Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Malware infections, Trouble removing Vista Guardian


  • This topic is locked This topic is locked
67 replies to this topic

#16 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 07:24 PM

Bear with me, my modem for my DSL has started acting up so if you don't hear back from me in a reasonable time I have lost my connection. I'm trying to get through today before I call them about it.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

BC AdBot (Login to Remove)

 


#17 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 08:31 PM

No worries if you can't reply right away. Here is the log:

19:27:33:210 7884 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
19:27:33:210 7884 ================================================================================
19:27:33:210 7884 SystemInfo:

19:27:33:210 7884 OS Version: 6.0.6001 ServicePack: 1.0
19:27:33:210 7884 Product type: Workstation
19:27:33:210 7884 ComputerName: D95QHBC1
19:27:33:210 7884 UserName: John Cornelisen
19:27:33:210 7884 Windows directory: C:\Windows
19:27:33:210 7884 Processor architecture: Intel x86
19:27:33:210 7884 Number of processors: 2
19:27:33:210 7884 Page size: 0x1000
19:27:33:210 7884 Boot type: Normal boot
19:27:33:210 7884 ================================================================================
19:27:33:241 7884 UnloadDriverW: NtUnloadDriver error 2
19:27:33:241 7884 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:27:39:201 7884 wfopen_ex: Trying to open file C:\Windows\system32\config\system
19:27:39:201 7884 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:27:39:201 7884 wfopen_ex: Trying to KLMD file open
19:27:39:201 7884 wfopen_ex: File opened ok (Flags 2)
19:27:39:310 7884 wfopen_ex: Trying to open file C:\Windows\system32\config\software
19:27:39:310 7884 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:27:39:310 7884 wfopen_ex: Trying to KLMD file open
19:27:39:310 7884 wfopen_ex: File opened ok (Flags 2)
19:27:39:310 7884 Initialize success
19:27:39:310 7884
19:27:39:310 7884 Scanning Services ...
19:27:39:996 7884 GetAdvancedServicesInfo: Raw services enum returned 516 services
19:27:39:996 7884
19:27:39:996 7884 Scanning Kernel memory ...
19:27:39:996 7884 Devices to scan: 6
19:27:39:996 7884
19:27:39:996 7884 Driver Name: USBSTOR
19:27:39:996 7884 IRP_MJ_CREATE : 93169B40
19:27:39:996 7884 IRP_MJ_CREATE_NAMED_PIPE : 82475013
19:27:39:996 7884 IRP_MJ_CLOSE : 93169BB8
19:27:39:996 7884 IRP_MJ_READ : 93169C30
19:27:39:996 7884 IRP_MJ_WRITE : 93169C30
19:27:39:996 7884 IRP_MJ_QUERY_INFORMATION : 82475013
19:27:39:996 7884 IRP_MJ_SET_INFORMATION : 82475013
19:27:39:996 7884 IRP_MJ_QUERY_EA : 82475013
19:27:39:996 7884 IRP_MJ_SET_EA : 82475013
19:27:39:996 7884 IRP_MJ_FLUSH_BUFFERS : 82475013
19:27:39:996 7884 IRP_MJ_QUERY_VOLUME_INFORMATION : 82475013
19:27:39:996 7884 IRP_MJ_SET_VOLUME_INFORMATION : 82475013
19:27:39:996 7884 IRP_MJ_DIRECTORY_CONTROL : 82475013
19:27:39:996 7884 IRP_MJ_FILE_SYSTEM_CONTROL : 82475013
19:27:39:996 7884 IRP_MJ_DEVICE_CONTROL : 93169828
19:27:39:996 7884 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9315E4AA
19:27:39:996 7884 IRP_MJ_SHUTDOWN : 82475013
19:27:39:996 7884 IRP_MJ_LOCK_CONTROL : 82475013
19:27:39:996 7884 IRP_MJ_CLEANUP : 82475013
19:27:39:996 7884 IRP_MJ_CREATE_MAILSLOT : 82475013
19:27:39:996 7884 IRP_MJ_QUERY_SECURITY : 82475013
19:27:39:996 7884 IRP_MJ_SET_SECURITY : 82475013
19:27:39:996 7884 IRP_MJ_POWER : 93167F9A
19:27:39:996 7884 IRP_MJ_SYSTEM_CONTROL : 931657A2
19:27:39:996 7884 IRP_MJ_DEVICE_CHANGE : 82475013
19:27:39:996 7884 IRP_MJ_QUERY_QUOTA : 82475013
19:27:39:996 7884 IRP_MJ_SET_QUOTA : 82475013
19:27:40:012 7884 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:27:40:012 7884
19:27:40:012 7884 Driver Name: USBSTOR
19:27:40:012 7884 IRP_MJ_CREATE : 93169B40
19:27:40:012 7884 IRP_MJ_CREATE_NAMED_PIPE : 82475013
19:27:40:012 7884 IRP_MJ_CLOSE : 93169BB8
19:27:40:012 7884 IRP_MJ_READ : 93169C30
