Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection


  • This topic is locked This topic is locked
42 replies to this topic

#1 jrizzle

jrizzle

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 15 April 2010 - 07:40 PM

Hello. I was directed here from http://www.bleepingcomputer.com/forums/ind...p;#entry1717083.


GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 04:57:46
Windows 5.1.2600 Service Pack 2
Running: he46e6n3.exe; Driver: C:\DOCUME~1\A\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB7020670]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0CC4320]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB70207C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB7020860]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ohci1394.sys entry point in ".rsrc" section [0xBA8C3E94]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB86D1360, 0x303CE7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[896] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 009F000A
.text C:\WINDOWS\Explorer.EXE[896] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00AD000A
.text C:\WINDOWS\Explorer.EXE[896] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 009E000C
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0081000A
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0082000A
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0080000C
.text C:\WINDOWS\System32\svchost.exe[1700] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 010D000A
.text C:\WINDOWS\System32\svchost.exe[1700] ole32.dll!CoCreateInstance 7750055E 5 Bytes JMP 00FD000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat 9C504C8A
Device \FileSystem\Fastfat \Fat 9C4FD60A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device -> \Driver\atapi \Device\Harddisk0\DR0 89CDCAC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ohci1394.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


DDS log:

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-4 2325816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-13 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-13 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-13 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-13 26120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S0 lvynnt;lvynnt; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-4 5888008]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-13 30104]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-11-16 550272]

=============== Created Last 30 ================

2010-04-10 09:47:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-09 07:04:25 0 d-----w- c:\program files\VideoLAN
2010-04-08 22:58:47 0 d-----w- c:\documents and settings\a\DoctorWeb
2010-04-08 21:39:20 1165 ----a-w- c:\docume~1\alluse~1\applic~1\_VOIDmfeklnmal.dll
2010-04-08 21:21:13 0 d-----w- c:\docume~1\a\applic~1\260CD9E43236BC515906D82D11398F14
2010-04-08 21:20:02 71680 --sha-r- c:\windows\system32\rtipxmib9.dll
2010-03-21 13:24:33 0 d--h--w- C:\$AVG
2010-03-21 03:21:30 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-03-21 03:21:30 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-03-21 03:21:30 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-03-21 03:21:30 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-03-21 03:21:30 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-03-21 03:21:30 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-03-21 03:21:29 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-03-21 03:21:29 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-03-21 03:21:29 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-03-21 03:21:29 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-03-21 03:21:27 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-03-21 03:21:27 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-03-18 21:06:21 0 d-----w- C:\Incomplete
2010-03-17 00:55:52 0 d-----w- c:\docume~1\a\applic~1\AVG8

==================== Find3M ====================

2010-04-15 13:15:51 40763 ----a-w- c:\windows\system32\nvModes.dat
2010-04-12 21:41:14 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 18:47:00 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 18:46:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 18:46:51 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 18:46:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 18:46:43 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-19 06:19:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-13 09:27:57 5893 ----a-w- c:\windows\bcmA0.tmp
2010-02-13 08:08:48 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-02-13 07:03:33 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-13 05:31:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-10 17:13:48 165376 ----a-w- c:\windows\system32\unrar.dll

============= FINISH: 17:36:50.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 15 April 2010 - 08:42 PM

Hi, jrizzle smile.gif

welcome.gif

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    /md5start
    ohci1394.sys
    atapi.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 15 April 2010 - 10:18 PM

OTL.txt:

OTL logfile created on: 4/15/2010 8:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\A\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.30 Gb Total Space | 212.24 Gb Free Space | 92.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: A
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/15 20:06:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
PRC - [2010/04/07 22:43:47 | 000,446,464 | ---- | M] (Solid State Networks) -- C:\Riot Games\League of Legends\lol.launcher.exe
PRC - [2010/04/04 01:09:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 15:30:23 | 000,022,016 | ---- | M] () -- C:\Riot Games\League of Legends\air\LolClient.exe
PRC - [2010/04/01 15:09:18 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/01 15:08:45 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/04 11:46:58 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/04 11:46:58 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/04 11:46:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 11:46:47 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 11:46:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/04 11:46:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/28 04:37:24 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/07 18:49:50 | 001,236,992 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/06 18:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/05/06 18:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 20:06:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2007/09/07 18:46:08 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2004/08/04 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 03:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/04 11:46:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 11:46:49 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 11:46:47 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/03/04 11:46:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2007/05/06 18:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Auto | Stopped] -- -- (SSPORT)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | Boot | Stopped] -- -- (lvynnt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Auto | Stopped] -- -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/04/12 14:41:14 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2010/03/04 11:47:00 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/04 11:46:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 11:46:51 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/04 11:46:51 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/04 11:46:51 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/04 11:46:51 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/04 11:46:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 11:46:43 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/13 00:03:33 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/13 00:03:33 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/08/28 20:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/26 12:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/11/16 04:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/08/01 14:15:00 | 006,835,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 16:47:36 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 16:47:00 | 000,209,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 16:46:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 08:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/06/19 11:26:58 | 000,012,672 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/02/20 20:39:38 | 000,058,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2005/10/25 16:39:41 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/12/13 14:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 03:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 03:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 03:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 03:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 03:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 03:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 03:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 03:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2004/08/04 03:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 03:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 03:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 03:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 03:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 03:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 03:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 03:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 03:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 03:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 03:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 03:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 03:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 03:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 03:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 03:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 03:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 03:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 03:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 03:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2004/08/04 03:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 03:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 03:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 03:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/04 03:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/04 03:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 03:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 03:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 03:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 03:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 03:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 03:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 03:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 03:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/04 03:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/04 03:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 03:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 03:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 03:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 03:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 03:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 03:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 03:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 03:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 03:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 03:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 03:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 03:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 03:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 03:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 03:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 03:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 03:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 03:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 03:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 03:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 03:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 03:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 03:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 03:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 03:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 03:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 03:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 03:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 03:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 03:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 03:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 03:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 02:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 00:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 00:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/04 00:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 00:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 00:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/04 00:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/04 00:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/03 23:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 23:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 23:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 23:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 23:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 16:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 16:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 15:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2001/08/17 15:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 15:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 14:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2001/08/17 14:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 06:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 06:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/04 11:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/18 23:19:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 01:09:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 01:09:25 | 000,000,000 | ---D | M]

