09:32:45 | 00,039,672 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll
[2009/12/23 09:32:45 | 00,036,624 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys
[2009/12/23 09:32:45 | 00,002,560 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2009/12/23 09:32:45 | 00,002,432 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2009/12/23 09:32:39 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/12/23 09:31:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2009/12/23 02:08:58 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Diagnostics
[2009/12/22 21:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/12/22 21:30:58 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Macromedia
[2009/12/22 21:30:58 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Adobe
[2009/12/22 21:30:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/12/22 16:34:04 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2009/12/22 16:30:04 | 00,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2009/12/22 16:30:04 | 00,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll
[2009/12/22 16:30:04 | 00,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2009/12/22 16:30:04 | 00,043,008 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2009/12/22 16:30:04 | 00,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2009/12/22 16:29:37 | 00,000,000 | ---D | C] -- C:\dell
[2009/12/22 16:28:37 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Deployment
[2009/12/22 16:28:37 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apps
[2009/12/22 13:21:35 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Nero
[2009/12/22 12:31:59 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/22 12:31:44 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/12/22 11:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/12/22 11:41:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2009/12/22 11:41:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/12/22 11:36:51 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\UseNeXT
[2009/12/22 11:36:50 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\UseNeXT
[2009/12/22 11:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\UseNeXT
[2009/12/22 11:35:54 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/12/22 11:33:21 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/12/22 11:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/12/22 11:07:45 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/12/22 11:04:49 | 01,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2009/12/22 11:04:49 | 00,797,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2009/12/22 11:04:49 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2009/12/22 11:04:48 | 00,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2009/12/22 11:03:54 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll
[2009/12/22 11:03:09 | 00,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/12/22 10:59:23 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\Symantec
[2009/12/22 10:58:18 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/12/22 10:57:06 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/12/22 10:53:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/12/22 10:52:57 | 01,327,189 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2009/12/22 10:52:57 | 00,692,224 | ---- | C] (Wireless Service) -- C:\Windows\System32\ANIWZCS2.dll
[2009/12/22 10:52:57 | 00,266,240 | ---- | C] (Wireless Service) -- C:\Windows\System32\wnicapi.dll
[2009/12/22 10:52:57 | 00,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\aIPH.dll
[2009/12/22 10:52:57 | 00,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\AQCKGen.dll
[2009/12/22 10:52:57 | 00,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANICtl.dll
[2009/12/22 10:52:57 | 00,000,000 | ---D | C] -- C:\Program Files\ANI
[2009/12/22 10:52:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/12/22 10:52:29 | 00,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2009/12/22 10:52:27 | 00,905,728 | ---- | C] (D-Link Corporation) -- C:\Windows\System32\drivers\AGUx86.sys
[2009/12/22 10:52:27 | 00,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIOApi.dll
[2009/12/22 10:52:27 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/12/22 10:52:27 | 00,000,000 | ---D | C] -- C:\Program Files\D-Link
[2009/12/22 10:52:06 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\InstallShield
[2009/12/22 10:40:51 | 00,000,000 | R--D | C] -- C:\Users\John\Searches
[2009/12/22 10:40:41 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Identities
[2009/12/22 10:40:39 | 00,000,000 | R--D | C] -- C:\Users\John\Contacts
[2009/12/22 10:40:29 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\VirtualStore
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\Templates
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\Recent
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2009/12/22 10:40:27 | 00,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2009/12/22 10:40:26 | 00,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Videos
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Pictures
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Music
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Links
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Favorites
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Downloads
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Documents
[2009/12/22 10:40:26 | 00,000,000 | R--D | C] -- C:\Users\John\Desktop
[2009/12/22 10:40:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2009/12/22 10:40:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2009/12/22 10:40:26 | 00,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2009/12/22 10:40:26 | 00,000,000 | -HSD | C] -- C:\Users\John\My Documents
[2009/12/22 10:40:26 | 00,000,000 | -H-D | C] -- C:\Users\John\AppData
[2009/12/22 10:40:26 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2009/12/22 10:40:26 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2009/12/22 10:40:26 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2009/12/22 10:40:17 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/12/22 09:35:31 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/12/22 09:33:19 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/12/22 09:32:27 | 00,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010/01/10 16:44:00 | 02,097,152 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/01/10 16:37:26 | 00,013,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 16:37:26 | 00,013,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 16:36:46 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/10 16:36:46 | 00,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/10 16:36:46 | 00,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/10 16:35:20 | 00,032,653 | ---- | M] () -- C:\Users\John\Desktop\LockSearch.exe
[2010/01/10 16:29:24 | 00,000,972 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2010/01/10 16:29:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/10 16:28:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/10 16:28:36 | 16,093,83936 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/10 16:27:14 | 01,350,733 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/01/10 16:26:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2010/01/10 10:28:57 | 00,883,382 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1101000.013\Cat.DB
[2010/01/06 15:33:37 | 00,595,499 | ---- | M] () -- C:\Users\John\Desktop\Autoruns.zip
[2010/01/06 10:00:00 | 00,000,488 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for John.job
[2010/01/06 09:09:25 | 00,148,594 | ---- | M] () -- C:\Users\John\Desktop\RootRepeal.dmp
[2010/01/06 09:06:26 | 00,000,015 | ---- | M] () -- C:\Users\John\Desktop\settings.dat
[2010/01/06 09:05:17 | 00,472,064 | ---- | M] ( ) -- C:\Users\John\Desktop\RootRepeal.exe
[2010/01/06 06:15:28 | 00,000,474 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for John.job
[2010/01/04 22:52:31 | 00,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/04 16:10:41 | 00,013,395 | ---- | M] () -- C:\Users\John\Documents\Facebook friends.pdf
[2010/01/04 16:06:26 | 04,751,506 | ---- | M] () -- C:\Users\John\Documents\Comms regarding termination.pdf
[2010/01/04 15:51:18 | 04,744,253 | ---- | M] () -- C:\Users\John\Documents\Binder5.pdf
[2010/01/04 15:48:06 | 04,658,900 | ---- | M] () -- C:\Users\John\Documents\Binder4.pdf
[2010/01/04 15:40:09 | 04,598,251 | ---- | M] () -- C:\Users\John\Documents\Binder3.pdf
[2010/01/04 15:35:11 | 00,012,979 | ---- | M] () -- C:\Users\John\Documents\Apology.pdf
[2010/01/04 15:33:02 | 00,077,729 | ---- | M] () -- C:\Users\John\Documents\Letter_to_Tricia-Murdoch_Woods_(Nov_18_2009)[1].pdf
[2010/01/04 15:32:32 | 00,025,181 | ---- | M] () -- C:\Users\John\Documents\Letter regarding my termination.pdf
[2010/01/04 15:22:23 | 00,070,068 | ---- | M] () -- C:\Users\John\Documents\Communications relating to termination.pdf
[2010/01/04 15:09:20 | 00,089,134 | ---- | M] () -- C:\Users\John\Documents\Gmail - Pension paper work - jwyndels@gmail.com.pdf
[2010/01/04 14:03:08 | 00,011,926 | ---- | M] () -- C:\Users\John\Documents\Questions for Percy.docx
[2010/01/04 12:22:42 | 00,004,753 | ---- | M] () -- C:\Users\John\Desktop\DDS Attach.zip
[2010/01/04 12:17:10 | 00,524,288 | ---- | M] () -- C:\Users\John\Desktop\dds.scr
[2010/01/04 12:08:19 | 00,002,045 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/01/04 11:47:46 | 00,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/04 11:14:13 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/03 23:27:19 | 00,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/03 13:06:14 | 00,038,006 | ---- | M] () -- C:\Users\John\Documents\CL-BarXHAir.pdf
[2010/01/03 13:05:47 | 00,038,077 | ---- | M] () -- C:\Users\John\Documents\CL-TransCapAir.pdf
[2010/01/03 13:05:21 | 00,038,205 | ---- | M] () -- C:\Users\John\Documents\CL-Porter.pdf
[2010/01/03 13:04:53 | 00,038,247 | ---- | M] () -- C:\Users\John\Documents\CL-Perimeter.pdf
[2010/01/03 13:04:33 | 00,038,019 | ---- | M] () -- C:\Users\John\Documents\CL-Flightexec.pdf
[2010/01/03 12:09:33 | 00,000,020 | ---- | M] () -- C:\Windows\ ¨c
[2010/01/01 23:08:14 | 00,000,155 | ---- | M] () -- C:\Users\John\AppData\Roaming\default.rss
[2010/01/01 22:34:34 | 00,001,924 | ---- | M] () -- C:\Users\John\Desktop\DVD Decrypter.lnk
[2010/01/01 21:39:36 | 00,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/01 17:18:12 | 00,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/01 17:15:32 | 00,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/12/31 14:08:24 | 00,010,719 | ---- | M] () -- C:\Users\John\Documents\lawyer response.docx
[2009/12/31 12:06:01 | 00,001,809 | ---- | M] () -- C:\Users\John\Desktop\UseNeXT.lnk
[2009/12/31 11:50:03 | 30,994,0067 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/31 11:37:38 | 00,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2009/12/31 10:11:16 | 00,018,079 | ---- | M] () -- C:\Users\John\Documents\CV-Wyndels.pdf
[2009/12/31 10:10:40 | 00,037,869 | ---- | M] () -- C:\Users\John\Documents\CL-CalmAir.pdf
[2009/12/31 10:03:26 | 00,022,121 | ---- | M] () -- C:\Users\John\Documents\signature.pdf
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 11:06:02 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/30 11:06:02 | 00,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/30 11:06:02 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/30 11:05:04 | 00,001,286 | ---- | M] () -- C:\Users\John\Desktop\Norton Installation Files.lnk
[2009/12/30 08:54:41 | 00,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2009/12/30 00:59:14 | 00,000,164 | ---- | M] () -- C:\Windows\install.dat
[2009/12/29 23:31:16 | 00,110,384 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/29 23:26:21 | 00,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2009/12/29 23:26:21 | 00,000,004 | ---- | M] () -- C:\Windows\System32\aspdict-en.dat
[2009/12/29 23:26:21 | 00,000,000 | ---- | M] () -- C:\Windows\System32\ab_bl.sig
[2009/12/29 23:24:20 | 00,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2009/12/29 19:43:47 | 00,414,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/29 19:36:03 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TMContainer00000000000000000002.regtrans-ms
[2009/12/29 19:36:03 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TMContainer00000000000000000001.regtrans-ms
[2009/12/29 19:36:03 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TM.blf
[2009/12/29 19:36:00 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/12/29 13:03:26 | 00,002,350 | ---- | M] () -- C:\Users\John\Desktop\TVersity.lnk
[2009/12/29 12:45:19 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TMContainer00000000000000000002.regtrans-ms
[2009/12/29 12:45:19 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TMContainer00000000000000000001.regtrans-ms
[2009/12/29 12:45:19 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TM.blf
[2009/12/29 10:50:26 | 00,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2009/12/28 22:02:30 | 00,013,248 | ---- | M] () -- C:\Users\John\Documents\xmas09.veg
[2009/12/28 22:02:22 | 00,013,248 | ---- | M] () -- C:\Users\John\Documents\xmas09.veg.bak
[2009/12/28 21:59:44 | 00,722,416 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/28 19:27:53 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/23 23:48:32 | 00,001,306 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2009/12/23 10:23:00 | 00,002,568 | ---- | M] () -- C:\Users\John\Documents\Register Vegas Pro.htm
[2009/12/23 10:15:14 | 00,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2009/12/23 09:31:29 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/22 14:13:31 | 00,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/22 12:31:47 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/12/22 11:12:15 | 00,001,098 | ---- | M] () -- C:\Users\John\Desktop\EVEREST Ultimate Edition.lnk
[2009/12/22 11:05:40 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 11:05:40 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 11:05:40 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TM.blf
[2009/12/22 10:55:18 | 00,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{0D91FE6E-9B68-489A-90E5-2CFEE51E76F5}
[2009/12/22 10:55:12 | 00,000,005 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{0D91FE6E-9B68-489A-90E5-2CFEE51E76F5}
[2009/12/22 10:52:33 | 00,001,784 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2009/12/22 10:40:27 | 00,000,020 | -HS- | M] () -- C:\Users\John\ntuser.ini
[2009/12/22 09:35:38 | 00,028,965 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/12/15 16:13:30 | 00,061,440 | ---- | M] (AxaraMedia.com) -- C:\Windows\System32\mslvddsfilter.ax