19:27:40:012 7884 IRP_MJ_WRITE : 93169C30
19:27:40:012 7884 IRP_MJ_QUERY_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_SET_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_EA : 82475013
19:27:40:012 7884 IRP_MJ_SET_EA : 82475013
19:27:40:012 7884 IRP_MJ_FLUSH_BUFFERS : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_VOLUME_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_SET_VOLUME_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_DIRECTORY_CONTROL : 82475013
19:27:40:012 7884 IRP_MJ_FILE_SYSTEM_CONTROL : 82475013
19:27:40:012 7884 IRP_MJ_DEVICE_CONTROL : 93169828
19:27:40:012 7884 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9315E4AA
19:27:40:012 7884 IRP_MJ_SHUTDOWN : 82475013
19:27:40:012 7884 IRP_MJ_LOCK_CONTROL : 82475013
19:27:40:012 7884 IRP_MJ_CLEANUP : 82475013
19:27:40:012 7884 IRP_MJ_CREATE_MAILSLOT : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_SECURITY : 82475013
19:27:40:012 7884 IRP_MJ_SET_SECURITY : 82475013
19:27:40:012 7884 IRP_MJ_POWER : 93167F9A
19:27:40:012 7884 IRP_MJ_SYSTEM_CONTROL : 931657A2
19:27:40:012 7884 IRP_MJ_DEVICE_CHANGE : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_QUOTA : 82475013
19:27:40:012 7884 IRP_MJ_SET_QUOTA : 82475013
19:27:40:012 7884 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:27:40:012 7884
19:27:40:012 7884 Driver Name: USBSTOR
19:27:40:012 7884 IRP_MJ_CREATE : 93169B40
19:27:40:012 7884 IRP_MJ_CREATE_NAMED_PIPE : 82475013
19:27:40:012 7884 IRP_MJ_CLOSE : 93169BB8
19:27:40:012 7884 IRP_MJ_READ : 93169C30
19:27:40:012 7884 IRP_MJ_WRITE : 93169C30
19:27:40:012 7884 IRP_MJ_QUERY_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_SET_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_EA : 82475013
19:27:40:012 7884 IRP_MJ_SET_EA : 82475013
19:27:40:012 7884 IRP_MJ_FLUSH_BUFFERS : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_VOLUME_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_SET_VOLUME_INFORMATION : 82475013
19:27:40:012 7884 IRP_MJ_DIRECTORY_CONTROL : 82475013
19:27:40:012 7884 IRP_MJ_FILE_SYSTEM_CONTROL : 82475013
19:27:40:012 7884 IRP_MJ_DEVICE_CONTROL : 93169828
19:27:40:012 7884 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9315E4AA
19:27:40:012 7884 IRP_MJ_SHUTDOWN : 82475013
19:27:40:012 7884 IRP_MJ_LOCK_CONTROL : 82475013
19:27:40:012 7884 IRP_MJ_CLEANUP : 82475013
19:27:40:012 7884 IRP_MJ_CREATE_MAILSLOT : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_SECURITY : 82475013
19:27:40:012 7884 IRP_MJ_SET_SECURITY : 82475013
19:27:40:012 7884 IRP_MJ_POWER : 93167F9A
19:27:40:012 7884 IRP_MJ_SYSTEM_CONTROL : 931657A2
19:27:40:012 7884 IRP_MJ_DEVICE_CHANGE : 82475013
19:27:40:012 7884 IRP_MJ_QUERY_QUOTA : 82475013
19:27:40:012 7884 IRP_MJ_SET_QUOTA : 82475013
19:27:40:027 7884 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:27:40:027 7884
19:27:40:027 7884 Driver Name: USBSTOR
19:27:40:027 7884 IRP_MJ_CREATE : 93169B40
19:27:40:027 7884 IRP_MJ_CREATE_NAMED_PIPE : 82475013
19:27:40:027 7884 IRP_MJ_CLOSE : 93169BB8
19:27:40:027 7884 IRP_MJ_READ : 93169C30
19:27:40:027 7884 IRP_MJ_WRITE : 93169C30
19:27:40:027 7884 IRP_MJ_QUERY_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_SET_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_EA : 82475013
19:27:40:027 7884 IRP_MJ_SET_EA : 82475013
19:27:40:027 7884 IRP_MJ_FLUSH_BUFFERS : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_VOLUME_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_SET_VOLUME_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_DIRECTORY_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_FILE_SYSTEM_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_DEVICE_CONTROL : 93169828
19:27:40:027 7884 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9315E4AA
19:27:40:027 7884 IRP_MJ_SHUTDOWN : 82475013
19:27:40:027 7884 IRP_MJ_LOCK_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_CLEANUP : 82475013
19:27:40:027 7884 IRP_MJ_CREATE_MAILSLOT : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_SECURITY : 82475013