[2010/02/12 23:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A\Application Data\Mozilla\Extensions
[2010/02/12 23:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/19 12:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A\Application Data\Mozilla\Firefox\Profiles\cu3eb4jj.default\extensions
[2010/02/19 12:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/04 01:09:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/18 23:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/04/04 01:09:20 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/04 01:09:20 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2010/02/18 23:19:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/04 01:09:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 14:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/01/15 17:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 17:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/15 17:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 17:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 17:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 17:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 17:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/12 22:33:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/12 14:17:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/15 20:06:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
[2010/04/15 02:29:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\A\Recent
[2010/04/10 02:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/10 02:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/10 02:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/04/09 00:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\Application Data\vlc
[2010/04/09 00:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/08 21:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/08 20:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/08 20:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/08 15:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\DoctorWeb
[2010/04/08 15:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/08 15:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/04/08 14:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\Application Data\260CD9E43236BC515906D82D11398F14
[2010/03/27 15:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\Application Data\CyberLink
[2010/03/21 06:24:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/20 20:21:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/03/20 20:21:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/03/20 20:21:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/03/20 20:21:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/03/20 20:21:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/03/20 20:21:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/03/20 20:21:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/03/20 20:21:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/03/20 20:21:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/03/20 20:21:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/03/20 20:21:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/03/20 20:21:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/03/18 14:06:21 | 000,000,000 | ---D | C] -- C:\Incomplete
[2010/03/16 17:56:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/16 17:56:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/16 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/16 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/15 20:06:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
[2010/04/15 20:04:52 | 000,040,763 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/15 17:36:03 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\A\Desktop\dds.scr
[2010/04/15 16:04:01 | 058,950,639 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/15 06:21:50 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 06:21:50 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/15 06:21:49 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 06:16:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 06:16:54 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\YCSZ.job
[2010/04/15 06:16:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/15 06:16:16 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\A\NTUSER.DAT
[2010/04/15 06:16:03 | 004,837,328 | -H-- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\IconCache.db
[2010/04/15 06:15:51 | 000,040,763 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/14 22:32:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\A\ntuser.ini
[2010/04/14 21:49:02 | 000,011,772 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
[2010/04/14 21:49:02 | 000,011,772 | -HS- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\TcP0eIPn2W
[2010/04/14 21:15:02 | 000,007,402 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3768234786
[2010/04/14 14:56:28 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\A\My Documents\business law study guide.doc
[2010/04/14 14:17:43 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\A\Desktop\mbr.exe
[2010/04/14 14:16:32 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\A\Desktop\he46e6n3.exe
[2010/04/13 15:53:53 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/13 10:54:01 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 14:41:14 | 000,061,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2010/04/12 14:26:51 | 000,578,151 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/11 06:43:59 | 000,010,996 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\N8NHc
[2010/04/10 23:00:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\housecall.guid.cache
[2010/04/10 02:47:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 00:04:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/08 19:58:09 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\A\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 15:50:24 | 036,912,840 | ---- | M] () -- C:\Documents and Settings\A\Desktop\pu3mm664.exe
[2010/04/08 15:15:26 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/04/08 15:06:23 | 013,837,640 | ---- | M] () -- C:\Documents and Settings\A\Desktop\winzip140.exe
[2010/04/08 14:39:20 | 000,001,165 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmfeklnmal.dll
[2010/04/08 14:22:17 | 000,010,998 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1474v
[2010/04/08 14:22:17 | 000,010,998 | -HS- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\1474v
[2010/04/08 14:20:02 | 000,071,680 | RHS- | M] () -- C:\WINDOWS\System32\rtipxmib9.dll
[2010/04/05 21:25:45 | 000,063,046 | ---- | M] () -- C:\Documents and Settings\A\Desktop\MGT11B.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 23:46:43 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\A\Desktop\CCleaner.lnk
[2010/03/21 19:20:42 | 734,054,400 | ---- | M] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+2%29.divx[1].divx
[2010/03/21 08:03:59 | 733,939,712 | ---- | M] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+1%29.divx
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/15 17:36:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\A\Desktop\dds.scr
[2010/04/14 21:15:02 | 000,011,772 | -HS- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\TcP0eIPn2W
[2010/04/14 21:15:02 | 000,007,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3768234786
[2010/04/14 21:14:01 | 000,012,060 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TcP0eIPn2W
[2010/04/14 21:14:01 | 000,011,772 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
[2010/04/14 14:17:43 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\A\Desktop\mbr.exe
[2010/04/14 14:16:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\A\Desktop\he46e6n3.exe
[2010/04/13 04:13:48 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\A\My Documents\business law study guide.doc
[2010/04/11 06:42:03 | 000,010,996 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\N8NHc
[2010/04/11 06:42:03 | 000,010,996 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N8NHc
[2010/04/10 23:00:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\housecall.guid.cache
[2010/04/10 02:47:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 00:04:43 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/08 19:58:09 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\A\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 15:43:00 | 036,912,840 | ---- | C] () -- C:\Documents and Settings\A\Desktop\pu3mm664.exe
[2010/04/08 15:15:26 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/04/08 15:04:33 | 013,837,640 | ---- | C] () -- C:\Documents and Settings\A\Desktop\winzip140.exe
[2010/04/08 14:39:20 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\_VOIDmfeklnmal.dll
[2010/04/08 14:20:08 | 000,010,998 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1474v
[2010/04/08 14:20:08 | 000,010,998 | -HS- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\1474v
[2010/04/08 14:20:02 | 000,071,680 | RHS- | C] () -- C:\WINDOWS\System32\rtipxmib9.dll
[2010/04/08 14:20:02 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\YCSZ.job
[2010/04/05 21:25:45 | 000,063,046 | ---- | C] () -- C:\Documents and Settings\A\Desktop\MGT11B.pdf
[2010/03/21 21:32:42 | 734,054,400 | ---- | C] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+2%29.divx[1].divx
[2010/03/21 14:55:08 | 733,939,712 | ---- | C] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+1%29.divx
[2010/03/15 01:33:25 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/22 23:18:39 | 000,011,200 | -HS- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\J50l1AiqIvJy
[2010/02/16 02:30:59 | 000,026,624 | R--- | C] () -- C:\WINDOWS\System32\ssp6ml3.dll
[2010/02/15 03:51:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 21:02:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/12 23:31:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/02/12 23:31:56 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/02/12 23:19:55 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/02/12 23:10:21 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/12 23:10:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/02/12 23:10:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/12 23:10:19 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/12 23:08:57 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/02/12 22:38:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\A\ntuser.dat.LOG
[2010/02/12 22:38:55 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\A\ntuser.ini
[2010/02/12 22:38:53 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\A\NTUSER.DAT
[2004/08/04 03:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/12 22:33:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/12 22:28:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/12 22:33:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/12 22:33:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/12 22:33:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 03:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/15 06:16:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/04/13 15:38:13 | 000,000,361 | ---- | M] () -- C:\rkill.log


< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: OHCI1394.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ohci1394.sys
[2010/04/12 14:41:14 | 000,061,056 | ---- | M] (Microsoft Corporation) MD5=0951DB8E5823EA366B0E408D71E1BA2A -- C:\WINDOWS\system32\dllcache\ohci1394.sys
[2010/04/12 14:41:14 | 000,061,056 | ---- | M] (Microsoft Corporation) MD5=0951DB8E5823EA366B0E408D71E1BA2A -- C:\WINDOWS\system32\drivers\ohci1394.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/02/12 14:23:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/12 14:23:22 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/12 14:23:22 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 03:00:00 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2006/03/03 20:33:42 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/04/08 14:20:02 | 000,071,680 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\rtipxmib9.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/04/15 06:16:54 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\YCSZ.job
< End of report >




Extras.txt:

OTL Extras logfile created on: 4/15/2010 8:14:18 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\A\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.30 Gb Total Space | 212.24 Gb Free Space | 92.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: A
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6917:TCP" = 6917:TCP:*:Enabled:League of Legends Launcher
"6917:UDP" = 6917:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Digsby\lib\digsby-app.exe" = C:\Program Files\Digsby\lib\digsby-app.exe:*:Enabled:Digsby -- (dotSyntax, LLC)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Digsby" = Digsby
"FrostWire" = FrostWire 4.20.3
"hon" = Heroes of Newerth
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung ML-2525W Series" = Maintenance Samsung ML-2525W Series
"Steam App 10" = Counter-Strike
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.15.7.0b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2010 6:34:43 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3727, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/15/2010 4:29:22 AM | Computer Name = ALEX | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 4/15/2010 4:29:22 AM | Computer Name = ALEX | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 4/15/2010 4:29:22 AM | Computer Name = ALEX | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 4/15/2010 4:29:22 AM | Computer Name = ALEX | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 4/15/2010 4:29:22 AM | Computer Name = ALEX | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/15/2010 4:29:22 AM | Computer Name = ALEX | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/15/2010 4:29:57 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 4/15/2010 4:29:57 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 4/15/2010 4:29:57 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 4/15/2010 4:29:57 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126


