Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware causing browser search engine redirects


  • This topic is locked This topic is locked
10 replies to this topic

#1 buggssy

buggssy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 17 April 2010 - 06:22 PM

This is a Windows XP SP3 system with no further updates at this time. The system started out with XP Internet Security on it and was hooked into the executables. Malwarebytes and SuperAntiSpyware were both been run against it and they cleaned up some stuff but the system wouldn't boot completely after that. It wouldn't boot into any of the safe mode options either. A repair of the Windows installation was performed successfully (after the modem driver was excluded). AVG Free 9.0 is installed and the system has been fully scanned. There are still issues remaining with browser web searches redirecting to unknown websites. I have run the required scans with DDS and Gmer and am attaching the information.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Arthur Akins at 9:57:28.39 on Sat 04/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.273 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Your Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Arthur Akins\Desktop\Malware\dds.scr
C:\WINDOWS\system32\rundll32.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\arthur~1\startm~1\programs\startup\eventr~1.lnk - c:\pmw\PMREMIND.EXE
StartupFolder: c:\docume~1\arthur~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\QBUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126452381750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38190.3923958333
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\windows\system32\QBPOSProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: app_dll.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arthur~1\applic~1\mozilla\firefox\profiles\fsk8ifzg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-20 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-20 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-20 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-13 308064]
S0 taF62;taF62;c:\windows\system32\drivers\taf62.sys --> c:\windows\system32\drivers\taF62.sys [?]
S2 gupdate1c9905a721e44d4;Google Update Service (gupdate1c9905a721e44d4);c:\program files\google\update\GoogleUpdate.exe [2009-2-16 133104]
S2 Ias;Windows Protected Access;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2004-3-12 344928]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-14 369920]
S3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2004-7-19 36013]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-04-17 16:56:34 0 ----a-w- c:\documents and settings\arthur akins\defogger_reenable
2010-04-16 02:24:45 0 d-sh--w- c:\documents and settings\arthur akins\IETldCache
2010-04-15 03:38:24 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-15 03:38:10 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 03:36:56 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-14 22:00:27 0 d-----w- c:\windows\ERUNT
2010-04-14 21:46:39 0 d-----w- C:\SDFix
2010-04-14 20:37:53 0 dc-h--w- c:\windows\ie8
2010-04-14 19:26:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-14 19:26:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-14 15:28:25 24064 ----a-w- c:\windows\system32\pidgen.dll.wga
2010-04-14 15:28:23 102912 ----a-w- c:\windows\system32\dpcdll.dll.wga
2010-04-14 04:48:19 0 d--h--w- C:\$AVG