19:27:40:027 7884 IRP_MJ_SET_SECURITY : 82475013
19:27:40:027 7884 IRP_MJ_POWER : 93167F9A
19:27:40:027 7884 IRP_MJ_SYSTEM_CONTROL : 931657A2
19:27:40:027 7884 IRP_MJ_DEVICE_CHANGE : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_QUOTA : 82475013
19:27:40:027 7884 IRP_MJ_SET_QUOTA : 82475013
19:27:40:027 7884 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:27:40:027 7884
19:27:40:027 7884 Driver Name: USBSTOR
19:27:40:027 7884 IRP_MJ_CREATE : 93169B40
19:27:40:027 7884 IRP_MJ_CREATE_NAMED_PIPE : 82475013
19:27:40:027 7884 IRP_MJ_CLOSE : 93169BB8
19:27:40:027 7884 IRP_MJ_READ : 93169C30
19:27:40:027 7884 IRP_MJ_WRITE : 93169C30
19:27:40:027 7884 IRP_MJ_QUERY_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_SET_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_EA : 82475013
19:27:40:027 7884 IRP_MJ_SET_EA : 82475013
19:27:40:027 7884 IRP_MJ_FLUSH_BUFFERS : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_VOLUME_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_SET_VOLUME_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_DIRECTORY_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_FILE_SYSTEM_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_DEVICE_CONTROL : 93169828
19:27:40:027 7884 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9315E4AA
19:27:40:027 7884 IRP_MJ_SHUTDOWN : 82475013
19:27:40:027 7884 IRP_MJ_LOCK_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_CLEANUP : 82475013
19:27:40:027 7884 IRP_MJ_CREATE_MAILSLOT : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_SECURITY : 82475013
19:27:40:027 7884 IRP_MJ_SET_SECURITY : 82475013
19:27:40:027 7884 IRP_MJ_POWER : 93167F9A
19:27:40:027 7884 IRP_MJ_SYSTEM_CONTROL : 931657A2
19:27:40:027 7884 IRP_MJ_DEVICE_CHANGE : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_QUOTA : 82475013
19:27:40:027 7884 IRP_MJ_SET_QUOTA : 82475013
19:27:40:027 7884 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:27:40:027 7884
19:27:40:027 7884 Driver Name: iaStorV
19:27:40:027 7884 IRP_MJ_CREATE : 830BB83C
19:27:40:027 7884 IRP_MJ_CREATE_NAMED_PIPE : 82475013
19:27:40:027 7884 IRP_MJ_CLOSE : 830BB83C
19:27:40:027 7884 IRP_MJ_READ : 82475013
19:27:40:027 7884 IRP_MJ_WRITE : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_SET_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_EA : 82475013
19:27:40:027 7884 IRP_MJ_SET_EA : 82475013
19:27:40:027 7884 IRP_MJ_FLUSH_BUFFERS : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_VOLUME_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_SET_VOLUME_INFORMATION : 82475013
19:27:40:027 7884 IRP_MJ_DIRECTORY_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_FILE_SYSTEM_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_DEVICE_CONTROL : 830BE8A4
19:27:40:027 7884 IRP_MJ_INTERNAL_DEVICE_CONTROL : 830BEB7C
19:27:40:027 7884 IRP_MJ_SHUTDOWN : 82475013
19:27:40:027 7884 IRP_MJ_LOCK_CONTROL : 82475013
19:27:40:027 7884 IRP_MJ_CLEANUP : 82475013
19:27:40:027 7884 IRP_MJ_CREATE_MAILSLOT : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_SECURITY : 82475013
19:27:40:027 7884 IRP_MJ_SET_SECURITY : 82475013
19:27:40:027 7884 IRP_MJ_POWER : 830C3412
19:27:40:027 7884 IRP_MJ_SYSTEM_CONTROL : 830C357E
19:27:40:027 7884 IRP_MJ_DEVICE_CHANGE : 82475013
19:27:40:027 7884 IRP_MJ_QUERY_QUOTA : 82475013
19:27:40:027 7884 IRP_MJ_SET_QUOTA : 82475013
19:27:40:043 7884 C:\Windows\system32\DRIVERS\iaStorV.sys - Verdict: 1
19:27:40:043 7884
19:27:40:043 7884 Completed
19:27:40:043 7884
19:27:40:043 7884 Results:
19:27:40:043 7884 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:27:40:043 7884 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:27:40:043 7884 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:27:40:043 7884
19:27:40:043 7884 fclose_ex: Trying to close file C:\Windows\system32\config\system
19:27:40:043 7884 fclose_ex: Trying to close file C:\Windows\system32\config\software
19:27:40:043 7884 KLMD(ARK) unloaded successfully