< End of report >





Sorry its so long >.<

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 15 April 2010 - 11:28 PM

Please boot in Safe mode:

At startup, tap on F8 until you reach the advanced menu. Select Safe Mode

Once loaded select your own profile.
  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- -- (lvynnt)

    :files
    C:\Documents and Settings\All Users\Application Data\_VOIDmfeklnmal.dll
    C:\Documents and Settings\All Users\Application Data\1474v
    C:\Documents and Settings\A\Local Settings\Application Data\1474v
    C:\WINDOWS\System32\rtipxmib9.dll
    C:\Documents and Settings\All Users\Application Data\N8NHc
    C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W
    C:\Documents and Settings\A\Local Settings\Application Data\TcP0eIPn2W
    C:\Documents and Settings\All Users\Application Data\3768234786
    C:\WINDOWS\tasks\YCSZ.job
    C:\WINDOWS\Driver Cache\i386\sp2.cab:ohci1394.sys /e
    C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys /e
    C:\WINDOWS\system32\drivers\ohci1394.sys|C:\ohci1394.sys /replace
    C:\WINDOWS\system32\drivers\atapi.sys|C:\atapi.sys /replace

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Please run GMER and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 16 April 2010 - 06:27 AM

OTL log:


All processes killed
========== OTL ==========
Service lvynnt stopped successfully!
Service lvynnt deleted successfully!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\_VOIDmfeklnmal.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\1474v moved successfully.
C:\Documents and Settings\A\Local Settings\Application Data\1474v moved successfully.
C:\WINDOWS\System32\rtipxmib9.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\N8NHc moved successfully.
C:\Documents and Settings\All Users\Application Data\TcP0eIPn2W moved successfully.
C:\Documents and Settings\A\Local Settings\Application Data\TcP0eIPn2W moved successfully.
C:\Documents and Settings\All Users\Application Data\3768234786 moved successfully.
C:\WINDOWS\tasks\YCSZ.job moved successfully.
ohci1394.sys extracted to C:\
atapi.sys extracted to C:\
File C:\WINDOWS\system32\drivers\ohci1394.sys successfully replaced with C:\ohci1394.sys
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\atapi.sys
========== COMMANDS ==========

[EMPTYTEMP]

User: A
->Temp folder emptied: 1221286 bytes
->Temporary Internet Files folder emptied: 1737021 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36382523 bytes
->Flash cache emptied: 49024 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 2976064 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 12064 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53212663 bytes
->Java cache emptied: 433 bytes
->Flash cache emptied: 12869 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181505 bytes
%systemroot%\System32 .tmp files removed: 2770449 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30767834 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04162010_035821

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





When I tried to run GMER, I got the BSOD so I could not get that log.

#6 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 16 April 2010 - 07:22 AM

Nevermind I tried it again

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-16 05:18:47
Windows 5.1.2600 Service Pack 2
Running: he46e6n3.exe; Driver: C:\DOCUME~1\A\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB8E38670]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB022E320]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB8E387C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB8E38860]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ohci1394.sys entry point in ".rsrc" section [0xBA8C3E94]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8741360, 0x303CE7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[864] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 009F000A
.text C:\WINDOWS\Explorer.EXE[864] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00AD000A
.text C:\WINDOWS\Explorer.EXE[864] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 009E000C
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0081000A
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0082000A
.text C:\WINDOWS\System32\svchost.exe[1700] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0080000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A63C1C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device -> \Driver\atapi \Device\Harddisk0\DR0 89CDDAC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ohci1394.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 16 April 2010 - 10:40 AM

I need to know if you have the XP Installation CD. Seems we must replace these files from an external source, and the Recovery Console is an option. It must be ran however, from the installation CD, or an alternate Recovery Console ran from a CD. The built-in Recovery Console wont work as it will need these files to boot and files in use cannot be replaced.
  • Double click on OTL.exe run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 16 April 2010 - 07:15 PM

OTL log:

OTL logfile created on: 4/16/2010 5:05:36 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\A\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 230.30 Gb Total Space | 212.00 Gb Free Space | 92.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: A
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/15 20:06:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
PRC - [2010/04/04 01:09:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 15:09:18 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/01 15:08:45 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/04 11:46:58 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/04 11:46:58 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/04 11:46:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 11:46:47 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 11:46:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/04 11:46:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/28 04:37:24 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/07 18:49:50 | 001,236,992 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/06 18:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/05/06 18:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 20:06:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
MOD - [2004/08/04 03:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/04 11:46:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 11:46:49 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 11:46:47 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/03/04 11:46:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2007/05/06 18:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Auto | Stopped] -- -- (SSPORT)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Auto | Stopped] -- -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/04/16 03:58:34 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2010/03/04 11:47:00 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/04 11:46:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 11:46:51 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/04 11:46:51 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/04 11:46:51 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/04 11:46:51 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/04 11:46:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 11:46:43 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/13 00:03:33 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/13 00:03:33 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/08/28 20:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/26 12:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/11/16 04:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/08/01 14:15:00 | 006,835,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 16:47:36 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 16:47:00 | 000,209,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 16:46:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 08:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/06/19 11:26:58 | 000,012,672 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/02/20 20:39:38 | 000,058,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2005/10/25 16:39:41 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/12/13 14:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 03:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 03:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 03:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 03:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 03:00:00 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 03:00:00 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 03:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 03:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2004/08/04 03:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 03:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 03:00:00 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 03:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 03:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 03:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 03:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 03:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 03:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 03:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 03:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2004/08/04 03:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 03:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 03:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 03:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 03:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 03:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 03:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 03:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 03:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2004/08/04 03:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 03:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 03:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 03:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/04 03:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/04 03:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 03:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 03:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 03:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 03:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 03:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 03:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 03:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 03:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/04 03:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/04 03:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 03:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 03:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 03:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 03:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 03:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 03:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 03:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 03:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 03:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 03:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 03:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 03:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 03:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 03:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 03:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 03:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 03:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 03:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 03:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 03:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 03:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 03:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 03:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 03:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 03:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 03:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 03:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 03:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 03:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 03:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 03:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 03:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 03:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 02:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 00:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 00:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/04 00:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 00:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 00:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/04 00:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/04 00:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/03 23:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 23:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 23:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 23:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 23:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/03 16:07:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2004/08/03 16:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2004/08/03 15:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2001/08/17 15:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 15:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 14:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2001/08/17 14:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 06:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 06:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/04 11:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/18 23:19:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 01:09:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 01:09:25 | 000,000,000 | ---D | M]

[2010/02/12 23:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A\Application Data\Mozilla\Extensions
[2010/02/12 23:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/19 12:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A\Application Data\Mozilla\Firefox\Profiles\cu3eb4jj.default\extensions
[2010/02/19 12:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/04 01:09:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/18 23:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/04/04 01:09:20 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/04 01:09:20 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2010/02/18 23:19:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/04 01:09:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/02/16 02:57:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 14:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/01/15 17:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 17:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/15 17:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 17:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 17:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 17:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 17:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/16 03:59:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/12 22:33:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/16 03:58:31 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/04/16 03:58:24 | 000,061,056 | ---- | C] (Microsoft Corporation) -- C:\ohci1394.sys
[2010/04/16 03:58:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/15 22:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/15 22:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/15 20:06:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
[2010/04/15 02:29:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\A\Recent
[2010/04/10 02:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/10 02:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/10 02:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/04/09 00:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\Application Data\vlc
[2010/04/09 00:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/08 21:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/08 20:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/08 20:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/08 15:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\DoctorWeb
[2010/04/08 15:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/04/08 14:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\Application Data\260CD9E43236BC515906D82D11398F14
[2010/03/27 15:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A\Application Data\CyberLink
[2010/03/21 06:24:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/20 20:21:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/03/20 20:21:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/03/20 20:21:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/03/20 20:21:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/03/20 20:21:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/03/20 20:21:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/03/20 20:21:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/03/20 20:21:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/03/20 20:21:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/03/20 20:21:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010/03/20 20:21:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/03/20 20:21:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/03/18 14:06:21 | 000,000,000 | ---D | C] -- C:\Incomplete
[2010/03/16 17:56:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/16 17:56:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/16 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/16 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/16 16:56:47 | 000,040,763 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/16 11:48:18 | 000,040,763 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/16 10:19:53 | 058,962,029 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/16 10:15:31 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/16 10:15:31 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/16 10:15:31 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/16 05:44:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/16 05:44:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 05:43:56 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\A\NTUSER.DAT
[2010/04/16 05:41:19 | 003,776,408 | -H-- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\IconCache.db
[2010/04/16 03:59:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\A\ntuser.ini
[2010/04/16 00:33:13 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 23:48:09 | 000,061,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2010/04/15 22:02:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/15 20:06:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A\Desktop\OTL.exe
[2010/04/15 17:36:03 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\A\Desktop\dds.scr
[2010/04/14 14:56:28 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\A\My Documents\business law study guide.doc
[2010/04/14 14:17:43 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\A\Desktop\mbr.exe
[2010/04/14 14:16:32 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\A\Desktop\he46e6n3.exe
[2010/04/13 15:53:53 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/12 14:26:51 | 000,578,151 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/10 23:00:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\A\Local Settings\Application Data\housecall.guid.cache
[2010/04/09 00:04:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/08 19:58:09 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\A\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 15:50:24 | 036,912,840 | ---- | M] () -- C:\Documents and Settings\A\Desktop\pu3mm664.exe
[2010/04/08 15:15:26 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/04/08 15:06:23 | 013,837,640 | ---- | M] () -- C:\Documents and Settings\A\Desktop\winzip140.exe
[2010/04/05 21:25:45 | 000,063,046 | ---- | M] () -- C:\Documents and Settings\A\Desktop\MGT11B.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 23:46:43 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\A\Desktop\CCleaner.lnk
[2010/03/21 19:20:42 | 734,054,400 | ---- | M] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+2%29.divx[1].divx
[2010/03/21 08:03:59 | 733,939,712 | ---- | M] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+1%29.divx