2010-04-14 04:46:54 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-04-14 01:54:18 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-04-14 01:54:18 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-04-14 01:54:18 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2010-04-14 01:54:18 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-04-14 01:54:18 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-04-14 01:54:17 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-04-14 01:52:59 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2010-04-14 01:51:59 5632 -c--a-w- c:\windows\system32\dllcache\kbdinmar.dll
2010-04-14 01:50:59 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys
2010-04-14 01:50:08 0 d-----w- c:\program files\msn gaming zone
2010-04-14 01:45:50 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-04-14 01:45:39 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-04-14 01:45:39 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-04-14 01:45:39 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-04-14 01:45:39 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-04-14 01:45:39 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-04-14 01:45:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-04-14 01:39:01 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-04-14 01:38:36 6144 -c--a-w- c:\windows\system32\dllcache\ftpmib.dll
2010-04-14 01:38:36 125952 -c--a-w- c:\windows\system32\dllcache\ftpsv251.dll
2010-04-14 01:38:35 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2010-04-14 01:38:35 61440 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2010-04-14 01:38:35 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2010-04-14 01:38:35 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2010-04-14 01:38:31 15360 -c--a-w- c:\windows\system32\dllcache\inetin51.exe
2010-04-14 01:38:30 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2010-04-13 12:58:40 4444 ----a-w- c:\windows\system32\pid.PNF
2010-04-13 12:33:53 36656 -c--a-w- c:\windows\system32\dllcache\dosapp.fon
2010-04-13 12:33:31 16535 ----a-r- c:\windows\SET11E.tmp
2010-04-13 12:33:26 1088840 ----a-r- c:\windows\SET10D.tmp
2010-04-13 12:33:22 1296669 ----a-r- c:\windows\SET10A.tmp
2010-04-12 13:08:35 16535 ----a-r- c:\windows\SET11A.tmp
2010-04-12 13:08:31 1088840 ----a-r- c:\windows\SET109.tmp
2010-04-12 13:08:27 1296669 ----a-r- c:\windows\SET105.tmp
2010-04-12 12:56:55 16535 ----a-r- c:\windows\SET119.tmp
2010-04-12 12:56:51 1088840 ----a-r- c:\windows\SET108.tmp
2010-04-12 12:56:48 1296669 ----a-r- c:\windows\SET103.tmp
2010-04-12 12:45:19 16535 ----a-r- c:\windows\SET115.tmp
2010-04-12 12:45:15 1088840 ----a-r- c:\windows\SET104.tmp
2010-04-12 12:45:11 1296669 ----a-r- c:\windows\SET101.tmp
2010-04-12 12:33:54 16535 ----a-r- c:\windows\SET111.tmp
2010-04-12 12:33:50 1088840 ----a-r- c:\windows\SET100.tmp
2010-04-12 12:33:47 1296669 ----a-r- c:\windows\SETFC.tmp
2010-04-12 12:22:31 16535 ----a-r- c:\windows\SET10F.tmp
2010-04-12 12:22:28 1088840 ----a-r- c:\windows\SETFF.tmp
2010-04-12 12:22:24 1296669 ----a-r- c:\windows\SETFA.tmp
2010-04-12 12:11:04 16535 ----a-r- c:\windows\SET10B.tmp
2010-04-12 12:11:01 1088840 ----a-r- c:\windows\SETFB.tmp
2010-04-12 12:10:57 1296669 ----a-r- c:\windows\SETF8.tmp
2010-04-12 11:59:23 16535 ----a-r- c:\windows\SET107.tmp
2010-04-12 11:59:19 1088840 ----a-r- c:\windows\SETF7.tmp
2010-04-12 11:59:15 1296669 ----a-r- c:\windows\SETF3.tmp
2010-04-12 11:47:57 16535 ----a-r- c:\windows\SET106.tmp
2010-04-12 11:47:54 1088840 ----a-r- c:\windows\SETF6.tmp
2010-04-12 11:47:50 1296669 ----a-r- c:\windows\SETF1.tmp