========== Files Created - No Company Name ==========

[2010/01/10 16:35:20 | 00,032,653 | ---- | C] () -- C:\Users\John\Desktop\LockSearch.exe
[2010/01/06 15:33:33 | 00,595,499 | ---- | C] () -- C:\Users\John\Desktop\Autoruns.zip
[2010/01/06 09:09:25 | 00,148,594 | ---- | C] () -- C:\Users\John\Desktop\RootRepeal.dmp
[2010/01/04 16:10:40 | 00,013,395 | ---- | C] () -- C:\Users\John\Documents\Facebook friends.pdf
[2010/01/04 15:51:18 | 04,744,253 | ---- | C] () -- C:\Users\John\Documents\Binder5.pdf
[2010/01/04 15:48:05 | 04,658,900 | ---- | C] () -- C:\Users\John\Documents\Binder4.pdf
[2010/01/04 15:40:09 | 04,598,251 | ---- | C] () -- C:\Users\John\Documents\Binder3.pdf
[2010/01/04 15:35:11 | 00,012,979 | ---- | C] () -- C:\Users\John\Documents\Apology.pdf
[2010/01/04 15:30:18 | 04,751,506 | ---- | C] () -- C:\Users\John\Documents\Comms regarding termination.pdf
[2010/01/04 15:20:00 | 00,070,068 | ---- | C] () -- C:\Users\John\Documents\Communications relating to termination.pdf
[2010/01/04 15:15:18 | 00,077,729 | ---- | C] () -- C:\Users\John\Documents\Letter_to_Tricia-Murdoch_Woods_(Nov_18_2009)[1].pdf
[2010/01/04 15:08:01 | 00,089,134 | ---- | C] () -- C:\Users\John\Documents\Gmail - Pension paper work - jwyndels@gmail.com.pdf
[2010/01/04 15:06:29 | 00,025,181 | ---- | C] () -- C:\Users\John\Documents\Letter regarding my termination.pdf
[2010/01/04 14:45:27 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/04 12:22:42 | 00,004,753 | ---- | C] () -- C:\Users\John\Desktop\DDS Attach.zip
[2010/01/04 12:21:20 | 00,000,015 | ---- | C] () -- C:\Users\John\Desktop\settings.dat
[2010/01/04 12:17:07 | 00,524,288 | ---- | C] () -- C:\Users\John\Desktop\dds.scr
[2010/01/04 12:08:18 | 00,002,045 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/01/04 11:47:46 | 00,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/04 11:26:05 | 00,011,926 | ---- | C] () -- C:\Users\John\Documents\Questions for Percy.docx
[2010/01/04 11:14:13 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/03 12:50:00 | 00,038,006 | ---- | C] () -- C:\Users\John\Documents\CL-BarXHAir.pdf
[2010/01/03 12:40:38 | 00,038,077 | ---- | C] () -- C:\Users\John\Documents\CL-TransCapAir.pdf
[2010/01/03 12:32:21 | 00,038,019 | ---- | C] () -- C:\Users\John\Documents\CL-Flightexec.pdf
[2010/01/03 12:25:07 | 00,038,247 | ---- | C] () -- C:\Users\John\Documents\CL-Perimeter.pdf
[2010/01/03 12:23:20 | 00,038,205 | ---- | C] () -- C:\Users\John\Documents\CL-Porter.pdf
[2010/01/03 12:09:32 | 00,000,020 | ---- | C] () -- C:\Windows\ ¨c
[2010/01/01 22:34:33 | 00,001,924 | ---- | C] () -- C:\Users\John\Desktop\DVD Decrypter.lnk
[2010/01/01 21:39:35 | 00,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/01/01 17:18:12 | 00,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/01 17:15:31 | 00,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/01/01 09:52:44 | 00,000,488 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for John.job
[2010/01/01 09:52:36 | 00,000,474 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for John.job
[2009/12/31 14:08:23 | 00,010,719 | ---- | C] () -- C:\Users\John\Documents\lawyer response.docx
[2009/12/31 11:50:03 | 30,994,0067 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/31 11:37:03 | 00,883,382 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\Cat.DB
[2009/12/31 10:11:14 | 00,018,079 | ---- | C] () -- C:\Users\John\Documents\CV-Wyndels.pdf
[2009/12/31 10:03:26 | 00,022,121 | ---- | C] () -- C:\Users\John\Documents\signature.pdf
[2009/12/30 16:22:09 | 00,007,774 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\symnetv.cat
[2009/12/30 16:22:09 | 00,007,493 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymDS.cat
[2009/12/30 16:22:09 | 00,007,431 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymEFA.cat
[2009/12/30 16:22:09 | 00,007,429 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtspx.cat
[2009/12/30 16:22:09 | 00,007,355 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymNet.cat
[2009/12/30 16:22:09 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymEFA.inf
[2009/12/30 16:22:09 | 00,002,793 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymDS.inf
[2009/12/30 16:22:09 | 00,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymNetV.inf
[2009/12/30 16:22:09 | 00,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymNet.inf
[2009/12/30 16:22:09 | 00,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtspx.inf
[2009/12/30 16:22:08 | 00,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtsp.cat
[2009/12/30 16:22:08 | 00,007,424 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\iron.cat
[2009/12/30 16:22:08 | 00,001,756 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\ccHPx86.inf
[2009/12/30 16:22:08 | 00,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtsp.inf
[2009/12/30 16:22:08 | 00,000,743 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\Iron.inf
[2009/12/30 16:22:07 | 00,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\cchpx86.cat
[2009/12/30 16:21:47 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\isolate.ini
[2009/12/30 14:08:33 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/30 14:08:33 | 00,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx
[2009/12/30 14:08:33 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/30 14:08:33 | 00,053,248 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2009/12/30 11:06:02 | 00,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/30 11:06:02 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/30 11:05:51 | 00,002,321 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2009/12/30 11:05:02 | 00,001,286 | ---- | C] () -- C:\Users\John\Desktop\Norton Installation Files.lnk
[2009/12/30 00:29:48 | 00,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/12/29 23:26:21 | 00,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009/12/29 23:26:21 | 00,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009/12/29 23:26:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\ab_bl.sig
[2009/12/29 23:24:20 | 00,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2009/12/29 22:24:11 | 00,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/12/29 19:36:03 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TMContainer00000000000000000002.regtrans-ms
[2009/12/29 19:36:03 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TMContainer00000000000000000001.regtrans-ms
[2009/12/29 19:36:02 | 00,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{77673ec1-f4d4-11de-a9e9-0015c546b2fb}.TM.blf
[2009/12/29 13:07:21 | 00,000,972 | ---- | C] () -- C:\Windows\System32\tversity.cookies
[2009/12/29 13:03:26 | 00,002,350 | ---- | C] () -- C:\Users\John\Desktop\TVersity.lnk
[2009/12/29 13:03:21 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/29 13:03:21 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/12/29 12:32:49 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TMContainer00000000000000000002.regtrans-ms
[2009/12/29 12:32:49 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TMContainer00000000000000000001.regtrans-ms
[2009/12/29 12:32:49 | 00,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{78c2b9c1-f4a8-11de-b2d9-0015c546b2fb}.TM.blf
[2009/12/29 10:50:26 | 00,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2009/12/29 10:27:08 | 02,575,872 | ---- | C] () -- C:\Users\John\Documents\Adobe Acrobat 9.0 Pro Extended Patch.exe
[2009/12/29 10:23:06 | 00,037,869 | ---- | C] () -- C:\Users\John\Documents\CL-CalmAir.pdf
[2009/12/29 09:25:48 | 00,000,155 | ---- | C] () -- C:\Users\John\AppData\Roaming\default.rss
[2009/12/28 21:59:44 | 00,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/28 21:02:50 | 00,013,248 | ---- | C] () -- C:\Users\John\Documents\xmas09.veg.bak
[2009/12/28 21:02:50 | 00,013,248 | ---- | C] () -- C:\Users\John\Documents\xmas09.veg
[2009/12/28 19:27:53 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/12/23 23:46:10 | 00,001,306 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2009/12/23 23:08:56 | 01,673,216 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/12/23 23:08:56 | 00,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/12/23 23:08:56 | 00,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/12/23 23:08:56 | 00,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/12/23 23:08:56 | 00,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/12/23 10:23:00 | 00,002,568 | ---- | C] () -- C:\Users\John\Documents\Register Vegas Pro.htm
[2009/12/23 10:15:13 | 00,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2009/12/23 09:31:29 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/22 14:13:30 | 00,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/22 12:31:47 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/12/22 12:31:45 | 00,383,200 | RHS- | C] () -- C:\bootmgr
[2009/12/22 11:36:43 | 00,001,809 | ---- | C] () -- C:\Users\John\Desktop\UseNeXT.lnk
[2009/12/22 11:12:14 | 00,001,098 | ---- | C] () -- C:\Users\John\Desktop\EVEREST Ultimate Edition.lnk
[2009/12/22 10:55:11 | 00,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{0D91FE6E-9B68-489A-90E5-2CFEE51E76F5}
[2009/12/22 10:54:11 | 00,000,005 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{0D91FE6E-9B68-489A-90E5-2CFEE51E76F5}
[2009/12/22 10:52:57 | 00,262,144 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2009/12/22 10:52:57 | 00,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2009/12/22 10:52:33 | 00,001,784 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2009/12/22 10:40:27 | 00,000,020 | -HS- | C] () -- C:\Users\John\ntuser.ini
[2009/12/22 10:40:26 | 02,097,152 | -HS- | C] () -- C:\Users\John\NTUSER.DAT
[2009/12/22 10:40:26 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:40:26 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:40:26 | 00,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{5e85c0c8-2e15-11de-b41c-001e0bcd1824}.TM.blf
[2009/12/22 09:32:27 | 16,093,83936 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/21 21:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/21 21:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/12/30 14:09:17 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Axara
[2009/12/30 00:27:56 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitDefender
[2009/12/28 22:27:52 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Pro
[2010/01/01 21:45:38 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2009/12/23 10:23:33 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers
[2009/12/23 10:29:25 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony
[2009/12/29 23:20:20 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\The Shield Deluxe
[2010/01/06 09:29:11 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Tific
[2010/01/03 17:33:57 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\UseNeXT
[2009/04/22 02:27:21 | 00,013,736 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/12/29 10:53:11 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Adobe
[2010/01/01 17:28:23 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Apple Computer
[2009/12/30 14:09:17 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Axara
[2009/12/30 00:27:56 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitDefender
[2009/12/28 22:27:52 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Pro
[2009/12/29 15:41:17 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\dvdcss
[2009/12/22 10:40:41 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Identities
[2010/01/01 21:45:38 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2009/12/22 10:52:06 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\InstallShield
[2009/12/22 21:30:58 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Macromedia
[2009/12/31 17:03:50 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2009/04/22 04:24:12 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2010/01/03 12:13:51 | 00,000,000 | --SD | M] -- C:\Users\John\AppData\Roaming\Microsoft
[2010/01/04 11:26:40 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla
[2009/12/30 13:58:13 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nero
[2009/12/23 10:23:33 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Publish Providers
[2009/12/23 10:29:25 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony
[2009/12/23 09:41:16 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony Corporation
[2009/12/31 16:51:09 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/29 23:20:20 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\The Shield Deluxe
[2010/01/06 09:29:11 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Tific
[2010/01/03 17:33:57 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\UseNeXT