========== Files Created - No Company Name ==========

[2010/04/15 17:36:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\A\Desktop\dds.scr
[2010/04/14 21:14:01 | 000,012,060 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TcP0eIPn2W
[2010/04/14 14:17:43 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\A\Desktop\mbr.exe
[2010/04/14 14:16:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\A\Desktop\he46e6n3.exe
[2010/04/13 04:13:48 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\A\My Documents\business law study guide.doc
[2010/04/11 06:42:03 | 000,010,996 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\N8NHc
[2010/04/10 23:00:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\housecall.guid.cache
[2010/04/10 02:47:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 00:04:43 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/08 19:58:09 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\A\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 15:43:00 | 036,912,840 | ---- | C] () -- C:\Documents and Settings\A\Desktop\pu3mm664.exe
[2010/04/08 15:15:26 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/04/08 15:04:33 | 013,837,640 | ---- | C] () -- C:\Documents and Settings\A\Desktop\winzip140.exe
[2010/04/05 21:25:45 | 000,063,046 | ---- | C] () -- C:\Documents and Settings\A\Desktop\MGT11B.pdf
[2010/03/21 21:32:42 | 734,054,400 | ---- | C] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+2%29.divx[1].divx
[2010/03/21 14:55:08 | 733,939,712 | ---- | C] () -- C:\Documents and Settings\A\Desktop\Shutter+Island+%282010%29+R5+LINE+XviD+-+MENTiON+Release+%28Part+1%29.divx
[2010/03/15 01:33:25 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/22 23:18:39 | 000,011,200 | -HS- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\J50l1AiqIvJy
[2010/02/16 02:30:59 | 000,026,624 | R--- | C] () -- C:\WINDOWS\System32\ssp6ml3.dll
[2010/02/15 03:51:29 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 21:02:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/12 23:31:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/02/12 23:31:56 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/02/12 23:19:55 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/02/12 23:10:21 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/12 23:10:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/02/12 23:10:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/12 23:10:19 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/12 23:08:57 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/02/12 22:38:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\A\ntuser.dat.LOG
[2010/02/12 22:38:55 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\A\ntuser.ini
[2010/02/12 22:38:53 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\A\NTUSER.DAT
[2004/08/04 03:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >



Unfortunately, I do not have access to a XP installation CD. Does this mean I cannot fix my problem?

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 16 April 2010 - 10:03 PM

You will need to use an alternate method.
  1. Go to this link for information on how to burn an iso image:
  2. Download the rc.iso file.
  3. Save it to your desktop.
  4. Put a blank CD in your computer’s burner.
  5. Follow the instructions on the previous link to burn the rc.iso image to a CD
  6. When the disk finishes, eject the CD.
  7. Configure the sick computer to start from the CD-ROM or DVD-ROM drive. For information about how to do this, see your computer documentation, or contact your computer manufacturer.
  8. Insert the Image of rc.iso that you burned to CD into your CD-ROM or DVD-ROM drive, and then restart your computer.
  9. When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
  10. You may be prompted with the following options:
    QUOTE
    A. To setup Windows XP, press Enter.
    B. To repair Windows XP installation using recovery console, press R.

    Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.

  11. You will be presented with the following:


    QUOTE
    Microsoft Windows® Recovery Console

    The Recovery Console provides system repair and recovery functionality.
    Type EXIT to quit the Recovery Console and restart the computer.

    1: C:\WINDOWS

    Which Windows Installation would you like to log onto
    (To cancel, press ENTER)?

  12. Press the number 1 on your keyboard and hit Enter.
  13. The command prompt will be C:>Windows.(If the command prompt is other than C:\>Windows, stop and let me know.) At the C:\>Windows command prompt, type the following lines (in bold) and press Enter:

cd system32 (The prompt will change to C:\Windows\System32)
cd drivers (The prompt will change to C:\Windows\System32\Drivers)
ren atapi.sys atapi.sys.vir
ren ohci1394.sys ohci1394.sys.vir
Copy C:\atapi.sys (You will received a 1 file copied message)
Copy C:\ohci1394.sys (You will received a 1 file copied message)


It is important you use the right syntax and that the results be the ones I explained above. If after renaming any of the files above, the files are not copied, chances are the computer wont boot. In that case you will need to contact me by means of other computer.

An error, if any, is usually due to the syntax. This is a back slash "\", this is a forward slash "/". You will be using a back slash.

Type Exit and press Enter. Take the CD out of the drive and let the computer restart.