Out of curiosity, why do you think when the Vista Guardian was active could I not get MBAM to find the infected files or this rootkit one for that matter?

Thanks again for your help.
~L~

#18 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 09:23 PM

By their nature these programs are designed to hide files and various parts of themselves from detection. The very idea of a rootkit is stealth and they will divert inquiries as well as block tools we use from accessing them. Even when we do find them sometimes they will regenerate as fast as we take them off so it's always a cat and mouse game.

The entry that showed in MalwareBytes was a registry entry but since there was no corresponding file I'm not positive this thing is active and TDSSKiller didn't find anything. However something is interfering with us and until I find out differently I am going to go on the assumption we are still dealing with Malware.


I want you to see if you can run the following. It will produce quite a lengthy log but it also may show me something I haven't seen yet. Hopefully so anyway.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#19 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 09:37 PM

OTL logfile created on: 3/10/2010 8:27:36 PM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\John Cornelisen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 117.03 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
Drive D: | 483.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 931.28 Gb Total Space | 848.84 Gb Free Space | 91.15% Space Free | Partition Type: FAT32

Computer Name: D95QHBC1
Current User Name: John Cornelisen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 20:26:31 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\John Cornelisen\Desktop\OTL.exe
PRC - [2010/03/08 20:11:38 | 006,300,592 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/01/27 13:32:46 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/01/26 18:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/12 15:29:42 | 001,687,552 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2008/12/10 03:04:47 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/07 13:38:26 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2007/01/07 23:21:32 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 20:26:31 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\John Cornelisen\Desktop\OTL.exe
MOD - [2008/01/18 23:36:26 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2008/01/18 23:35:12 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 03:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 03:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/08 20:11:38 | 006,300,592 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/01/27 13:32:46 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/07 13:38:26 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 10:23:58 | 000,086,528 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/01 16:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/03/08 20:11:39 | 000,050,504 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\Windows\System32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/03/08 20:11:39 | 000,030,280 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/03/08 20:11:38 | 000,024,368 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/02/03 03:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100310.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100310.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/27 13:32:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/27 13:32:50 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/27 13:32:50 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/27 13:32:50 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/27 13:32:50 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/27 13:32:50 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/01/27 13:32:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/01/27 13:32:50 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/01/27 13:32:49 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/01/27 13:32:49 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/26 19:43:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/01/26 19:43:06 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/28 16:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys -- (IDSVix86)
DRV - [2008/12/12 15:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/12/12 15:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2008/01/18 20:25:06 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/11 21:14:33 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/05 17:02:06 | 001,163,576 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2007/03/05 17:01:52 | 000,092,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/03/05 17:01:28 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/03/05 17:01:22 | 000,126,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/03/05 17:00:58 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/03/05 17:00:48 | 000,520,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/03/05 17:00:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/03/05 16:57:44 | 000,073,016 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/03/05 16:57:36 | 000,170,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/03/05 16:57:26 | 001,323,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTEXFIFX.dll -- (CTEXFIFX.DLL)
DRV - [2007/03/05 16:57:16 | 000,329,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/03/05 16:57:06 | 000,134,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/03/05 16:56:56 | 000,101,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/03/05 16:56:48 | 000,286,520 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/03/05 16:56:34 | 000,174,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\cteapsfx.dll -- (CTEAPSFX.DLL)
DRV - [2007/03/05 16:56:24 | 000,566,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ctsblfx.dll -- (CTSBLFX.DLL)
DRV - [2007/03/05 16:56:00 | 000,552,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ctaudfx.dll -- (CTAUDFX.DLL)
DRV - [2007/03/05 16:55:46 | 000,098,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\commonfx.dll -- (COMMONFX.DLL)
DRV - [2007/01/12 13:33:34 | 000,021,952 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlyUsbCam.sys -- (OlyUsbCam)
DRV - [2007/01/05 14:20:58 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/01/05 14:20:58 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/05 14:20:57 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/12/28 06:50:26 | 000,016,000 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\9kdUSBXP.sys -- (SNL320XP)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 01:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/10 13:03:48 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/09/05 16:41:18 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/09 15:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 15:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 15:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 15:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 15:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Elhid.sys -- (ELhid)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\asc3550.sys -- (asc3550)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-256061617-2039440560-739965127-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/05 22:05:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/09 21:17:40 | 000,000,000 | ---D | M]

