Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Browser Hijack


  • This topic is locked This topic is locked
22 replies to this topic

#1 alandaband

alandaband

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 20 January 2010 - 11:03 PM

For the past week, I have been having my browser (Firefox 3.0.17) redirected whenever I click on a link on Google. I am often redirected to miscellaneous webpages such as info.com and others. At one point, I had gmail and certain other log-in sites crash when I entered them. That problem has since disappeared after installing Symantec Endpoint Protection.

I have also tried to use Acronis Universal Restore to restore my system from a previous image but had an error that told me that there was poor media quality. I am unsure of whether or not this was caused by malware of if the image was faulty when created.

I have run DDS and RootRepeal which I have added to the end of this post.
RootRepeal gave me an error requesting that I run chkdsk.

I have installed Symantec Endpoint Protection which found some viruses and cleared them but I am still having some trouble internet browsing. I am unsure of whether or not any viruses / malware have resurfaced since the last cleaning.

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by achan066 at 16:38:06.04 on Wed 01/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1940 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\achan066\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf
uWindow Title = Microsoft Internet Explorer provided by St. John's University
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALO: {506cd401-5203-4b27-bb5a-03c97758fd02} - c:\windows\system32\lastmon.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\achan066\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TP4EX] tp4ex.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageechoenterpriseserver\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageechoenterpriseserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\achan066\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\docume~1\achan066\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with ImTOO Download YouTube Video - c:\program files\imtoo\download youtube video\upod_link.HTM
IE: Download with ImTOO YouTube Video Converter - c:\program files\imtoo\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxps://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120763170514
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147371192171
DPF: {74FFE28D-2378-11D5-990C-006094235084} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\ibmegath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.5184143518
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\AcpControl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\achan066\applic~1\mozilla\firefox\profiles\d283c0xo.default\
FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf
FF - component: c:\documents and settings\achan066\application data\mozilla\firefox\profiles\d283c0xo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\achan066\application data\mozilla\firefox\profiles\d283c0xo.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\program files\mozilla firefox\components\bddcdefd.dll
FF - plugin: c:\documents and settings\achan066\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2005-12-21 6912]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-5-10 14208]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-7-8 108392]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2003-7-1 104000]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-15 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100119.051\NAVENG.SYS [2010-1-20 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100119.051\NAVEX15.SYS [2010-1-20 1323568]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-5-10 6016]
S0 25fed24de8dbf5c23d782a1a0853b1d6;25fed24de8dbf5c23d782a1a0853b1d6;c:\windows\system32\25fed24de8dbf5c23d782a1a0853b1d6.sys [2010-1-9 39936]
S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys --> c:\windows\system32\drivers\am5211.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]

=============== Created Last 30 ================

2010-01-20 21:27:03 0 d-----w- c:\docume~1\achan066\applic~1\Office Genuine Advantage
2010-01-16 04:51:58 0 d-----w- C:\swshare
2010-01-16 04:37:15 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-01-16 04:35:53 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-01-16 04:35:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-16 04:35:29 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-16 04:35:29 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-16 04:35:29 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-16 04:34:30 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
2010-01-16 04:34:02 0 d-----w- c:\program files\common files\Symantec Shared
2010-01-16 04:34:01 0 d-----w- c:\program files\Symantec
2010-01-16 04:34:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-16 03:35:06 0 d-----w- C:\Test
2010-01-13 01:31:17 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 19:20:02 39936 ----a-w- c:\windows\system32\25fed24de8dbf5c23d782a1a0853b1d6.sys
2010-01-09 19:20:01 201744 ----a-w- c:\windows\system32\lastmon.dll
2010-01-09 19:17:48 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-01-09 19:17:48 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-01-09 19:15:59 2979 ------w- c:\windows\hpwmdl22.dat.temp
2010-01-09 19:09:42 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-01-09 18:57:06 0 d-----w- c:\windows\hpojp8500a909
2010-01-09 18:56:02 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2010-01-09 18:56:01 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-09 18:55:40 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2010-01-09 18:55:40 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2010-01-09 18:55:40 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-09 18:55:40 294912 ----a-r- c:\windows\system32\hpovst11.dll
2010-01-09 18:52:29 0 d-----w- c:\program files\common files\HP
2010-01-09 18:52:29 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-01-09 18:51:28 0 d-----w- c:\program files\HP
2010-01-09 18:46:57 2979 ------w- c:\windows\hpwmdl22.dat
2010-01-09 18:46:57 188758 ----a-w- c:\windows\hpwins22.dat
2010-01-04 05:08:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-04 05:08:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 02:50:32 0 d-----w- c:\program files\Comical
2009-12-22 23:49:41 3699424 ----atw- c:\windows\DXM10.tmp
2009-12-22 22:55:01 0 d-----w- c:\program files\Square Soft, Inc
2009-12-22 22:41:34 0 d-----w- c:\program files\DAEMON Tools Lite
2009-12-22 02:02:50 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