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/04/21 23:24:12 | 00,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\drivers\AGP440.sys
[2009/04/21 23:24:12 | 00,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009/04/21 23:24:12 | 00,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/01/06 02:08:02 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys
[2009/04/21 23:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009/04/21 23:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/04/21 23:20:04 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\System32\cngaudit.dll
[2009/04/21 23:20:04 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/04/21 23:24:21 | 00,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\drivers\iaStorV.sys
[2009/04/21 23:24:21 | 00,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/04/21 23:24:21 | 00,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/21 23:21:18 | 00,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\System32\netlogon.dll
[2009/04/21 23:21:18 | 00,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/04/21 23:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\drivers\nvstor.sys
[2009/04/21 23:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009/04/21 23:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/04/21 23:21:47 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\System32\scecli.dll
[2009/04/21 23:21:47 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/21 23:20:19 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/04/21 23:20:19 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/21 23:22:16 | 00,488,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< End of report >

OTL Extras logfile created on: 10/01/2010 4:42:39 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\John\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107.03 Gb Total Space | 76.09 Gb Free Space | 71.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2945833319-3008934198-3135900196-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{188CEE76-0503-4910-A845-E1DC45685DA0}" = RangeBooster G WUA-2340
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3ce59092-d23b-4002-ad2c-6886dfa2893d}" = Nero 9 Trial
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Axara Video Converter_is1" = Axara Video Converter 3.5.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.1.1 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"ImTOO DVD to MP4 Converter 5" = ImTOO DVD to MP4 Converter 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"SystemRequirementsLab" = System Requirements Lab
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server Pro" = TVersity Media Server Pro 1.7.2.1 Beta
"UseNeXT_is1" = UseNeXT
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2945833319-3008934198-3135900196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/01/2010 12:52:25 AM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegAsm.exe, version: 2.0.50727.4918, time
stamp: 0x49d448e2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000111ff Faulting process id: 0x1608 Faulting application
start time: 0x01ca8dc2e00df62f Faulting application path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Faulting
module path: unknown Report Id: 1df60376-f9b6-11de-9fdf-0015c546b2fb

Error - 05/01/2010 10:24:26 AM | Computer Name = John-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 05/01/2010 10:25:13 AM | Computer Name = John-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 05/01/2010 12:04:46 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mcupdate.EXE, version: 6.1.7100.0, time
stamp: 0x49ee9835 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000111ff Faulting process id: 0x1204 Faulting application
start time: 0x01ca8e20cb6cd287 Faulting application path: C:\Windows\ehome\mcupdate.EXE
Faulting
module path: unknown Report Id: 0ac83679-fa14-11de-b59f-0015c546b2fb

Error - 06/01/2010 8:14:02 AM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7100.0, time
stamp: 0x49ee8c24 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0fd83b00 Faulting process id: 0x2dc Faulting application
start time: 0x01ca8e09b9cd679e Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: f9740bb4-fabc-11de-b59f-0015c546b2fb

Error - 06/01/2010 12:04:48 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mcupdate.EXE, version: 6.1.7100.0, time
stamp: 0x49ee9835 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000111ff Faulting process id: 0xa4c Faulting application
start time: 0x01ca8ee9f5ef136a Faulting application path: C:\Windows\ehome\mcupdate.EXE
Faulting
module path: unknown Report Id: 366f409d-fadd-11de-b5b2-0015c546b2fb

Error - 06/01/2010 5:06:48 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WZCSLDR2.exe, version: 1.0.10.7034, time
stamp: 0x45b03faf Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x014ce940 Faulting process id: 0xa0c Faulting application
start time: 0x01ca8efd0dc16cca Faulting application path: C:\Program Files\ANI\ANIWZCS2
Service\WZCSLDR2.exe Faulting module path: unknown Report Id: 667bca1a-fb07-11de-b5b2-0015c546b2fb

Error - 10/01/2010 12:25:50 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mcupdate.EXE, version: 6.1.7100.0, time
stamp: 0x49ee9835 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000111ff Faulting process id: 0x344 Faulting application
start time: 0x01ca92118ef461e4 Faulting application path: C:\Windows\ehome\mcupdate.EXE
Faulting
module path: unknown Report Id: d02977ac-fe04-11de-b658-0015c546b2fb

Error - 10/01/2010 2:12:02 PM | Computer Name = John-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 10/01/2010 2:12:46 PM | Computer Name = John-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

[ Media Center Events ]
Error - 22/12/2009 4:28:40 PM | Computer Name = John-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 22/12/2009 4:28:40 PM | Computer Name = John-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =

Error - 22/12/2009 4:30:40 PM | Computer Name = John-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 24/12/2009 12:03:55 AM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = 10:03:49 PM - Error connecting to the internet. 10:03:49 PM - Unable
to contact server..