[2009/12/02 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\John Cornelisen\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2008/06/18 11:32:45 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\..\Toolbar\WebBrowser: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - No CLSID value found.
O3 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\Windows\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\Windows\System32\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles File not found
O7 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage =
O7 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage =
O7 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage =
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-256061617-2039440560-739965127-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///E:/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://couponmountain.coupons.smartsource....oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1169043882265 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.winkflash.com/photo/loaders/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://www.mybizportal.net/dana-cached/set...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John Cornelisen\Pictures\Sunset.jpg
O24 - Desktop BackupWallPaper: C:\Users\John Cornelisen\Pictures\Sunset.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/03 18:29:22 | 000,000,113 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - J:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2009/01/06 15:46:02 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2009/10/08 20:12:06 | 000,000,066 | ---- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{08324287-0edd-11de-a86f-001676b5783a}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- [2006/11/02 07:34:32 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{926273f5-9ea4-11db-8e8b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{926273f5-9ea4-11db-8e8b-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/11/03 18:29:22 | 002,123,584 | R--- | M] (Intuit Inc, 2009)
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setupSNK.exe -- [2006/11/02 07:34:32 | 000,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 20:26:30 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\John Cornelisen\Desktop\OTL.exe
[2010/03/10 16:46:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/10 16:46:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/10 15:53:32 | 000,181,000 | ---- | C] (Kaspersky Lab) -- C:\Users\John Cornelisen\Desktop\TDSSKiller.exe
[2010/03/09 23:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/09 23:12:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/09 23:12:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/09 21:20:00 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John Cornelisen\Desktop\mbam-setup.exe
[2010/03/09 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\John Cornelisen\Desktop\gmer
[2010/03/09 00:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/09 00:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/03/08 23:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/08 23:46:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/08 23:46:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/08 23:46:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/08 23:46:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/08 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/08 20:11:39 | 000,055,184 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/03/08 20:11:39 | 000,050,504 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/03/08 20:11:39 | 000,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/03/08 20:11:38 | 000,024,368 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/03/08 20:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/03/08 20:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/03/07 11:47:28 | 000,093,056 | ---- | C] (GMER) -- C:\fwlyapow.sys
[2010/03/07 10:17:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/07 10:17:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/07 10:17:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/07 10:17:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/07 10:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/07 07:59:42 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/03/04 21:56:12 | 000,000,000 | ---D | C] -- C:\Users\John Cornelisen\AppData\Roaming\DriverCure
[2010/03/04 21:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/03/04 21:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2010/02/23 16:36:30 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 16:35:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 16:34:37 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 16:34:37 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 16:34:37 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 16:34:37 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 16:34:37 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 16:34:37 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 16:34:35 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 16:34:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 16:34:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/21 20:45:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/21 20:45:07 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/21 20:45:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/21 20:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/21 20:45:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/02/21 20:45:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/02/21 20:45:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/02/21 20:45:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/02/21 20:45:05 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/21 20:45:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/02/21 20:45:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/02/21 20:45:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/02/21 20:45:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/21 20:45:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/02/21 20:43:55 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/02/21 20:43:55 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/02/21 20:43:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/02/21 20:43:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/02/21 20:43:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/02/21 20:43:54 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/02/21 20:43:54 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/02/21 20:43:54 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/02/21 20:43:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/02/21 20:43:54 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/02/21 20:43:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/02/21 20:43:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/02/21 