==================== Find3M ====================

2010-01-20 21:10:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-20 21:09:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-15 06:02:20 183688 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-14 01:17:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-14 01:17:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll

============= FINISH: 16:39:12.54 ===============
[/codebox][/spoiler]

Attach

[spoiler][codebox]
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2008 11:13:00 AM
System Uptime: 1/20/2010 4:09:21 PM (0 hours ago)

Motherboard: LENOVO | | 9444A11
Processor: Genuine Intel CPU T2400 @ 1.83GHz | None | 987/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 14.756 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 279 GiB total, 71.662 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_202E17AA&REV_00\4&6B16D5B&0&01F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_202E17AA&REV_00\4&6B16D5B&0&01F0
Service: ohci1394

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: 8500 A909g,192.168.1.3
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\PRINTER\0000
Service:

==== System Restore Points ===================

RP72: 12/12/2009 4:22:49 AM - System Checkpoint
RP73: 12/12/2009 2:15:39 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP74: 12/13/2009 8:07:03 PM - Software Distribution Service 3.0
RP75: 12/14/2009 12:11:53 PM - Software Distribution Service 3.0
RP76: 12/15/2009 7:51:18 PM - Software Distribution Service 3.0
RP77: 12/15/2009 10:49:03 PM - Software Distribution Service 3.0
RP78: 12/15/2009 10:55:45 PM - Printer Driver Microsoft XPS Document Writer Installed
RP79: 12/16/2009 3:52:33 PM - Logitech Webcam Software v12.0.1278
RP80: 12/17/2009 4:27:59 PM - System Checkpoint
RP81: 12/19/2009 2:41:00 AM - System Checkpoint
RP82: 12/21/2009 9:02:50 PM - SPTD setup V1.56
RP83: 12/25/2009 1:08:44 PM - System Checkpoint
RP84: 12/29/2009 11:47:14 PM - System Checkpoint
RP85: 1/1/2010 4:25:28 PM - System Checkpoint
RP86: 1/4/2010 12:08:22 AM - Installed Java™ 6 Update 17
RP87: 1/7/2010 12:37:48 PM - System Checkpoint
RP88: 1/9/2010 2:02:21 PM - Printer Driver HP Officejet Pro 8500 A909g Series fax Installed
RP89: 1/10/2010 9:42:12 PM - System Checkpoint
RP90: 1/13/2010 12:53:27 PM - Software Distribution Service 3.0
RP91: 1/15/2010 12:38:59 AM - Cleaned registry with Windows Live OneCare safety scanner
RP92: 1/15/2010 9:51:58 PM - Removed McAfee VirusScan Enterprise
RP93: 1/15/2010 10:48:37 PM - Removed Ad-Aware 2007
RP94: 1/15/2010 11:32:50 PM - Installed Symantec Endpoint Protection.
RP95: 1/18/2010 4:08:01 PM - Installed Windows Defender
RP96: 1/19/2010 10:03:13 PM - System Checkpoint
RP97: 1/20/2010 11:57:11 AM - Software Distribution Service 3.0
RP98: 1/20/2010 4:07:27 PM - Software Distribution Service 3.0