[ System Events ]
Error - 06/01/2010 5:38:49 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 06/01/2010 5:38:49 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 06/01/2010 5:38:49 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 06/01/2010 5:38:49 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 06/01/2010 5:40:18 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068

Error - 06/01/2010 5:40:18 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 07/01/2010 2:23:56 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 07/01/2010 10:32:44 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/01/2010 1:28:18 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/01/2010 6:27:19 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

LockSearch by jpshortstuff (05.11.09.1)
Log created at 16:51 on 10/01/2010 (John)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------


C:\Windows\System32\drivers\sptd.sys
-------------------------
C:\Windows\System32\drivers\sptd.sys [Unable to get md5 : 722416 bytes]

-=E.O.F=-

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 10 January 2010 - 09:33 PM

Hello,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

==========

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Ask.com Toolbar


Additional instructions can be found here if needed.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.
  • You will see this warning based on your particular OS. Please select "Yes" and proceed.
    Posted Image

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Combofix.txt
* Gmer log
* Current problems

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 January 2010 - 01:35 AM

ComboFix 10-01-04.01 - John 10/01/2010 23:55:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.2.1033.18.2046.1017 [GMT -6:00]
Running from: c:\users\John\Desktop\thcbytes.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 06:06 . 2010-01-11 06:06 -------- d-----w- c:\users\Mcx1-JOHN-PC\AppData\Local\temp
2010-01-11 06:06 . 2010-01-11 06:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-11 02:21 . 2010-01-11 02:24 -------- d-----w- c:\users\John\AdobeLicensingFilesBackup
2010-01-11 02:20 . 2010-01-11 02:20 -------- d-----w- C:\LicRec
2010-01-11 01:26 . 2009-12-21 07:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\NAVENG.SYS
2010-01-11 01:26 . 2009-12-21 07:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\NAVENG32.DLL
2010-01-11 01:26 . 2009-12-21 07:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\NAVEX32A.DLL
2010-01-11 01:26 . 2009-12-21 07:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\NAVEX15.SYS
2010-01-11 01:26 . 2009-12-21 07:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\ERASER.SYS
2010-01-11 01:26 . 2009-12-21 07:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\EECTRL.SYS
2010-01-11 01:26 . 2009-12-21 07:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\CCERASER.DLL
2010-01-11 01:26 . 2009-12-21 07:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100110.017\ECMSVR32.DLL
2010-01-10 16:28 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-10 16:28 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-10 16:28 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-10 16:28 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-10 16:28 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-06 21:34 . 2010-01-06 21:34 -------- d-----w- C:\Autoruns
2010-01-06 15:29 . 2010-01-06 15:30 -------- d-----w- c:\users\John\AppData\Local\Tific
2010-01-06 15:29 . 2010-01-06 15:29 -------- d-----w- c:\users\John\AppData\Roaming\Tific
2010-01-06 15:29 . 2010-01-06 15:29 -------- d-----w- c:\users\John\AppData\Local\Symantec
2010-01-04 20:45 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-04 19:37 . 2009-04-22 05:20 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2010-01-04 18:23 . 2010-01-04 18:24 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-04 18:23 . 2010-01-04 18:23 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-04 18:21 . 2010-01-04 18:23 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-04 18:21 . 2010-01-04 18:21 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-04 18:20 . 2010-01-04 18:21 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-04 18:20 . 2010-01-04 18:20 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-04 18:11 . 2010-01-04 18:12 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-04 18:10 . 2010-01-04 18:10 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-04 18:09 . 2010-01-04 18:10 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-04 18:09 . 2010-01-04 18:09 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-04 18:08 . 2010-01-04 18:09 0 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-04 18:08 . 2010-01-04 18:08 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-04 18:08 . 2010-01-04 18:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 18:08 . 2010-01-04 18:08 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-04 17:53 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-04 17:52 . 2010-01-10 22:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 17:52 . 2010-01-10 22:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-04 17:47 . 2010-01-04 17:47 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-04 17:47 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-04 17:47 . 2010-01-04 17:53 -------- d-----w- c:\programdata\Lavasoft
2010-01-04 17:47 . 2010-01-04 17:47 -------- d-----w- c:\program files\Lavasoft
2010-01-04 17:26 . 2010-01-04 17:26 -------- d-----w- c:\users\John\AppData\Local\Mozilla
2010-01-03 18:12 . 2010-01-11 05:37 -------- d-----w- c:\users\John\Tracing
2010-01-03 18:11 . 2010-01-03 18:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-03 18:11 . 2009-08-06 04:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-03 18:10 . 2010-01-03 18:10 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-03 18:09 . 2010-01-03 18:09 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-03 18:08 . 2010-01-03 18:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-03 18:07 . 2010-01-03 18:11 -------- d-----w- c:\program files\Windows Live
2010-01-03 17:58 . 2010-01-03 17:58 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-03 17:57 . 2010-01-03 17:57 -------- d-----w- c:\windows\nvtmpinst
2010-01-03 17:55 . 2010-01-03 18:08 -------- d-----w- c:\program files\Microsoft
2010-01-02 04:34 . 2010-01-02 04:34 -------- d-----w- c:\program files\DVD Decrypter
2010-01-02 03:43 . 2010-01-02 03:45 -------- d-----w- c:\users\John\AppData\Roaming\ImgBurn
2010-01-02 03:39 . 2010-01-02 03:39 -------- d-----w- c:\program files\ImgBurn
2010-01-02 03:34 . 2010-01-02 03:34 -------- d-----w- c:\program files\Alex Feinman
2010-01-01 23:18 . 2010-01-01 23:29 -------- d-----w- c:\users\John\AppData\Local\Apple Computer
2010-01-01 23:18 . 2010-01-01 23:28 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-01-01 23:18 . 2010-01-04 17:53 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-01 23:18 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-01 23:18 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-01 23:17 . 2010-01-01 23:17 -------- d-----w- c:\program files\iPod
2010-01-01 23:17 . 2010-01-01 23:18 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 23:17 . 2010-01-01 23:18 -------- d-----w- c:\program files\iTunes
2010-01-01 23:16 . 2010-01-01 23:16 -------- d-----w- c:\program files\Bonjour
2010-01-01 23:15 . 2010-01-01 23:17 -------- d-----w- c:\programdata\Apple Computer
2010-01-01 23:15 . 2010-01-01 23:15 -------- d-----w- c:\program files\QuickTime
2010-01-01 23:15 . 2010-01-01 23:15 -------- d-----w- c:\users\John\AppData\Local\Apple
2010-01-01 23:14 . 2010-01-01 23:14 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 23:14 . 2010-01-01 23:17 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 23:14 . 2010-01-01 23:14 -------- d-----w- c:\programdata\Apple
2010-01-01 23:02 . 2010-01-01 23:02 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-01 23:02 . 2010-01-01 23:02 -------- d-----w- c:\windows\system32\AGEIA
2010-01-01 22:59 . 2010-01-01 22:59 -------- d-----w- C:\NVIDIA
2010-01-01 22:53 . 2010-01-01 22:53 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-31 23:03 . 2009-12-31 23:03 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2009-12-31 23:03 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 23:03 . 2009-12-31 23:03 -------- d-----w- c:\programdata\Malwarebytes
2009-12-31 23:03 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 23:03 . 2009-12-31 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 22:53 . 2010-01-11 00:31 52224 ----a-w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-31 22:53 . 2010-01-11 00:31 117760 ----a-w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 22:52 . 2009-12-31 22:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-31 22:51 . 2009-12-31 22:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 22:51 . 2009-12-31 22:51 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2009-12-31 22:48 . 2010-01-01 23:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 20:09 . 2009-12-30 20:09 -------- d-----w- c:\programdata\Axara
2009-12-30 20:09 . 2009-12-30 20:09 -------- d-----w- c:\users\John\AppData\Roaming\Axara
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\program files\Common Files\Axara
2009-12-30 20:08 . 2004-12-10 15:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2009-12-30 20:08 . 2003-05-22 04:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-30 20:08 . 2003-05-22 04:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-12-30 20:08 . 2004-07-04 02:08 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-30 20:08 . 2004-07-04 01:59 524288 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-30 20:08 . 2003-05-22 17:26 638976 ----a-w- c:\windows\system32\divx.dll
2009-12-30 20:08 . 2003-05-22 04:50 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2009-12-30 20:08 . 2002-08-20 05:41 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\program files\Axara
2009-12-30 17:06 . 2009-12-30 17:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-30 17:06 . 2009-12-30 17:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-30 17:06 . 2009-12-30 17:06 -------- d-----w- c:\program files\Symantec
2009-12-30 17:05 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2009-12-30 17:05 . 2010-01-06 15:29 965488 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll
2009-12-30 17:05 . 2009-09-01 09:01 893296 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\CLT\cltLMSx.dll
2009-12-30 17:05 . 2009-12-31 17:37 -------- d-----w- c:\windows\system32\drivers\NAV
2009-12-30 17:05 . 2009-12-30 17:05 -------- d-----w- c:\program files\Norton AntiVirus
2009-12-30 17:05 . 2009-12-30 17:05 -------- d-----w- c:\program files\NortonInstaller
2009-12-30 06:29 . 2009-12-30 14:54 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-30 06:27 . 2009-12-30 06:27 -------- d-----w- c:\users\John\AppData\Roaming\BitDefender
2009-12-30 05:26 . 2009-12-30 05:26 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-30 05:26 . 2009-12-30 05:26 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-30 05:24 . 2009-12-30 05:24 -------- d-----w- c:\programdata\BitDefender
2009-12-30 05:20 . 2009-12-30 05:20 -------- d-----w- c:\users\John\AppData\Roaming\The Shield Deluxe
2009-12-30 05:19 . 2009-12-30 15:12 -------- d-----w- c:\programdata\The Shield Deluxe
2009-12-30 05:19 . 2009-12-30 05:19 -------- d-----w- c:\program files\Common Files\The Shield Deluxe
2009-12-30 05:19 . 2009-12-30 05:19 -------- d-----w- c:\program files\The Shield Deluxe
2009-12-30 05:12 . 2009-12-30 05:12 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-30 04:28 . 2009-12-30 04:28 -------- d-----w- c:\program files\MSSOAP
2009-12-30 04:27 . 2009-12-30 04:27 -------- d-----w- c:\program files\Webroot
2009-12-30 04:24 . 2009-12-30 06:59 164 ----a-w- c:\windows\install.dat
2009-12-29 23:06 . 2009-12-29 23:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-29 21:41 . 2009-12-29 21:41 -------- d-----w- c:\users\John\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 08:08 . 2009-04-22 03:08 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-30 17:06 . 2009-12-30 17:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-30 17:06 . 2009-12-30 17:06 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-29 04:41 . 2009-04-22 08:55 -------- d-----w- c:\program files\MSBuild
2009-12-29 01:27 . 2009-12-29 01:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-23 15:35 . 2009-12-22 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 15:31 . 2009-12-23 15:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-22 22:29 . 2009-12-22 16:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-22 16:52 . 2009-12-22 16:52 -------- d-----w- c:\program files\ANI
2009-12-22 16:52 . 2009-12-22 16:52 -------- d-----w- c:\program files\D-Link
2009-12-22 16:52 . 2009-12-22 16:52 -------- d-----w- c:\users\John\AppData\Roaming\InstallShield