20:43:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/02/21 20:43:53 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/02/21 20:43:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/02/21 20:43:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/02/21 20:43:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/02/21 20:43:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/02/21 20:43:52 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/02/21 20:43:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/02/21 20:43:51 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/02/21 20:43:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/02/21 20:43:51 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/02/21 20:43:51 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/02/21 20:43:51 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/02/21 20:43:51 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/02/21 20:43:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/02/21 20:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/13 14:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/02/13 14:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2010/02/11 16:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/10 15:01:27 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 15:01:27 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 15:00:44 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 15:00:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 15:00:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 15:00:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/10 15:00:41 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 06:11:34 | 000,000,000 | ---D | C] -- C:\Users\John Cornelisen\AppData\Local\Symantec
[2009/10/05 15:25:58 | 000,069,632 | ---- | C] ( ) -- C:\Windows\System32\DVDRead.dll
[2007/03/05 14:09:30 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[19 C:\Users\John Cornelisen\Documents\*.tmp files -> C:\Users\John Cornelisen\Documents\*.tmp -> ]
[14 C:\Users\John Cornelisen\Desktop\*.tmp files -> C:\Users\John Cornelisen\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 20:27:21 | 005,505,024 | -HS- | M] () -- C:\Users\John Cornelisen\NTUSER.DAT
[2010/03/10 20:26:31 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\John Cornelisen\Desktop\OTL.exe
[2010/03/10 19:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/10 19:25:23 | 000,155,752 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\tdsskiller.zip
[2010/03/10 19:15:18 | 000,002,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/10 19:15:18 | 000,002,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/10 18:44:46 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{49FDB5C0-6CFA-4CB2-A424-DFC6F3D68E67}.job
[2010/03/10 18:00:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/10 16:57:21 | 001,612,288 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\COH invite.doc
[2010/03/10 16:46:24 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/10 15:53:32 | 000,181,000 | ---- | M] (Kaspersky Lab) -- C:\Users\John Cornelisen\Desktop\TDSSKiller.exe
[2010/03/10 14:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/09 22:07:35 | 000,050,688 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\eagle vol labels.doc
[2010/03/09 22:06:58 | 003,884,828 | R--- | M] () -- C:\Users\John Cornelisen\Desktop\ComboFix.exe
[2010/03/09 21:20:02 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John Cornelisen\Desktop\mbam-setup.exe
[2010/03/09 21:19:06 | 000,698,394 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/09 21:19:06 | 000,598,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/09 21:19:06 | 000,104,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/09 21:13:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/09 21:13:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/09 21:13:27 | 2145,308,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 21:13:17 | 154,292,611 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/09 20:53:26 | 000,284,915 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\gmer.zip
[2010/03/09 11:59:01 | 001,845,760 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\COH invite2.doc
[2010/03/09 04:39:00 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/03/09 03:15:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/03/09 00:22:37 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/03/09 00:22:37 | 000,053,964 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/03/09 00:22:37 | 000,053,964 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/03/09 00:21:58 | 000,524,288 | -HS- | M] () -- C:\Users\John Cornelisen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/09 00:21:58 | 000,065,536 | -HS- | M] () -- C:\Users\John Cornelisen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/09 00:21:54 | 003,284,646 | -H-- | M] () -- C:\Users\John Cornelisen\AppData\Local\IconCache.db
[2010/03/08 23:46:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/08 23:46:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/08 23:46:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/08 23:46:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/08 23:00:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/08 21:55:44 | 000,000,271 | ---- | M] () -- C:\Windows\wininit.ini
[2010/03/08 21:52:22 | 000,008,158 | -HS- | M] () -- C:\Users\John Cornelisen\AppData\Local\St7K1a
[2010/03/08 20:11:39 | 000,055,184 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/03/08 20:11:39 | 000,050,504 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/03/08 20:11:39 | 000,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/03/08 20:11:38 | 000,024,368 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/03/08 07:00:20 | 000,000,680 | ---- | M] () -- C:\Users\John Cornelisen\AppData\Local\d3d9caps.dat
[2010/03/07 11:47:28 | 000,093,056 | ---- | M] (GMER) -- C:\fwlyapow.sys
[2010/03/07 09:56:08 | 000,000,000 | ---- | M] () -- C:\Users\John Cornelisen\defogger_reenable
[2010/03/04 23:05:27 | 605,008,026 | ---- | M] () -- C:\Users\John Cornelisen\Documents\PHANTOM_MENACE.MP4
[2010/03/04 21:56:57 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/02/28 19:21:14 | 000,058,337 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\Paris_Boutique_Inside_Store.jpg
[2010/02/28 19:20:30 | 000,140,753 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\display.jpg
[2010/02/28 19:20:11 | 000,041,357 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\4248_3_frauenschuh-boutique.jpg
[2010/02/28 19:19:31 | 000,054,794 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\4251_3_eder-boutique.jpg
[2010/02/28 19:01:09 | 000,373,888 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\2009 Cornelisen J Form 1040 Individual Tax Return.tax2009
[2010/02/28 18:50:04 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/25 23:57:59 | 000,049,152 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\Commendation req letter.doc