==== Installed Programs ======================


Torrent
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
Access Help
ACDSee Pro 2.5
Acronis True Image Echo Enterprise Server
AcronisUniversalRestore for AcronisTrueImageEchoEnterpriseServer
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
BufferChm
Comical 0.8
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
Diskeeper 2007 Pro Premier
DivX Codec
DivX Version Checker
DocMgr
DocProc
DoremiSoft AVI to MP3 Converter 1.0
Fax
Google Chrome
GPBaseService2
Help Center
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Integrated 56K Modem
IBM SATA Power Management Driver
ImTOO Download YouTube Video
ImTOO DVD Audio Ripper 5
ImTOO FLV Converter
ImTOO MOV Converter
ImTOO YouTube Video Converter
Intel Graphics Media Accelerator Driver
Intel PRO Network Adapters and Drivers
Intel PROSet for Wired Connections
Intel PROSet/Wireless Software
InterVideo WinDVD
iTunes
Java™ 6 Update 17
K-Lite Codec Pack 4.8.5 (Full)
LiveUpdate 3.3 (Symantec Corporation)
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Flash Player 8
Macromedia Shockwave Player
mCore
mDriver
MELL Microsoft Office Standard Edition 2003 Collection
Message Center Plus
Messageware Plus Pack Base Component
Messageware Plus Pack Compress Attachments
Messageware Plus Pack English Dictionary
Messageware Plus Pack Spell Check Component
Messageware Plus Pack Thesaurus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mobile Broadband Generic Drivers
Mozilla Firefox (3.0.17)
mPfMgr
MPM
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
Netscape (7.2)
Network
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
PC-Doctor 5 for Windows
PDF Settings
Power Tab Editor 1.7
ProductContext
Productivity Center Supplement for ThinkPad
QuickTime
Rainmeter (remove only)
RealPlayer
RecordNow Audio
RecordNow Copy
RecordNow Data
Rescue and Recovery - Client Security Solution
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.1
SmartWebPrinting
Software Installer
SolutionCenter
Sonic DLA
Sonic Express Labeler
SoundMAX
Status
Symantec Endpoint Protection
System Migration Assistant
System Update
TBS WMP Plug-in
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Productivity Center
Toolbox
TrackPoint Accessibility Features
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VZAccess Manager
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/19/2010 11:13:46 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 806e694f, parameter3 ba507c30, parameter4 ba50792c.
1/16/2010 6:17:13 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/15/2010 9:42:06 PM, error: Service Control Manager [7024] - The Network Associates McShield service terminated with service-specific error 5022 (0x139E).
1/15/2010 8:41:36 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302712D28. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/15/2010 8:41:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001302712D28 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/15/2010 10:52:09 PM, error: PlugPlayManager [11] - The device Root\LEGACY_25FED24DE8DBF5C23D782A1A0853B1D6\0000 disappeared from the system without first being prepared for removal.
1/15/2010 10:52:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ohci1394
1/14/2010 7:20:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/13/2010 6:51:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
1/13/2010 6:51:01 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/13/2010 6:51:01 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================


RootRepeal

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/01/20 16:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x93EC8000 Size: 876544 File Visible: No Signed: -
Status: -

Name: PCI_PNP6128
Image Path: \Driver\PCI_PNP6128
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x930B3000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spbg.sys
Image Path: spbg.sys
Address: 0xB9EA7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\minint
Status: Locked to the Windows API!

Path: C:\preboot
Status: Locked to the Windows API!

Path: C:\RRbackups
Status: Locked to the Windows API!

Path: \\?\C:\minint\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\biosinfo.inf
Status: Invisible to the Windows API!

Path: C:\minint\bootfix.nib
Status: Invisible to the Windows API!

Path: C:\minint\debug
Status: Invisible to the Windows API!

Path: C:\minint\FBA
Status: Invisible to the Windows API!

Path: C:\minint\Fonts
Status: Invisible to the Windows API!

Path: C:\minint\help
Status: Invisible to the Windows API!

Path: C:\minint\inf
Status: Invisible to the Windows API!

Path: C:\minint\listpdt.ver
Status: Invisible to the Windows API!

Path: C:\minint\minint
Status: Invisible to the Windows API!

Path: C:\minint\msagent
Status: Invisible to the Windows API!

Path: C:\minint\ntdetect.com
Status: Invisible to the Windows API!

Path: C:\minint\pdalang.txt
Status: Invisible to the Windows API!

Path: C:\minint\pdaversion.txt
Status: Invisible to the Windows API!

Path: C:\minint\setupact.log
Status: Invisible to the Windows API!

Path: C:\minint\setupapi.log
Status: Invisible to the Windows API!

Path: C:\minint\setuperr.log
Status: Invisible to the Windows API!

Path: C:\minint\setupldr.bin
Status: Invisible to the Windows API!

Path: C:\minint\spcmdcon.sys
Status: Invisible to the Windows API!

Path: C:\minint\system32
Status: Invisible to the Windows API!

Path: C:\minint\txtsetup.sif
Status: Invisible to the Windows API!

Path: C:\minint\win.ini
Status: Invisible to the Windows API!

Path: C:\minint\winbom.ini
Status: Invisible to the Windows API!

Path: C:\minint\WinSxS
Status: Invisible to the Windows API!

Path: C:\minint\Z062ZEXE.pdt
Status: Invisible to the Windows API!

Path: \\?\C:\preboot\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\preboot\helps
Status: Invisible to the Windows API!

Path: C:\preboot\ibmwork
Status: Invisible to the Windows API!

Path: C:\preboot\IUB
Status: Invisible to the Windows API!

Path: C:\preboot\Java
Status: Invisible to the Windows API!

Path: C:\preboot\opera
Status: Invisible to the Windows API!

Path: C:\preboot\operafav
Status: Invisible to the Windows API!

Path: C:\preboot\python24
Status: Invisible to the Windows API!

Path: C:\preboot\Recovery
Status: Invisible to the Windows API!

Path: C:\preboot\rr
Status: Invisible to the Windows API!

Path: C:\preboot\security
Status: Invisible to the Windows API!

Path: C:\preboot\startup
Status: Invisible to the Windows API!

Path: C:\preboot\sysinfo
Status: Invisible to the Windows API!