2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll
2009-11-12 23:07 . 2009-11-12 23:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [21/04/2009 8:07 PM 23120]
R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [21/04/2009 9:08 PM 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [21/04/2009 9:31 PM 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [21/04/2009 9:19 PM 58448]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\drivers\fvevol.sys [21/04/2009 9:10 PM 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [21/04/2009 9:08 PM 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [21/04/2009 9:32 PM 133200]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [04/01/2010 11:53 AM 64288]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [21/04/2009 9:08 PM 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [21/04/2009 9:08 PM 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [21/04/2009 9:19 PM 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [21/04/2009 6:36 PM 17488]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\System32\drivers\vmstorfl.sys [22/04/2009 4:23 AM 40912]
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NAV\1101000.013\SymDS.sys [30/12/2009 4:22 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1101000.013\SymEFA.sys [30/12/2009 4:22 PM 171056]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [21/04/2009 9:44 PM 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [21/04/2009 9:08 PM 52304]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [21/04/2009 9:09 PM 297040]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [04/12/2009 10:54 PM 529456]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [21/04/2009 9:20 PM 35328]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1101000.013\cchpx86.sys [30/12/2009 4:22 PM 501888]
R1 CSC;Offline Files Driver;c:\windows\System32\drivers\csc.sys [21/04/2009 9:12 PM 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [21/04/2009 9:11 PM 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [21/04/2009 9:21 PM 32768]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100106.001\IDSvix86.sys [10/01/2010 10:28 AM 343088]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [22/12/2009 10:52 AM 20384]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [21/04/2009 9:09 PM 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [21/04/2009 10:00 PM 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [21/04/2009 10:00 PM 7168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NAV\1101000.013\Ironx86.sys [30/12/2009 4:22 PM 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NAV\1101000.013\symtdiv.sys [30/12/2009 4:22 PM 339504]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\drivers\tdx.sys [21/04/2009 9:09 PM 74240]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [21/04/2009 9:53 PM 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [21/04/2009 9:52 PM 9728]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21/04/2009 9:16 PM 20992]
R2 CscService;Offline Files;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21/04/2009 9:16 PM 20992]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
R2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [21/04/2009 9:16 PM 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [21/04/2009 9:51 PM 48128]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [21/04/2009 9:13 PM 86528]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/12/2009 5:03 PM 235344]
R2 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21/04/2009 9:16 PM 20992]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [30/12/2009 4:21 PM 126392]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [21/04/2009 9:16 PM 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [21/04/2009 9:33 PM 586752]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [21/04/2009 9:16 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [21/04/2009 9:16 PM 20992]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [21/04/2009 9:52 PM 34816]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [21/04/2009 9:50 PM 162816]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [22/12/2009 10:52 AM 905728]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
R3 bowser;Browser Support Driver;c:\windows\System32\drivers\bowser.sys [21/04/2009 9:11 PM 69632]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [21/04/2009 9:43 PM 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [21/04/2009 9:23 PM 720384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31/12/2009 7:15 AM 102448]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [22/12/2009 11:12 AM 27248]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
R3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21/04/2009 9:16 PM 20992]
R3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [21/04/2009 9:09 PM 22528]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [31/12/2009 5:03 PM 19160]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [21/04/2009 9:23 PM 23552]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\drivers\mpsdrv.sys [21/04/2009 9:51 PM 60416]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [21/04/2009 9:11 PM 220672]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [21/04/2009 9:11 PM 94720]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [21/04/2009 9:50 PM 267264]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [21/04/2009 9:53 PM 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [21/04/2009 10:01 PM 18432]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\System32\drivers\srv2.sys [22/12/2009 11:03 AM 306688]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [21/04/2009 8:11 PM 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [21/04/2009 8:11 PM 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [21/04/2009 8:11 PM 661504]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [21/04/2009 9:12 PM 113664]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [21/04/2009 10:00 PM 30208]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [21/04/2009 9:52 PM 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [21/04/2009 9:50 PM 39936]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 7:19 AM 1184912]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
S2 sppsvc;Software Protection;c:\windows\System32\sppsvc.exe [21/04/2009 10:44 PM 3179520]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [21/04/2009 9:13 PM 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [20/03/2009 9:22 AM 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [21/04/2009 8:07 PM 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [20/03/2009 9:23 AM 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [27/03/2009 10:45 PM 159312]
S3 AppID;AppID Driver;c:\windows\System32\drivers\appid.sys [21/04/2009 9:35 PM 50176]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [21/04/2009 8:07 PM 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [20/03/2009 9:22 AM 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/04/2009 8:01 PM 229888]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [21/04/2009 10:55 PM 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [21/04/2009 10:56 PM 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [21/04/2009 10:53 PM 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [21/04/2009 10:55 PM 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [21/04/2009 10:55 PM 12160]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [21/04/2009 9:49 PM 37888]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [21/04/2009 9:16 PM 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [20/03/2009 9:22 AM 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [20/03/2009 9:23 AM 453712]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [23/12/2009 11:08 PM 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [23/12/2009 11:08 PM 8456]
S3 Filetrace;Filetrace;c:\windows\System32\drivers\filetrace.sys [21/04/2009 9:12 PM 28160]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [21/04/2009 9:12 PM 45648]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [03/01/2010 12:11 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [21/04/2009 8:52 PM 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [21/04/2009 8:07 PM 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [14/04/2009 8:30 PM 332368]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [21/04/2009 9:28 PM 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [21/04/2009 9:44 PM 186960]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [21/04/2009 8:07 PM 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [21/04/2009 8:07 PM 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [21/04/2009 8:07 PM 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [21/04/2009 8:07 PM 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [20/03/2009 9:23 AM 30800]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [21/04/2009 9:44 PM 130640]
S3 msahci;msahci;c:\windows\System32\drivers\msahci.sys [21/04/2009 9:44 PM 27728]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [21/04/2009 9:44 PM 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [21/04/2009 9:49 PM 4096]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [21/04/2009 9:09 PM 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [21/04/2009 9:45 PM 12288]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [21/04/2009 9:51 PM 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [21/04/2009 8:07 PM 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [14/04/2009 8:30 PM 142416]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [21/04/2009 9:16 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21/04/2009 9:16 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [21/04/2009 9:16 PM 20992]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [20/03/2009 9:23 AM 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [21/04/2009 8:07 PM 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [22/04/2009 4:23 AM 5632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\System32\drivers\scfilter.sys [21/04/2009 9:32 PM 26624]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [21/04/2009 9:16 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [21/04/2009 9:44 PM 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [21/04/2009 8:07 PM 77904]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\System32\drivers\smb.sys [21/04/2009 9:52 PM 71168]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [21/04/2009 8:07 PM 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [22/04/2009 4:23 AM 28240]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [21/04/2009 9:16 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [21/04/2009 9:16 PM 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [21/04/2009 9:20 PM 204800]
S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [21/04/2009 9:35 PM 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [21/04/2009 9:23 PM 57424]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [21/04/2009 9:49 PM 86016]
S3 VaultSvc;Credential Manager;c:\windows\System32\lsass.exe [21/04/2009 9:09 PM 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [21/04/2009 9:44 PM 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [21/04/2009 9:08 PM 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [22/04/2009 4:23 AM 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [22/04/2009 4:23 AM 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [20/03/2009 9:23 AM 141904]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [21/04/2009 9:50 PM 19968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [21/04/2009 9:45 PM 21632]
S3 wbengine;Block Level Backup Engine Service;c:\windows\System32\wbengine.exe [21/04/2009 9:21 PM 1203200]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [21/04/2009 9:16 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [21/04/2009 9:16 PM 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [21/04/2009 9:08 PM 19024]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [21/04/2009 9:16 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [21/04/2009 9:16 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [21/04/2009 9:16 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [21/04/2009 9:15 PM 19024]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [21/04/2009 9:16 PM 20992]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [21/04/2009 9:16 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [21/04/2009 9:16 PM 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21/04/2009 9:16 PM 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21/04/2009 9:16 PM 20992]
S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe [22/12/2009 10:52 AM 954368]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28/12/2009 9:59 PM 722416]
S4 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" --> c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider

.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-01-06 c:\windows\Tasks\Malwarebytes' Scheduled Scan for John.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-31 20:55]

2010-01-06 c:\windows\Tasks\Malwarebytes' Scheduled Update for John.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-31 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/forums/forum22.html
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\qw1apmea.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:10
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:11
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:11
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:11
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:11
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8598C826]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84cc06f0
QueryNameProcedure -> 0x84cc0880
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-11 00:15:14
ComboFix-quarantined-files.txt 2010-01-11 06:15

Pre-Run: 83,326,824,448 bytes free
Post-Run: 83,389,743,104 bytes free

- - End Of File - - C475AB9536077F98AAD3CD73A8F8344C

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 00:30:39
Windows 6.1.7100
Running: 6jws707x.exe; Driver: C:\Users\John\AppData\Local\Temp\kgldypog.sys


---- System - GMER 1.0.15 ----

SSDT 85E553E8 ZwAlertResumeThread
SSDT 85D7DCA0 ZwAlertThread
SSDT 86B727F0 ZwAllocateVirtualMemory
SSDT 85C452F0 ZwAlpcConnectPort
SSDT 86A82D50 ZwAssignProcessToJobObject
SSDT 85DC1BC8 ZwCreateMutant
SSDT 85DC1558 ZwCreateSymbolicLinkObject
SSDT 86B75A08 ZwCreateThread
SSDT 85DC1628 ZwCreateThreadEx
SSDT 86A828E8 ZwDebugActiveProcess
SSDT 86B72948 ZwDuplicateObject
SSDT 86B72650 ZwFreeVirtualMemory
SSDT 85E71CD0 ZwImpersonateAnonymousToken
SSDT 85E66790 ZwImpersonateThread
SSDT 85D3F8D0 ZwLoadDriver
SSDT 86B72570 ZwMapViewOfSection
SSDT 86A65538 ZwOpenEvent
SSDT 86B758F0 ZwOpenProcess
SSDT 85F1F850 ZwOpenProcessToken
SSDT 86A6F0E0 ZwOpenSection
SSDT 86B72A18 ZwOpenThread
SSDT 85DC1708 ZwProtectVirtualMemory
SSDT 85DCDD48 ZwResumeThread
SSDT 85F1C090 ZwSetContextThread
SSDT 86B72418 ZwSetInformationProcess
SSDT 85E74048 ZwSetSystemInformation
SSDT 86A68820 ZwSuspendProcess
SSDT 85C5BF50 ZwSuspendThread
SSDT 85F16890 ZwTerminateThread
SSDT 86A1FA00 ZwUnmapViewOfSection
SSDT 86B72720 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1B634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E33F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E341A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82A42549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A626B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ExQueueWorkItem + 1AC 82A6A930 8 Bytes CALL 232C8E88
.text ntkrnlpa.exe!ExQueueWorkItem + 1C4 82A6A948 4 Bytes [F0, 27, B7, 86]
.text ntkrnlpa.exe!ExQueueWorkItem + 1D0 82A6A954 2 Bytes [F0, 52]
.text ntkrnlpa.exe!ExQueueWorkItem + 1D3 82A6A957 1 Byte [85]
.text ntkrnlpa.exe!ExQueueWorkItem + 224 82A6A9A8 4 Bytes [50, 2D, A8, 86]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x94808340, 0x3EE217, 0xE8000020]
.text peauth.sys 9D632C9D 28 Bytes [84, 9A, 05, 14, 23, 44, 66, ...]
.text peauth.sys 9D632CC1 28 Bytes [84, 9A, 05, 14, 23, 44, 66, ...]
? C:\Users\John\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[688] ole32.dll!CoCreateInstance 7579672C 5 Bytes JMP 0090000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[308] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[308] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[308] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[308] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[308] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73BF245E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73BD55EF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73BD56AD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73BF24D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73BE853B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73BE4CEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73BE5096] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73BE516B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BE6698] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73BE8292] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73BE87E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73BE9044] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73BEE1E7] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[988] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73BE4C21] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1192] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1192] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1192] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2376] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2376] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2376] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2376] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2376] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74ED4A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8598C826

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA9 0x26 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCB 0xCD 0xA3 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x37 0x84 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA9 0x26 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCB 0xCD 0xA3 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x37 0x84 0x68 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Problems: Still getting redirected through IE. I did a test search through google for Xbox 360, when I clicked on a link I was redirected here: http://www.alltheautomotive.com/search-res...aspx?q=xbox+360

When I try and restart my protection services (Malwarebytes ANti-malware) I now get a "vBAccelerator SGrid II Con..." title with a "Run-time error '0'" error followed by another error screen titled Malwarebytes' Anti-Malware with a "Run-time error '440': Automation error. Malwarebytes won't start. Norton has started working properly though. Just still having issues with the redirects.

Edited by pilotguy1900, 11 January 2010 - 02:11 AM.


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 11 January 2010 - 01:00 PM

Well done :(

Looks like you have an infected System File and a Mbr rootkit that needs to be carefully replaced and fixed.

Please do this...........

Print these instructions

Booting into the Windows 7 WinRE Environment using Windows7 disk

Please insert your Windows 7 installation media into your CD-Rom/DVD drive and reboot your computer. During the reboot and at boot up you should see Press Any key to Boot from CD/DVD.... If you see that please press any key to continue and continue and follow the next set of instructions on "Using the Windows7 CD Disk to Access the Windows7 WinRE Environment". If not, please follow the next set of instructions on "How to Configure the System to Boot from CD/DVD" and then follow the steps to "Using the Windows 7 CD Disk to Access the Windows7 WinRE Environment ".

How to Configure the system to boot from CD/DVD

Some machines will automatically attempt boot from the CD if a CD is inserted, if that is the case, please skip the instructions below...
  • Please reboot your machine or turn it on (Without the CD)
  • As soon as the BIOS is loaded begin tapping tapping the F2 or F12 or perhaps F9, F10 or F11 (try all of them if unsure, starting with F2)
  • Different Machines have different keys.
  • This will bring up the configuration options, please use your arrow keys to go to the Boot Tab.
  • In the Boot tab, there should be instructions on your right-hand side on how to move your CD/DVD as the top or First Priority
  • After you have moved CD/DVD at the top/first priority, please make sure you SAVE AND EXIT <- Important
  • It will now exit with Configuration settings saved.
Using the Windows 7 CD Disk to Access the Windows 7 WinRE Environment
  • Insert the Windows 7 disk in your computer.
  • Restart your computer so you are booting off of the CD.
  • During the reboot and boot up you will get a message saying: "Press any key to boot from CD", press Enter on your keyboard.
  • Select your language options, Time and Keyboard and press Next
  • At the next prompt select the repair options.
  • Select your Operating System (Windows 7; the main one) from the list, and then press Next
  • Now press the Command Prompt option.
  • Enter the following green bolded print one line at a time and press enter on your keyboard after each line.
  • Wait for each command to be completed before continuing with the next one.

    ren C:\WINDOWS\system32\drivers\atapi.sys C:\WINDOWS\system32\drivers\atapi.old

    move C:\windows\system32\drivers\atapi.old C:\atapi.old

    copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys C:\windows\system32\drivers\atapi.sys


  • Press the Restart button Posted Image and remove your Windows 7 disk from the DVD drive. Windows should now begin to load.
==========

First:

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)


Next:

1. Go to Start -> Run, and type "notepad" into the box without the "".
2. Press ok.
3. Copy and paste the following code into notepad without the word "code":
mbr -f
4. Go to File -> Save
5. To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
6. Enter fix.bat into the "File name:" box just above the "Save as Type" box.
7. Double click fix.bat on your desktop.


A new MBR log will be created. Please post this.

==========

Please run Gmer again and post a log.

==========

With your next post please provide:

* Mbr log
* Gmer log
* How is it running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 January 2010 - 02:15 PM

When I try and enter any of the bolded green commands at the command prompt I get syntax errors for the first one, and file not found for the second one. Obviously because the first one isn't working.

I've arrived at the prompt exactly as directed. The CD I have is burnt from an ISO file of the final RC version of windows 7. I wonder if this is part of the problem???

I've also looked for the "FileRepository" directory. It doesn't exist.

Edited by pilotguy1900, 11 January 2010 - 02:15 PM.


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 11 January 2010 - 04:07 PM

Alright. We can do this a different way.

I've also looked for the "FileRepository" directory. It doesn't exist.

Yes it does. You just can't see it. :)

From your computer.....