[2010/02/25 23:57:16 | 000,000,162 | -H-- | M] () -- C:\Users\John Cornelisen\Desktop\~$mmendation req letter.doc
[2010/02/24 20:25:52 | 000,140,888 | ---- | M] () -- C:\Users\John Cornelisen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 17:57:08 | 000,473,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 20:46:37 | 000,000,608 | ---- | M] () -- C:\Windows\win.ini
[2010/02/09 17:14:24 | 000,031,744 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\machines review.doc
[2010/02/09 16:30:09 | 000,000,162 | -H-- | M] () -- C:\Users\John Cornelisen\Desktop\~$chines review.doc
[2010/02/08 21:06:08 | 000,222,208 | ---- | M] () -- C:\Users\John Cornelisen\Desktop\Visual aid.doc
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[19 C:\Users\John Cornelisen\Documents\*.tmp files -> C:\Users\John Cornelisen\Documents\*.tmp -> ]
[14 C:\Users\John Cornelisen\Desktop\*.tmp files -> C:\Users\John Cornelisen\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/10 19:25:23 | 000,155,752 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\tdsskiller.zip
[2010/03/10 16:46:24 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/09 22:06:56 | 003,884,828 | R--- | C] () -- C:\Users\John Cornelisen\Desktop\ComboFix.exe
[2010/03/09 21:13:27 | 2145,308,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/09 20:53:24 | 000,284,915 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\gmer.zip
[2010/03/09 11:59:01 | 001,845,760 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\COH invite2.doc
[2010/03/08 19:27:04 | 001,612,288 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\COH invite.doc
[2010/03/07 10:17:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/07 10:17:09 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/07 10:17:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/07 10:17:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/07 10:17:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/07 09:56:08 | 000,000,000 | ---- | C] () -- C:\Users\John Cornelisen\defogger_reenable
[2010/03/06 16:52:54 | 000,008,158 | -HS- | C] () -- C:\Users\John Cornelisen\AppData\Local\St7K1a
[2010/03/04 22:33:03 | 605,008,026 | ---- | C] () -- C:\Users\John Cornelisen\Documents\PHANTOM_MENACE.MP4
[2010/03/04 21:56:12 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/04 21:56:05 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2010/03/04 21:56:03 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/02/28 19:21:21 | 000,058,337 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\Paris_Boutique_Inside_Store.jpg
[2010/02/28 19:20:47 | 000,140,753 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\display.jpg
[2010/02/28 19:20:23 | 000,041,357 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\4248_3_frauenschuh-boutique.jpg
[2010/02/28 19:19:50 | 000,054,794 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\4251_3_eder-boutique.jpg
[2010/02/28 19:01:09 | 000,373,888 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\2009 Cornelisen J Form 1040 Individual Tax Return.tax2009
[2010/02/28 17:10:17 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/25 23:57:16 | 000,000,162 | -H-- | C] () -- C:\Users\John Cornelisen\Desktop\~$mmendation req letter.doc
[2010/02/25 23:57:15 | 000,049,152 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\Commendation req letter.doc
[2010/02/22 19:41:54 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 19:41:52 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 20:45:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/02/11 18:39:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/10 06:32:36 | 000,000,680 | ---- | C] () -- C:\Users\John Cornelisen\AppData\Local\d3d9caps.dat
[2010/02/09 16:30:09 | 000,000,162 | -H-- | C] () -- C:\Users\John Cornelisen\Desktop\~$chines review.doc
[2010/02/09 16:30:08 | 000,031,744 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\machines review.doc
[2010/02/08 21:06:07 | 000,222,208 | ---- | C] () -- C:\Users\John Cornelisen\Desktop\Visual aid.doc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/14 08:48:44 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/01/22 12:07:40 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/05/16 02:02:50 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/03/02 13:37:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\VZWDLManager.dll
[2007/09/08 13:50:02 | 000,003,584 | ---- | C] () -- C:\Users\John Cornelisen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/04 15:25:00 | 000,097,713 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/05/04 15:24:58 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/05/04 15:24:58 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/04/11 21:34:14 | 000,029,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/04/11 21:26:55 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/04/11 21:22:40 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2007/04/11 17:21:06 | 000,000,103 | ---- | C] () -- C:\Users\John Cornelisen\AppData\Local\fusioncache.dat
[2007/04/10 21:59:46 | 000,000,808 | ---- | C] () -- C:\ProgramData\SNDUpgrade.log
[2007/04/08 21:01:57 | 000,000,347 | ---- | C] () -- C:\Windows\CTWave32.INI
[2007/04/08 21:01:20 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2007/03/05 14:31:36 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/03/05 14:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007/01/26 13:54:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/21 07:20:38 | 000,000,197 | ---- | C] () -- C:\Windows\KA.INI
[2007/01/20 19:54:34 | 000,001,469 | ---- | C] () -- C:\Windows\disney.ini
[2007/01/17 08:15:27 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2007/01/09 22:07:44 | 000,002,528 | ---- | C] () -- C:\Users\John Cornelisen\AppData\Roaming\$_hpcst$.hpc
[2007/01/07 22:50:53 | 000,000,162 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2007/01/07 22:49:14 | 000,000,766 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2007/01/07 17:42:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2007/01/03 10:30:37 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2007/01/03 10:19:48 | 000,000,271 | ---- | C] () -- C:\Windows\wininit.ini
[2007/01/03 10:18:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/01/03 09:49:57 | 000,000,393 | ---- | C] () -- C:\Windows\System32\OEMINFO.INI
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/02 16:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/10/04 22:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2004/07/20 17:32:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\sfarkxt.dll
[2004/07/20 17:32:24 | 000,068,096 | ---- | C] () -- C:\Windows\System32\SFARKL.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\System32\KodakOneTouch.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\John Cornelisen\Desktop\Lesley Cornelisen:Roxio EMC Stream
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AADC76BA
< End of report >