Path: C:\preboot\usrintfc
Status: Invisible to the Windows API!

Path: C:\preboot\utils
Status: Invisible to the Windows API!

Path: C:\preboot\warnt
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\system
Status: Invisible to the Windows API!

Path: C:\RRbackups\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\tvt.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\minint\debug\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\debug\NetSetup.LOG
Status: Invisible to the Windows API!

Path: C:\minint\debug\PASSWD.LOG
Status: Invisible to the Windows API!

Path: \\?\C:\minint\FBA\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\FBA\FBALOG.TXT
Status: Invisible to the Windows API!

Path: \\?\C:\minint\Fonts\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\Fonts\8514fix.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixt.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oem.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oeme.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oemg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oemr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oemt.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514sys.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514syse.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514sysg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514sysr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514syst.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85855.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85f1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85f1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85s1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85s1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85s874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ahronbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\andlso.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSA.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAU.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAUB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAUI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAUZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app855.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\arial.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\arialbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ariali.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ariblk.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\artrbdo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\artro.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWA.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAU.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAUB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAUI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAUZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\comic.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\comicbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIA.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAU.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAUB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAUI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAUZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coue1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cour.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coure.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couree.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coureg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courer.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couret.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courf.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courfe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courfg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courfr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couri.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\david.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\davidtr.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\dos737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\dosapp.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\estre.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85f874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\arialbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coue1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\davidbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\framd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mangal.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sere1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smae1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserife.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trado.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCIBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\framdit.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\frank.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Gautami.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgia.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgiab.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgiai.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgiaz.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\impact.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Kartika.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\latha.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsans.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsansd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsansdi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsansi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lucon.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lvnm.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lvnmbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\l_10646.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\marlett.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\micross.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\modern.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriam.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriamc.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriamfx.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriamtr.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\msdlg874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mvboli.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\nrkis.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\pala.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\palab.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\palabi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\palai.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Raavi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\rod.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\rodtr.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\roman.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\script.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sere1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serife.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifee.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifeg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifer.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifet.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriff.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriffe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriffg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriffr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Shruti.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\simpbdo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\simpfxo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\simpo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smae1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smaf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smaf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smalle.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallee.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smalleg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smaller.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallet.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallf.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallfe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallfg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallfr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssee1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssee1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssee874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssef1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssef1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssef874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifee.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifeg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifer.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifet.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriff.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriffe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriffg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriffr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sylfaen.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\symbol.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\tahoma.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\tahomabd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\times.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\timesbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\timesbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\timesi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\tradbdo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebuc.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebucbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebucbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebucit.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Tunga.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCIB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCII.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCIL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdana.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdanab.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdanai.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdanaz.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga855.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga860.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga863.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga865.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaf874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafix.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixt.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaoem.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgas1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgas1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgas874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasys.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasyse.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasysg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasysr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasyst.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Vrinda.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\webdings.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\wingding.ttf
Status: Invisible to the Windows API!

Path: \\?\C:\minint\help\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\help\agt0401.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0405.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0406.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0407.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0408.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040b.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040c.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040d.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040e.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0410.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0413.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0414.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0415.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0416.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0419.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt041d.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt041f.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0816.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0c0a.hlp
Status: Invisible to the Windows API!

Path: \\?\C:\minint\inf\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\inf\1394.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\ATMELTPM.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\B57WIN32.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\B57XP32.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\battery.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\bcm4sbxp.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\cdrom.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\cpu.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\disk.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\display.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\E1000325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E100A325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E100ANT5.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E100B325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E101D325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\e1e5132.cat
Status: Invisible to the Windows API!

Path: C:\minint\inf\e1e5132.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\enum1394.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\flpydisk.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\font.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\INFCACHE.1
Status: Invisible to the Windows API!

Path: C:\minint\inf\input.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\intl.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\keyboard.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\ks.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\layout.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\machine.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\mf.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\monitor.inf
Status: Invisible to the Windows API!SStealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8b2761f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a6861f8 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x8a3a9400 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a720500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8b2781f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_CREATE]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_CLOSE]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_POWER]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: agpo1s6tȅ扏煓ȁఅ瑎獆肈㏘糘, IRP_MJ_PNP]
Process: System Address: 0x8a6841f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a3cc500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a3cc500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3cc500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3cc500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3cc500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a3cc500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a7271f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89643500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_CREATE]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_CLOSE]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_READ]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_CLEANUP]
Process: System Address: 0x8a449500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ慓故ȁఅ䵃慖歶௚, IRP_MJ_PNP]
Process: System Address: 0x8a449500 Size: 121

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8992e238

==EOF==

If anyone could help me with this problem, it would be much obliged!