< MD5 for: ATAPI.SYS >
[2010/01/06 02:08:02 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys
[2009/04/21 23:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009/04/21 23:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys


Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now you can see the files

==========

Do this please.....
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).
    copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys C:\ /y
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful.
  • Exit the Command Prompt window.
==========

:( Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.
Certain misuses of this program can prevent your system from ever starting again.
For this reason, it is strongly recommended to use The Avenger only as directed and under qualified supervision.
We can accept no responsibility for damage caused by misuse of the program.
:(

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    Files to move:C:\atapi.sys | C:\Windows\System32\drivers\atapi.sys
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
==========

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)


Next:

1. Go to Start -> Run, and type "notepad" into the box without the "".
2. Press ok.
3. Copy and paste the following code into notepad without the word "code":
mbr -f
4. Go to File -> Save
5. To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
6. Enter fix.bat into the "File name:" box just above the "Save as Type" box.
7. Double click fix.bat on your desktop.


A new MBR log will be created. Please post this.

==========

Please run Gmer again and post a log.

==========

With your next post please provide:

* Any troubles with The Avenger?
* Avenger log
* Mbr log
* Gmer log
* How is it running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 January 2010 - 05:08 PM

Ahh man... This is probably more frustrating for you than me.. Anyway

In order of instructions...

The file DID copy
Avenger completed step #1, rebooted and did nothing.. The log file says it all.
MBR doesn't seem happy...
GMER log attached. I have the original log still on my desktop in case it's needed again, so this log is called GMER2.log.



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not move file "C:\atapi.sys"
File move operation "C:\atapi.sys|C:\Windows\System32\drivers\atapi.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 16:06:40
Windows 6.1.7100
Running: 6jws707x.exe; Driver: C:\Users\John\AppData\Local\Temp\kgldypog.sys


---- System - GMER 1.0.15 ----

SSDT 86B7F048 ZwAlertResumeThread
SSDT 86B57048 ZwAlertThread
SSDT 86CE7C98 ZwAllocateVirtualMemory
SSDT 85F02168 ZwAlpcConnectPort
SSDT 86B7C048 ZwAssignProcessToJobObject
SSDT 86CCD1E0 ZwCreateMutant
SSDT 86D00BA8 ZwCreateSymbolicLinkObject
SSDT 86CCDEE0 ZwCreateThread
SSDT 86D00C78 ZwCreateThreadEx
SSDT 86B78048 ZwDebugActiveProcess
SSDT 86CCDC28 ZwDuplicateObject
SSDT 86CE7AF8 ZwFreeVirtualMemory
SSDT 86B66048 ZwImpersonateAnonymousToken
SSDT 86B4C048 ZwImpersonateThread
SSDT 85F05D58 ZwLoadDriver
SSDT 86CE7A18 ZwMapViewOfSection
SSDT 86B6A048 ZwOpenEvent
SSDT 86CCDDC8 ZwOpenProcess
SSDT 86B62048 ZwOpenProcessToken
SSDT 86B71048 ZwOpenSection
SSDT 86CCDCF8 ZwOpenThread
SSDT 86D00D58 ZwProtectVirtualMemory
SSDT 86B86048 ZwResumeThread
SSDT 85ED49B8 ZwSetContextThread
SSDT 86CCD6F0 ZwSetInformationProcess
SSDT 86B75048 ZwSetSystemInformation
SSDT 86B6D048 ZwSuspendProcess
SSDT 86B8E048 ZwSuspendThread
SSDT 86B01048 ZwTerminateThread
SSDT 86B08048 ZwUnmapViewOfSection
SSDT 86CE7BC8 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A032D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A02898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 82A6F549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8F6B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ExQueueWorkItem + 1AC 82A97930 8 Bytes [48, F0, B7, 86, 48, 70, B5, ...]
.text ntkrnlpa.exe!ExQueueWorkItem + 1C4 82A97948 4 Bytes [98, 7C, CE, 86]
.text ntkrnlpa.exe!ExQueueWorkItem + 1D0 82A97954 4 Bytes [68, 21, F0, 85]
.text ntkrnlpa.exe!ExQueueWorkItem + 224 82A979A8 4 Bytes [48, C0, B7, 86]
.text ntkrnlpa.exe!ExQueueWorkItem + 2A0 82A97A24 4 Bytes [E0, D1, CC, 86]
.text ...
? system32\drivers\dgjqov.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x94818340, 0x3EE217, 0xE8000020]
.text peauth.sys 99A23C9D 28 Bytes [C4, A3, 67, D0, E0, D5, 0F, ...]
.text peauth.sys 99A23CC1 28 Bytes [C4, A3, 67, D0, E0, D5, 0F, ...]
PAGE peauth.sys 99A29E20 101 Bytes [C9, AA, CB, 60, 60, 27, CA, ...]
PAGE peauth.sys 99A2A02C 102 Bytes [50, DB, 19, 6B, 40, DD, 46, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[704] ole32.dll!CoCreateInstance 76DF672C 5 Bytes JMP 005E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] ntdll.dll!RtlCreateUnicodeStringFromAsciiz + 32 770625F1 7 Bytes JMP 0363003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!EnableWindow 76AB801C 5 Bytes JMP 699E3A59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!GetAsyncKeyState 76ABA13E 5 Bytes JMP 699DDEA4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!CallNextHookEx 76ABAB7D 5 Bytes JMP 69A2AEB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!UnhookWindowsHookEx 76ABC6BC 5 Bytes JMP 69AE1E62 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!SetWindowsHookExW 76ABE104 5 Bytes JMP 69A77668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!CreateWindowExW 76ABE70A 5 Bytes JMP 69AB49A1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!GetKeyState 76AC2D0A 5 Bytes JMP 699E472B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!IsDialogMessageW 76AC4EEF 5 Bytes JMP 69B26510 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!CreateDialogParamA 76AD252A 5 Bytes JMP 69C16FD2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!IsDialogMessage 76AD268B 5 Bytes JMP 69C169DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!DialogBoxParamW 76AD3AB4 5 Bytes JMP 699EBF2D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!CreateDialogIndirectParamA 76AD758C 5 Bytes JMP 69C17009 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!CreateDialogIndirectParamW 76ADEF71 5 Bytes JMP 69C17040 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!CreateDialogParamW 76AE06ED 5 Bytes JMP 699E3BD2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!EndDialog 76AE0AB2 5 Bytes JMP 699DE976 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!DialogBoxIndirectParamW 76AE509D 5 Bytes JMP 69C16693 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!SetKeyboardState 76AE63A2 5 Bytes JMP 69C16D43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!SendInput 76AE6A16 5 Bytes JMP 69C176C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!DialogBoxParamA 76AFCB32 5 Bytes JMP 69C16630 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!DialogBoxIndirectParamA 76AFCE64 5 Bytes JMP 69C166F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!MessageBoxIndirectA 76B0E519 5 Bytes JMP 69C165C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!MessageBoxIndirectW 76B0E613 5 Bytes JMP 69C1655A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!MessageBoxExA 76B0E679 5 Bytes JMP 69C164F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!MessageBoxExW 76B0E69D 5 Bytes JMP 69C16496 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!keybd_event 76B0E8EB 5 Bytes JMP 69C178F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] SHELL32.dll!DllRegisterServer + 3B2B 75592AB8 1 Byte [8D]
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] SHELL32.dll!DllRegisterServer + 3B2B 75592AB8 4 Bytes [8D, 32, 7A, 64] {LEA ESI, [EDX]; JP 0x68}
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] SHELL32.dll!DllRegisterServer + 3B33 75592AC0 8 Bytes [DB, 31, 7A, 64, 69, 6F, 79, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] ole32.dll!CoUnmarshalInterface + 1DC5 76DD67A9 7 Bytes JMP 036301A6
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] ole32.dll!CoCreateInstance 76DF672C 5 Bytes JMP 69ADB0C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] ole32.dll!CoCreateInstance + 3E 76DF676A 7 Bytes JMP 036300F0
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] WS2_32.dll!closesocket 762A34F6 5 Bytes JMP 644CEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] WS2_32.dll!socket 762A3A38 5 Bytes JMP 644CE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] WS2_32.dll!getaddrinfo 762A5CF0 5 Bytes JMP 644CE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] WS2_32.dll!send 762A66EE 5 Bytes JMP 644CE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] WS2_32.dll!recv 762A683D 5 Bytes JMP 644CF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] WS2_32.dll!connect 762A6A93 5 Bytes JMP 644CE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] ntdll.dll!RtlCreateUnicodeStringFromAsciiz + 32 770625F1 7 Bytes JMP 0322003A
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!EnableWindow 76AB801C 5 Bytes JMP 699E3A59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!GetAsyncKeyState 76ABA13E 5 Bytes JMP 699DDEA4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!CallNextHookEx 76ABAB7D 5 Bytes JMP 69A2AEB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!UnhookWindowsHookEx 76ABC6BC 5 Bytes JMP 69AE1E62 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!SetWindowsHookExW 76ABE104 5 Bytes JMP 69A77668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!CreateWindowExW 76ABE70A 5 Bytes JMP 69AB49A1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!GetKeyState 76AC2D0A 5 Bytes JMP 699E472B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!IsDialogMessageW 76AC4EEF 5 Bytes JMP 69B26510 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!CreateDialogParamA 76AD252A 5 Bytes JMP 69C16FD2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!IsDialogMessage 76AD268B 5 Bytes JMP 69C169DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!DialogBoxParamW 76AD3AB4 5 Bytes JMP 699EBF2D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!CreateDialogIndirectParamA 76AD758C 5 Bytes JMP 69C17009 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!CreateDialogIndirectParamW 76ADEF71 5 Bytes JMP 69C17040 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!CreateDialogParamW 76AE06ED 5 Bytes JMP 699E3BD2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!EndDialog 76AE0AB2 5 Bytes JMP 699DE976 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!DialogBoxIndirectParamW 76AE509D 5 Bytes JMP 69C16693 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!SetKeyboardState 76AE63A2 5 Bytes JMP 69C16D43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!SendInput 76AE6A16 5 Bytes JMP 69C176C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!DialogBoxParamA 76AFCB32 5 Bytes JMP 69C16630 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!DialogBoxIndirectParamA 76AFCE64 5 Bytes JMP 69C166F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!MessageBoxIndirectA 76B0E519 5 Bytes JMP 69C165C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!MessageBoxIndirectW 76B0E613 5 Bytes JMP 69C1655A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!MessageBoxExA 76B0E679 5 Bytes JMP 69C164F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!MessageBoxExW 76B0E69D 5 Bytes JMP 69C16496 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] USER32.dll!keybd_event 76B0E8EB 5 Bytes JMP 69C178F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] SHELL32.dll!DllRegisterServer + 3B2B 75592AB8 1 Byte [8D]
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] SHELL32.dll!DllRegisterServer + 3B2B 75592AB8 4 Bytes [8D, 32, 7A, 64] {LEA ESI, [EDX]; JP 0x68}
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] SHELL32.dll!DllRegisterServer + 3B33 75592AC0 8 Bytes [DB, 31, 7A, 64, 69, 6F, 79, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] ole32.dll!CoUnmarshalInterface + 1DC5 76DD67A9 7 Bytes JMP 032201A2
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] ole32.dll!CoCreateInstance 76DF672C 5 Bytes JMP 69ADB0C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] ole32.dll!CoCreateInstance + 3E 76DF676A 7 Bytes JMP 032200EE
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] WS2_32.dll!closesocket 762A34F6 5 Bytes JMP 644CEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] WS2_32.dll!socket 762A3A38 5 Bytes JMP 644CE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] WS2_32.dll!getaddrinfo 762A5CF0 5 Bytes JMP 644CE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] WS2_32.dll!send 762A66EE 5 Bytes JMP 644CE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] WS2_32.dll!recv 762A683D 5 Bytes JMP 644CF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6020] WS2_32.dll!connect 762A6A93 5 Bytes JMP 644CE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!CreateWindowExW 76ABE70A 5 Bytes JMP 69AB49A1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!DialogBoxParamW 76AD3AB4 5 Bytes JMP 699EBF2D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!DialogBoxIndirectParamW 76AE509D 5 Bytes JMP 69C16693 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!DialogBoxParamA 76AFCB32 5 Bytes JMP 69C16630 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!DialogBoxIndirectParamA 76AFCE64 5 Bytes JMP 69C166F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!MessageBoxIndirectA 76B0E519 5 Bytes JMP 69C165C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!MessageBoxIndirectW 76B0E613 5 Bytes JMP 69C1655A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!MessageBoxExA 76B0E679 5 Bytes JMP 69C164F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6052] USER32.dll!MessageBoxExW 76B0E69D 5 Bytes JMP 69C16496 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1228] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1228] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1228] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1228] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1228] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1228] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [64793556] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64791AF7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6478BF4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [647937BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [64795524] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [647943A7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [64794A80] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [64791967] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6478EF33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [647902DC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6478F6D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [64791AF7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6478FC64] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [647908C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [64793556] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [647902DC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [647908C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [647926FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6478EDDC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6478EF33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6478F6D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [64791AF7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [64794A80] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [647943A7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6478DB76] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [647902DC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [64793556] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6478D91D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6478DA48] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [64790193] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [64791967] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6478D7F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [64793E15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [64795524] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [64794334] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6479471E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [64797E02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [64798588] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6479814C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [64797A1D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6479889C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [64798CA1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6479783A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [647988EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [64797B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [64797512] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [647978E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [64798460] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [64798288] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [64798328] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [64797ABB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [64799761] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [64799156] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6479959A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [64797BEE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [64797B0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [647976AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [647993C4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [64797799] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6479981A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6479947D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [647973B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [647992C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [64797DB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [64797C86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [64797E4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6479893D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [64797982] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [64798B38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [647984F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [647995F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [64798EAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [64799A39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [647989DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [647976FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [64798BF1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [64797462] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [64797F84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [647981E4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [64798626] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6479801C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [647980B4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6479953C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [64798A85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6478D5D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [64790B4C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [64791528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [64791043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [647905E4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6478F6D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6478F455] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6478ECA5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [64792423] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6478EF33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6478E79B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6478E184] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [647926FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [647923FE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6478E522] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6478FC64] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6478EA23] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6479953C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [647994DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [647985D4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [647988EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [647989DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [647978E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [64798B96] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [647999DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [64798BF1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [64799A39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6479783A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2676] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D6245E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D455EF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D456AD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D624D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D5853B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D54CEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D55096] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D5516B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D56698] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D58292] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D587E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D59044] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D5E1E7] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D54C21] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7100.0_none_69badf24eb1ea50c\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3996] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3996] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3996] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4004] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4004] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75074A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [64793556] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64791AF7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6478BF4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [647937BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [64795524] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [647943A7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [64794A80] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [64791967] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6478EF33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [647902DC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6478F6D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [64791AF7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6478FC64] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [647908C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [64793556] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [647902DC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [647908C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [647926FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6478EDDC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6478EF33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6478F6D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [64791AF7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [64794A80] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [647943A7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6478DB76] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [647902DC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [64793556] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6478D91D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6478DA48] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [64790193] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [64791967] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6478D7F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [64793E15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [64795524] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [64794334] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6479471E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [64797E02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [64798588] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6479814C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [64797A1D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6479889C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [64798CA1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6479783A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [647988EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [64797B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [64797512] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [647978E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [64798460] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [64798288] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [64798328] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [64797ABB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [64799761] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [64799156] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6479959A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [64797BEE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [64797B0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [647976AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [647993C4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [64797799] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6479981A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6479947D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [647973B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [647992C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [64797DB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [64797C86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [64797E4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6479893D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [64797982] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [64798B38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [647984F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [647995F2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [64798EAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [64799A39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [647989DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [647976FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [64798BF1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [64797462] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [64797F84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [647981E4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [64798626] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6479801C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [647980B4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6479953C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [64798A85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6478D5D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [64790B4C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [64791528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [64791043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [647905E4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6478F6D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6478F455] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6478ECA5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [64792423] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6478EF33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6478E79B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6478E184] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [647926FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [647923FE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6478E522] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6478FC64] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6478EA23] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [647917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6479165F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6479953C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [647994DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [647985D4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [647988EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [647989DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [647978E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [64798B96] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [647999DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [64798BF1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [64799A39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6479783A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6020] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [64789C74] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\0000005f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 859A1826