Run GMER once again and post its report to confirm.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 17 April 2010 - 03:16 PM

Disregard the above instructions. Combofix has been updated.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:





  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as CFScript.txt
    • Change the Save as Type to All Files
    • and Save it on the desktop
    QUOTE
    TDL::
    C:\WINDOWS\system32\drivers\ohci1394.sys




    Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe.
  7. Install the Recovery Console if prompted.
  8. When finished, it will produce a report for you.
  9. Please post the "C:\Combo-Fix.txt" along with a GMER scan report.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 17 April 2010 - 08:06 PM

Combo-fix log:

ComboFix 10-04-17.02 - A 04/17/2010 17:01:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1606 [GMT -7:00]
Running from: c:\documents and settings\A\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\A\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\4F3X
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1400 .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1400 .MRK

Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\ohci1394.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\ohci1394.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\ohci1394.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\srsvc.dll was found and disinfected
Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\4F3X.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 00:04 . 2004-08-04 10:00 170496 ----a-w- c:\windows\system32\srsvc.dll
2010-04-16 10:58 . 2004-08-04 05:59 95360 ----a-w- C:\atapi.sys
2010-04-16 10:58 . 2004-08-04 06:10 61056 ----a-w- C:\ohci1394.sys
2010-04-16 10:58 . 2010-04-16 10:58 -------- d-----w- C:\_OTL
2010-04-10 09:47 . 2010-04-10 09:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-10 09:47 . 2010-04-16 05:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-09 08:21 . 2010-04-09 08:21 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-09 07:20 . 2010-04-17 14:25 -------- d-----w- c:\documents and settings\A\Application Data\vlc
2010-04-09 07:04 . 2010-04-09 07:04 -------- d-----w- c:\program files\VideoLAN
2010-04-09 02:50 . 2010-04-09 02:50 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-08 22:58 . 2010-04-08 22:58 -------- d-----w- c:\documents and settings\A\DoctorWeb
2010-04-08 22:27 . 2010-04-16 05:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-08 21:21 . 2010-04-08 21:21 -------- d-----w- c:\documents and settings\A\Application Data\260CD9E43236BC515906D82D11398F14
2010-04-07 21:35 . 2010-04-07 21:35 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-01 22:09 . 2010-04-01 22:09 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 22:09 . 2010-04-01 22:09 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 22:09 . 2010-04-01 22:09 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 22:09 . 2010-04-01 22:09 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 22:09 . 2010-04-01 22:09 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 22:09 . 2010-04-01 22:09 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 22:09 . 2010-04-01 22:09 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 22:09 . 2010-04-01 22:09 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 22:09 . 2010-04-01 22:09 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-01 22:09 . 2010-04-01 22:09 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 22:09 . 2010-04-01 22:09 307992 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgaspmx.dll
2010-04-01 22:09 . 2010-04-01 22:09 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 22:07 . 2010-04-01 22:07 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 22:07 . 2010-04-01 22:07 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-27 22:33 . 2010-03-27 22:33 -------- d-----w- c:\documents and settings\A\Application Data\CyberLink
2010-03-21 13:24 . 2010-03-21 13:24 -------- d-----w- C:\$AVG
2010-03-21 03:21 . 2001-08-18 06:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-03-21 03:21 . 2001-08-18 06:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-03-21 03:21 . 2001-08-18 06:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-03-21 03:21 . 2001-08-18 06:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-03-21 03:21 . 2001-08-17 22:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-03-21 03:21 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-03-21 03:21 . 2001-08-17 22:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-03-21 03:21 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-03-21 03:21 . 2001-08-17 22:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-03-21 03:21 . 2001-08-17 22:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-03-21 03:21 . 2001-08-17 22:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-03-21 03:21 . 2001-08-17 22:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 00:07 . 2010-02-13 10:52 -------- d-----w- c:\program files\Steam
2010-04-17 14:14 . 2010-02-13 06:11 40763 ----a-w- c:\windows\system32\nvModes.dat
2010-04-17 11:35 . 2004-08-04 10:00 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-04-17 05:04 . 2010-02-13 09:26 -------- d-----w- c:\program files\Warcraft III
2010-04-16 05:59 . 2010-02-18 01:02 -------- d-----w- c:\documents and settings\A\Application Data\uTorrent
2010-04-14 07:30 . 2010-02-19 06:21 -------- d-----w- c:\documents and settings\A\Application Data\FrostWire
2010-04-13 19:34 . 2010-02-23 07:26 117760 ----a-w- c:\documents and settings\A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 06:44 . 2010-02-16 04:35 -------- d-----w- c:\program files\Digsby
2010-04-09 06:32 . 2010-03-15 08:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-09 02:58 . 2010-02-13 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 22:15 . 2010-02-21 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-30 07:46 . 2010-02-13 09:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-02-13 09:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 10:42 . 2010-02-18 01:03 -------- d-----w- c:\program files\uTorrent
2010-03-27 22:33 . 2010-02-13 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-26 06:46 . 2010-02-13 10:26 -------- d-----w- c:\program files\CCleaner
2010-03-21 10:04 . 2010-02-14 10:53 -------- d-----w- c:\program files\DivX
2010-03-17 01:09 . 2010-02-23 07:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-17 00:55 . 2010-03-17 00:55 -------- d-----w- c:\documents and settings\A\Application Data\AVG8