Thank you

Edited by extremeboy, 26 January 2010 - 08:01 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 26 January 2010 - 05:17 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 January 2010 - 07:56 PM

QUOTE(extremeboy @ Jan 26 2010, 05:17 PM) View Post
Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy


Hello EB,

Many thanks for responding!

Attached are my updated logs.
I am still having my browser hijacked when I use Google. There are also some instances in which I manually type in a URL in the address bar after a google search and still have my page redirected. My computer is also running more sluggishly than usual but I'm not sure if that's due to any malware.

Again, thank you very much for your help!

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 26 January 2010 - 08:04 PM

Hello.

Thanks for the information. I edited your previous post to remove the [ codebox ] tags.

Your Mozilla FireFox I noticed is quite outdated. The latest version is 3.6. I suggest you updated it and save any bookmarks, passwords etc... if you need to and install the latest version of FireFox.

Then, please proceed with Combofix.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 January 2010 - 09:35 PM

Thanks again for the reply.

I've updated my Firefox browser to Version 3.5.7 which I believe is the latest one.
Attached is the log that was generated by ComboFix.

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 26 January 2010 - 10:11 PM

Hello.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

--
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Are the redirects still there?

Thanks.

With Regards,
Extremeboy

Edited by extremeboy, 26 January 2010 - 10:11 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 January 2010 - 10:53 PM

Hi,

Attached are the new DDS logs and the log that was generated by MBAM.
Unfortunately, my browser is still being redirected when I click on Google links.

Are there any other recommended courses of action that I should take?

Thank you very much for the continued help.

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 27 January 2010 - 09:23 AM

Hello.

Download and Run GooredFix

Please download GooredFix and save it to your Desktop if you lost your copy.
Alternative Download Mirror #1

Please make sure all instances of Firefox are closed at this point before proceeding.
  • Ensure all Firefox windows are closed at this time.
  • Please double-click GooredFix.exe on your Desktop to run it. If you are using Vista, please right-click and select run as administartor
  • When prompted to run the scan, click Yes.
  • The removal process will begin, please be paitent until it finishes.
  • A log will open with the file after completion, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop called GooredFix.txt


Download and Run OTM
  1. Please download OTM by OldTimer and save it to your desktop.
  2. Double click the icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator.
  3. Paste the following code under the area. Do not include the word "Code".
    CODE
    :services
    25fed24de8dbf5c23d782a1a0853b1d6
    :files
    c:\windows\system32\25fed24de8dbf5c23d782a1a0853b1d6.sys
    :commands
    [EmptyTemp]
    [Reboot]
  4. Click the large button.
  5. If OTM requires are reboot, please allow it to do so.
  6. Copy/Paste the contents under the line here in your next reply.
Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.
Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 27 January 2010 - 05:53 PM

EB,

Here are the latest logs.

Do you know what's causing the browser redirects?

Thanks.

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 27 January 2010 - 07:01 PM

After the reboot are the redirects still there?

Is it in FireFox and Internet Explorer?

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 January 2010 - 12:21 PM

Hi,

No luck on running GMER. I've ran it three times (once in safe mode) and it crashed every time.

Redirects are still there.

Thanks

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 28 January 2010 - 12:56 PM

Hello.

Okay, please do the following.

Download and run OTL
  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.
  4. Under the textbox, copy and paste the following code below.
    CODE
    %systemroot%\system32\*.sys /lockedfiles
  5. Now push the button.
  6. It will now begin to scan, please be paitent while it scans.
  7. Two reports will open once it's done.
  8. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Thanks.

~EB

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 January 2010 - 06:46 PM

Hey EB,

Here are the logs generated by OTL

Attached Files



#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 AM

Posted 28 January 2010 - 07:34 PM

QUOTE
Is it in FireFox and Internet Explorer?

  • Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Under the textbox, copy and paste the following code below.
    CODE
    %systemroot%\system32\*.sys /lockedfiles /all
  • Now push the button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened

Try resetting your router and see if that resolves it. I need to get a log from OTL again to see if it's on of the infected/parched system file that's causing this.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 alandaband

alandaband
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 January 2010 - 08:13 PM

Here is the latest OTL log:

OTL logfile created on: 1/28/2010 8:07:45 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\achan066\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 14.86 Gb Free Space | 26.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INFORMAT-62D30E
Current User Name: achan066
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/28 15:42:24 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\achan066\My Documents\Downloads\OTL.exe
PRC - [2010/01/04 00:08:31 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/04 00:08:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/22 12:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/09/17 18:56:58 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 01,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 01,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 20:14:40 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/05/27 21:09:36 | 00,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/08 10:35:50 | 02,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 10:34:08 | 00,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 16:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/01/25 20:57:25 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/13 09:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/10/21 12:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/10/16 20:11:26 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 19:15:38 | 00,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/07/03 23:17:00 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/07/03 23:10:00 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/29 20:48:28 | 00,884,696 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
PRC - [2008/01/29 20:47:22 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/01/29 20:47:18 | 00,423,192 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/01/29 20:45:54 | 01,274,632 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
PRC - [2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/08/09 15:32:54 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/08/09 15:32:52 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/08/09 15:32:24 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/08/09 15:32:12 | 00,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/06/01 01:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/21 17:09:00 | 00,913,408 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/17 02:06:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
PRC - [2006/11/17 02:06:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 02:06:00 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\Mctray.exe
PRC - [2006/10/22 23:34:30 | 00,014,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
PRC - [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/05/23 15:05:04 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/04/17 12:13:00 | 00,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 12:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 12:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 12:09:10 | 00,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 11:59:10 | 00,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/02/27 04:00:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/02/27 04:00:00 | 00,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/02/24 04:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/02/24 03:04:00 | 00,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/12/28 10:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/21 17:20:56 | 01,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 16:17:54 | 00,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/15 16:00:54 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/11/07 10:14:16 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/10/26 02:44:30 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/08/01 04:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/05 16:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 11:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/06 20:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/05/20 10:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/06 15:08:00 | 00,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
PRC - [2002/09/20 13:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/01/28 15:42:24 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\achan066\My Documents\Downloads\OTL.exe
MOD - [2006/02/27 04:00:00 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/01/04 00:08:31 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 18:56:58 | 02,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 01,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 00,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/13 12:06:15 | 03,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/30 16:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/01/25 20:57:25 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/10/16 19:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 19:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/04/14 04:41:56 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/01/29 20:47:18 | 00,423,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/06/01 01:02:06 | 00,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2006/12/21 17:09:00 | 00,913,408 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/11/17 02:06:00 | 00,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/16 09:45:54 | 00,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2006/04/17 12:12:28 | 00,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 12:12:26 | 00,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/27 04:00:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/12/21 17:20:56 | 01,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 16:17:54 | 00,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/06/20 11:15:00 | 00,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/06 20:26:22 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/16 11:37:58 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/09/20 13:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 23:35:46 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/21 21:02:52 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/17 18:38:10 | 00,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 00,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/17 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100127.049\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100127.049\NAVENG.SYS -- (NAVENG)
DRV - [2009/09/03 16:03:48 | 00,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 00,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/26 11:54:38 | 00,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 00,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 00,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 12:51:12 | 00,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/07/01 05:45:32 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2009/06/01 12:30:10 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/05/27 14:31:18 | 00,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/30 18:03:30 | 00,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 18:03:08 | 06,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 18:01:36 | 00,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:00:00 | 00,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/04/30 16:00:12 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/20 22:12:14 | 00,149,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2008/10/31 09:46:53 | 00,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/31 09:46:53 | 00,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/31 09:46:47 | 00,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/07/03 22:53:00 | 00,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/02 16:28:50 | 00,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 00,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 00,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 00,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:24:38 | 00,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/09 16:28:50 | 05,765,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/07/09 13:13:35 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/07/09 13:13:31 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/07/09 13:13:29 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/06/01 01:01:30 | 00,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/12/21 11:56:44 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 11:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 11:55:56 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/18 14:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/05/24 11:33:42 | 00,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2006/05/15 11:15:15 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/02/27 04:52:00 | 00,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/02/27 04:00:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/02/24 03:13:00 | 00,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/01/31 12:19:34 | 00,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/01/17 03:52:00 | 00,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/01/17 03:52:00 | 00,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/01/12 23:33:22 | 00,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/28 12:22:08 | 00,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/21 16:14:58 | 00,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/21 15:45:56 | 00,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2005/12/21 15:39:46 | 00,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/12/06 13:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 14:58:00 | 00,085,760 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/11/08 08:27:20 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/10/26 12:01:02 | 00,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/12 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/08/01 04:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 04:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 04:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 04:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 04:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 04:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 04:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 02:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2005/07/07 08:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 08:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 04:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2005/07/05 16:57:06 | 00,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 11:18:00 | 00,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/06/07 15:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/06/07 15:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/05/17 09:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/02/14 07:00:10 | 03,255,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/02/10 15:31:34 | 00,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/12/02 15:14:44 | 00,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 14:54:12 | 00,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/11/10 18:47:30 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 18:45:50 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/05/26 07:52:28 | 00,033,847 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2004/05/26 07:52:24 | 00,122,942 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2004/05/26 07:52:23 | 00,099,002 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2004/05/19 15:41:26 | 00,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2004/04/26 07:10:08 | 02,482,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/02/02 12:54:42 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2003/09/17 13:44:42 | 00,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/08/14 13:46:48 | 00,125,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2003/05/01 12:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2002/11/18 19:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:48:14 | 00,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cpprod.stjohns.edu/cp/home/loginf
IE - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\S-1-5-21-2789106655-1677553566-1296987775-1032\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\S-1-5-21-2789106655-1677553566-1296987775-1032\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.startup.homepage: "http://cpprod.stjohns.edu/cp/home/loginf"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7E7165E2-0767-448c-852F-5FA8714F2C37}:1.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/09 14:01:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 20:40:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/26 20:35:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2010/01/09 14:21:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/01/04 00:08:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2010/01/09 14:21:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/01/04 00:08:51 | 00,000,000 | ---D | M]