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA9 0x26 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCB 0xCD 0xA3 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x37 0x84 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA9 0x26 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCB 0xCD 0xA3 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x37 0x84 0x68 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 11 January 2010 - 05:29 PM

I understand your frustration. We will get it. :(

I have a few questions.
  • When you ran Combofix did it install the Windows Recovery Console?
  • When you boot Windows normally do you get a quick screen that gives you the option to boot the Windows Recovery Console or Windows 7?
Please carefully try this..

1. Go to the c:\windows\system32\drivers folder

2. Locate the file - atapi.sys

3. Drag and move the file to Desktop

4. Wait 5 secs and press F5 to see if the operating system regenerated a fresh copy in c:\windows\system32\drivers folder

5a. If a fresh copy is regenerated, reboot the machine

5b. If a fresh copy ISN'T regenerated, move the copy from Desktop back.


If 5a was carried out, run GMER and post back the report. Are browsers redirecting?

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 January 2010 - 06:01 PM

No frustration here actually.... I'm very interested in knowing what's happening tho...

When I ran ComboFix it did not bring up any text box notifying me of Recovery Console being installed, so I assume I already have that installed.

During a normal boot sequence, my system does the usual... BIOS loads up and then the OS... Basically right into the Win 7 splash screen.

I moved ATAPI.SYS to the desktop, nothing renewed itself in the windows\system32\drivers directory... so moving it back now.

On the upside, I just checked my browser now on the laptop (system in question) and it appears to be functioning normally now in that it isn't redirecting.

Edited by pilotguy1900, 11 January 2010 - 06:03 PM.


#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 AM

Posted 11 January 2010 - 09:18 PM

Hi,

On the upside, I just checked my browser now on the laptop (system in question) and it appears to be functioning normally now in that it isn't redirecting.

The only reason it is not redirecting is because that atapi.sys file is infected! Since you moved it out of the drivers folder the redirects stopped. But....it must be in the drivers folder or the computer will not boot!! And in most circumstances you can't move a clean file into its place in a live environment....so....let's boot back into the Windows 7 Recovery environment and try this again...

If it fails then I will instruct you how to boot an alternative OS and we will replace the file there. :(

Boot back into the Window 7 recovery Environment and enter these commands on line at a time. Pay very close attention to spaces and periods...etc..

move C:\windows\system32\drivers\atapi.sys C:\atapi.bad

Press Enter

copy C:\atapi.sys C:\windows\system32\drivers\atapi.sys

Press Enter

Boot back into Windows......redirects stop?

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 pilotguy1900

pilotguy1900
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 January 2010 - 11:27 PM

:(

Those commands worked and no redirects. Not sure if you want any log files??

Thanks sooooo much!!

Any suggestions for software I should (or shouldn't) be running to help prevent this again???

Edited by pilotguy1900, 11 January 2010 - 11:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users