2010-03-15 08:23 . 2010-03-15 08:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-14 11:48 . 2010-03-14 11:48 79488 ----a-w- c:\documents and settings\A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-13 13:55 . 2010-03-13 13:55 -------- d-----w- c:\documents and settings\A\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-03-13 13:35 . 2010-03-13 13:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-13 13:32 . 2010-02-13 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 08:58 . 2010-03-13 07:52 -------- d-----w- c:\program files\Heroes of Newerth
2010-03-13 08:35 . 2010-02-16 09:59 -------- d-----w- c:\documents and settings\A\Application Data\Apple Computer
2010-03-09 19:37 . 2010-02-19 06:19 -------- d-----w- c:\program files\FrostWire
2010-03-04 18:51 . 2010-03-04 18:51 -------- d-----w- c:\documents and settings\A\Application Data\AVG9
2010-03-04 18:47 . 2010-02-13 07:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 18:46 . 2010-03-04 18:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 18:46 . 2010-02-13 07:03 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 18:46 . 2010-02-13 07:03 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 18:46 . 2010-02-13 07:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 18:46 . 2010-02-13 07:03 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-23 23:14 . 2010-02-16 09:20 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-02-23 07:26 . 2010-02-23 07:26 52224 ----a-w- c:\documents and settings\A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-23 07:26 . 2010-02-23 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-23 07:25 . 2010-02-23 07:25 -------- d-----w- c:\documents and settings\A\Application Data\SUPERAntiSpyware.com
2010-02-23 07:25 . 2010-02-23 07:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-19 08:37 . 2010-02-19 08:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-19 06:19 . 2010-02-19 06:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 06:19 . 2010-02-13 07:48 -------- d-----w- c:\program files\Java
2010-02-19 06:19 . 2010-02-19 06:19 152576 ----a-w- c:\documents and settings\A\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-02-15 22:23 . 2010-02-13 05:39 46056 ----a-w- c:\documents and settings\A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 08:08 . 2010-02-13 08:08 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-02-13 07:03 . 2010-02-13 07:03 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-13 07:03 . 2010-02-13 07:03 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-13 06:51 . 2010-02-13 06:51 0 ----a-w- c:\windows\nsreg.dat
2010-02-13 06:16 . 2010-02-13 05:33 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-13 05:58 . 2010-02-13 05:58 45056 ----a-r- c:\documents and settings\A\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-02-13 05:58 . 2010-02-13 05:58 10134 ----a-r- c:\documents and settings\A\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2010-02-13 05:31 . 2010-02-13 05:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-10 17:13 . 2010-03-15 08:33 165376 ----a-w- c:\windows\system32\unrar.dll
2010-01-23 03:51 . 2010-01-23 03:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-22 1217872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-01 8466432]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-01 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-08 1236992]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-07 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 614400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 18:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6917:TCP"= 6917:TCP:League of Legends Launcher
"6917:UDP"= 6917:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/13/2010 12:03 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/13/2010 12:03 AM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/13/2010 12:03 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/13/2010 12:04 AM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/4/2010 11:46 AM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 11:46 AM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [3/4/2010 11:46 AM 2325816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 12:03 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/13/2010 12:03 AM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/13/2010 12:03 AM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/13/2010 12:03 AM 26120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/4/2010 11:46 AM 5888008]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/13/2010 12:03 AM 30104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {899B26F4-A9C3-434A-B795-2D42558DA707} = 168.150.253.2,168.150.193.1
FF - ProfilePath - c:\documents and settings\A\Application Data\Mozilla\Firefox\Profiles\cu3eb4jj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 17:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\stsystra.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-17 17:09:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-18 00:09

Pre-Run: 227,436,044,288 bytes free
Post-Run: 227,461,120,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 02A2E1C7592AE5708A75A6FA466BF40E






GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 18:04:59
Windows 5.1.2600 Service Pack 2
Running: he46e6n3.exe; Driver: C:\DOCUME~1\A\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB5203670]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB784A320]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB52037C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB5203860]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB972A360, 0x303CE7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat B35D7C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 17 April 2010 - 09:25 PM

Lets check for remnants.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
  • Click the JDK 6 Update 20 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (j jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 19 April 2010 - 08:26 PM

Sorry for the late reply.



MBAM log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3974

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/19/2010 10:29:53 AM
mbam-log-2010-04-19 (10-29-53).txt

Scan type: Quick scan
Objects scanned: 98269
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 19, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 19, 2010 16:19:00
Records in database: 3945301
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 42195
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:08:19


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ohci1394.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 AM

Posted 19 April 2010 - 10:51 PM

The detection is a quarantined file. How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 jrizzle

jrizzle
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 20 April 2010 - 01:02 AM

Computer is running great thumbup.gif ! No pop ups so far... Thanks for the help JSntgRvr, really appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users