[2009/01/25 23:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\achan066\Application Data\Mozilla\Extensions
[2010/01/28 17:08:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\achan066\Application Data\Mozilla\Firefox\Profiles\d283c0xo.default\extensions
[2009/01/25 23:23:29 | 00,000,000 | ---D | M] (Searchbar Autosizer) -- C:\Documents and Settings\achan066\Application Data\Mozilla\Firefox\Profiles\d283c0xo.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}
[2009/01/25 23:23:29 | 00,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\achan066\Application Data\Mozilla\Firefox\Profiles\d283c0xo.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2009/04/27 00:57:48 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\achan066\Application Data\Mozilla\Firefox\Profiles\d283c0xo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/05 13:55:56 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\achan066\Application Data\Mozilla\Firefox\Profiles\d283c0xo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/06/01 20:10:26 | 00,000,000 | ---D | M] (GooglePreview) -- C:\Documents and Settings\achan066\Application Data\Mozilla\Firefox\Profiles\d283c0xo.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/01/28 17:08:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/09 14:20:50 | 00,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\bddcdefd.dll
[2009/03/20 00:11:11 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2009/01/25 20:53:53 | 00,291,684 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10046 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032..\Run: [Google Update] C:\Documents and Settings\achan066\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Download with ImTOO YouTube Video Converter - C:\Program Files\ImTOO\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2789106655-1677553566-1296987775-1032\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} https://www-3.ibm.com/pc/support/access/sdc...ad/tgctlins.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1120763170514 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1147371192171 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\ibmegath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8146.5184143518 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\AcpControl.cab (acpRunner Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\achan066\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\achan066\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/22 01:02:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/26 22:21:48 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 17:07:19 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/27 17:06:45 | 00,000,000 | ---D | C] -- C:\_OTM
[2010/01/27 17:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Desktop\GooredFix Backups
[2010/01/26 22:49:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\My Documents\System Restore
[2010/01/26 22:34:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Application Data\Malwarebytes
[2010/01/26 22:34:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/26 22:34:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/26 22:34:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/26 22:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/26 22:21:48 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2010/01/26 21:13:04 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/26 21:12:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/26 21:12:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/26 21:11:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/26 21:11:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/26 21:11:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/26 21:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/26 15:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/20 16:27:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/20 16:27:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Application Data\Office Genuine Advantage
[2010/01/20 16:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/01/20 16:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/01/20 16:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/01/20 16:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/01/20 16:07:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/01/20 16:07:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/01/18 18:18:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\My Documents\St. John's Spring 2010
[2010/01/15 23:51:58 | 00,000,000 | ---D | C] -- C:\swshare
[2010/01/15 23:37:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Local Settings\Application Data\Symantec
[2010/01/15 23:37:15 | 00,149,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/01/15 23:35:53 | 00,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/01/15 23:35:29 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/01/15 23:35:29 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/01/15 23:34:30 | 00,503,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.DL1
[2010/01/15 23:34:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/01/15 23:34:01 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/15 23:34:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/01/15 22:35:06 | 00,000,000 | ---D | C] -- C:\Test
[2010/01/14 20:49:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Application Data\HPAppData
[2010/01/12 20:31:17 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/09 14:25:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\My Documents\My Scans
[2010/01/09 14:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Application Data\HP
[2010/01/09 14:17:48 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serscan.sys
[2010/01/09 14:17:48 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/01/09 14:09:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/01/09 14:02:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Local Settings\Application Data\HP
[2010/01/09 14:00:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/01/09 13:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/01/09 13:57:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\hpojp8500a909
[2010/01/09 13:56:02 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l082.dll
[2010/01/09 13:56:01 | 00,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/01/09 13:55:40 | 00,966,656 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtiop4.dll
[2010/01/09 13:55:40 | 00,741,376 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax5.dll
[2010/01/09 13:55:40 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/01/09 13:55:40 | 00,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2010/01/09 13:52:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/01/09 13:52:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/01/09 13:52:28 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/01/09 13:51:28 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2010/01/09 13:50:38 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/04 00:10:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/04 00:08:51 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/04 00:08:51 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/04 00:08:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/04 00:08:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/04 00:08:51 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/04 00:08:27 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/04 00:07:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\achan066\Application Data\Sun
[2009/01/28 19:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/31 11:08:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/05/23 14:23:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/05/16 09:50:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IBM
[2005/05/10 13:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/06/22 01:13:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\Documents and Settings\achan066\*.tmp files -> C:\Documents and Settings\achan066\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/28 20:08:04 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\achan066\NTUSER.DAT
[2010/01/28 19:39:00 | 00,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2789106655-1677553566-1296987775-1032UA.job