At your request.

#20 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 10:13 PM

I would like for you to try ComboFix once again. Before you do run the following.


RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#21 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 10:20 PM

I get an update window stating There's a newer version of CombFix available. Would you like to update now?

Should I choose Yes or No?

#22 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 10:47 PM

Choose Yes.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#23 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 11:00 PM

We have a blinking prompt following "Attempting to create a new System Restore Point". That is more than happened yesterday. *fingers crossed*

Let me know how long I should let it attempt it's process.

#24 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 11:17 PM

Give it maybe 15 to 20 minutes max. I would really like to see this thing run but if it takes longer than that I doubt it will.

Question:

Is Symantec something yo downloaded yourself or did it come with your computer? The reason I am asking is if there is any way possible you can uninstall it and reinstall it again.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#25 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 11:26 PM

It was purchased to update a previous version. I am pretty sure we can uninstall and then reinstall it, we purchase a 2 yr subscription upgrade that needs renewing this summer. There is an update to version 4.0 available that we just got an email on. We do have the install info and the licensing numbers, so we should be good to go if needed.

#26 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 11:29 PM

Is CF still in the same place it was?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#27 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 11:34 PM

Yes. sad.gif

#28 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 10 March 2010 - 11:39 PM

That's not good. I am going to inquire about this before I ask you to go through the trouble of uninstalling Symantec. Not sure I will get an answer tonight but I'll get back just as quick as I do.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#29 Mom2four

Mom2four
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 10 March 2010 - 11:52 PM

Sounds good. Anything else I would want to wait to try until tomorrow. Thanks again

#30 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:14 PM

Posted 11 March 2010 - 01:03 PM

Hi,

Here's what I would like you to do. Try running CF and when it stops open up your Task Manager and you will see processes which belong to the program. These should end in something like .cfxxe where the x stands for a variable. Those processes should spawn and go away, spawn and go away. What we are looking for is one that is frozen and doesn't appear to be doing anything. It might even show 0 memory use but I am not positive about that. If you can identify one or more like that stop the process and see if CF will continue. Basically what you are doing is stopping the point it is frozen at allowing it to proceed.

One thing is not to confuse the ones that end in .cfxxe with the CF****.xxe process.


I hope my instructions were clear but if they were not or you don't understand part of it let me know.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users