[2010/01/28 19:30:04 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/01/28 16:36:59 | 00,008,814 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/01/28 16:36:08 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 16:33:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 16:33:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/28 16:33:33 | 32,112,51712 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 17:08:02 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\achan066\ntuser.ini
[2010/01/26 22:34:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 21:24:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/26 21:13:16 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/26 21:08:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/01/26 21:08:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/01/26 15:39:00 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2789106655-1677553566-1296987775-1032Core.job
[2010/01/24 16:08:10 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010/01/18 18:18:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/15 23:35:46 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/01/15 23:35:46 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/01/15 23:35:46 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/01/15 23:35:46 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/01/14 21:59:55 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\achan066\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 19:38:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/13 18:49:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/09 14:19:52 | 00,188,758 | ---- | M] () -- C:\WINDOWS\hpwins22.dat
[2010/01/09 14:19:38 | 00,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/09 14:00:49 | 00,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/01/09 13:59:18 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 05:00:29 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/05 05:00:28 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/01/05 05:00:28 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/01/05 05:00:28 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/01/05 05:00:27 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/01/05 05:00:26 | 03,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/05 05:00:24 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/01/05 05:00:23 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/01/05 05:00:21 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/05 05:00:21 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/01/04 00:08:31 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/04 00:08:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/04 00:08:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/04 00:08:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/04 00:08:31 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/31 10:33:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[1 C:\Documents and Settings\achan066\*.tmp files -> C:\Documents and Settings\achan066\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/28 01:44:20 | 32,112,51712 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/26 22:34:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 21:13:16 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/26 21:13:08 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/26 21:12:00 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/26 21:12:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/26 21:12:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/26 21:12:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/26 21:11:59 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/15 23:35:29 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/01/15 23:35:29 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/01/09 14:15:59 | 00,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/01/09 14:00:49 | 00,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/01/09 13:59:18 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/09 13:46:57 | 00,188,758 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/01/09 13:46:57 | 00,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2009/12/26 00:25:08 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\achan066\Local Settings\Application Data\housecall.guid.cache
[2009/12/21 21:02:50 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/16 15:53:22 | 00,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 21:45:29 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/01 21:45:28 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/06/01 21:45:21 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/01 21:45:20 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/01 21:45:18 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/01 21:45:18 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/12 19:56:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\IsPubDrv.sys
[2009/05/12 19:56:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\IsDrv118.sys
[2009/05/08 10:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/01/25 21:19:27 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/30 10:10:54 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\achan066\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/30 10:10:54 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\achan066\Local Settings\Application Data\fusioncache.dat
[2008/08/06 12:53:33 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/05/22 10:16:58 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\wceprv.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 16:43:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2006/05/15 14:00:41 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/15 11:18:01 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/05/15 11:17:18 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/05/15 11:17:10 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/05/15 11:16:56 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/05/15 11:16:06 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/05/15 11:15:48 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/15 11:15:48 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/15 11:15:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/15 11:15:48 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/15 11:15:48 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/15 11:15:48 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/11 14:49:50 | 00,008,814 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/05/11 14:49:50 | 00,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2006/05/11 14:48:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/05/11 14:48:37 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/01/20 18:05:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/17 14:22:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/11 09:00:12 | 00,139,288 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/05/24 12:59:02 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/05/24 12:40:08 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/05/24 12:37:42 | 00,002,399 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/24 11:04:25 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/05/24 11:01:37 | 00,001,986 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/05/12 09:58:37 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2004/08/03 19:56:46 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/30 08:48:01 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/05/25 13:57:06 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/01/20 16:28:20 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/07/16 22:56:21 | 00,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/16 04:45:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/06/24 13:43:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/06/22 16:55:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2003/06/22 13:50:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/22 11:37:25 | 00,001,004 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/06/22 04:04:06 | 00,051,979 | ---- | C] () -- C:\WINDOWS\System32\SynUnst.ini
[2003/06/22 04:04:05 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\SynTPEnh.ini
[2003/06/22 04:03:46 | 00,111,035 | ---- | C] () -- C:\WINDOWS\System32\SynTP.ini
[2003/06/22 04:03:40 | 00,002,813 | ---- | C] () -- C:\WINDOWS\System32\IBM_DP.ini
[1997/11/17 17:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Custom Scans ==========


< %systemroot%\system32\*.sys /lockedfiles /all >
< End of report >

Redirects only seem to be effecting the Firefox browser. I don't seem to be having any problems on IE.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users