2010-04-12 11:36:25 16535 ----a-r- c:\windows\SET102.tmp
2010-04-12 11:36:22 1088840 ----a-r- c:\windows\SETF2.tmp
2010-04-12 11:36:18 1296669 ----a-r- c:\windows\SETEF.tmp
2010-04-12 11:25:06 16535 ----a-r- c:\windows\SETFE.tmp
2010-04-12 11:25:03 1088840 ----a-r- c:\windows\SETEE.tmp
2010-04-12 11:24:59 1296669 ----a-r- c:\windows\SETEA.tmp
2010-04-12 11:13:52 16535 ----a-r- c:\windows\SETFD.tmp
2010-04-12 11:13:49 1088840 ----a-r- c:\windows\SETED.tmp
2010-04-12 11:13:45 1296669 ----a-r- c:\windows\SETE8.tmp
2010-04-12 11:02:21 16535 ----a-r- c:\windows\SETF9.tmp
2010-04-12 11:02:18 1088840 ----a-r- c:\windows\SETE9.tmp
2010-04-12 11:02:14 1296669 ----a-r- c:\windows\SETE6.tmp
2010-04-12 10:50:55 16535 ----a-r- c:\windows\SETF5.tmp
2010-04-12 10:50:50 1088840 ----a-r- c:\windows\SETE5.tmp
2010-04-12 10:50:46 1296669 ----a-r- c:\windows\SETE1.tmp
2010-04-12 10:39:12 16535 ----a-r- c:\windows\SETF4.tmp
2010-04-12 10:39:09 1088840 ----a-r- c:\windows\SETE4.tmp
2010-04-12 10:39:05 1296669 ----a-r- c:\windows\SETDF.tmp
2010-04-12 10:26:45 16535 ----a-r- c:\windows\SETF0.tmp
2010-04-12 10:26:42 1088840 ----a-r- c:\windows\SETE0.tmp
2010-04-12 10:26:38 1296669 ----a-r- c:\windows\SETDD.tmp
2010-04-12 10:15:19 16535 ----a-r- c:\windows\SETEC.tmp
2010-04-12 10:15:15 1088840 ----a-r- c:\windows\SETDC.tmp
2010-04-12 10:15:11 1296669 ----a-r- c:\windows\SETD8.tmp
2010-04-12 10:03:53 16535 ----a-r- c:\windows\SETEB.tmp
2010-04-12 10:03:49 1088840 ----a-r- c:\windows\SETDB.tmp
2010-04-12 10:03:45 1296669 ----a-r- c:\windows\SETD6.tmp
2010-04-12 09:52:25 16535 ----a-r- c:\windows\SETE7.tmp
2010-04-12 09:52:21 1088840 ----a-r- c:\windows\SETD7.tmp
2010-04-12 09:52:18 1296669 ----a-r- c:\windows\SETD4.tmp
2010-04-12 09:41:20 16535 ----a-r- c:\windows\SETE3.tmp
2010-04-12 09:41:15 1088840 ----a-r- c:\windows\SETD3.tmp
2010-04-12 09:41:11 1296669 ----a-r- c:\windows\SETCF.tmp
2010-04-12 09:29:54 16535 ----a-r- c:\windows\SETE2.tmp
2010-04-12 09:29:51 1088840 ----a-r- c:\windows\SETD2.tmp
2010-04-12 09:29:47 1296669 ----a-r- c:\windows\SETCD.tmp
2010-04-12 09:18:34 16535 ----a-r- c:\windows\SETDE.tmp
2010-04-12 09:18:29 1088840 ----a-r- c:\windows\SETCE.tmp
2010-04-12 09:18:25 1296669 ----a-r- c:\windows\SETCB.tmp
2010-04-12 09:07:09 16535 ----a-r- c:\windows\SETDA.tmp
2010-04-12 09:07:05 1088840 ----a-r- c:\windows\SETCA.tmp
2010-04-12 09:07:01 1296669 ----a-r- c:\windows\SETC6.tmp
2010-04-12 08:55:25 16535 ----a-r- c:\windows\SETD9.tmp
2010-04-12 08:55:22 1088840 ----a-r- c:\windows\SETC9.tmp
2010-04-12 08:55:18 1296669 ----a-r- c:\windows\SETC4.tmp
2010-04-12 08:44:04 16535 ----a-r- c:\windows\SETD5.tmp
2010-04-12 08:43:59 1088840 ----a-r- c:\windows\SETC5.tmp
2010-04-12 08:43:56 1296669 ----a-r- c:\windows\SETC2.tmp
2010-04-12 08:32:35 16535 ----a-r- c:\windows\SETD1.tmp
2010-04-12 08:32:31 1088840 ----a-r- c:\windows\SETC1.tmp
2010-04-12 08:32:27 1296669 ----a-r- c:\windows\SETBD.tmp
2010-04-12 08:21:16 16535 ----a-r- c:\windows\SETD0.tmp
2010-04-12 08:21:12 1088840 ----a-r- c:\windows\SETC0.tmp
2010-04-12 08:21:08 1296669 ----a-r- c:\windows\SETBB.tmp
2010-04-12 08:09:34 16535 ----a-r- c:\windows\SETCC.tmp
2010-04-12 08:09:29 1088840 ----a-r- c:\windows\SETBC.tmp
2010-04-12 08:09:25 1296669 ----a-r- c:\windows\SETB9.tmp
2010-04-12 07:58:14 16535 ----a-r- c:\windows\SETC8.tmp
2010-04-12 07:58:10 1088840 ----a-r- c:\windows\SETB8.tmp
2010-04-12 07:58:06 1296669 ----a-r- c:\windows\SETB4.tmp
2010-04-12 07:47:02 16535 ----a-r- c:\windows\SETC7.tmp
2010-04-12 07:46:58 1088840 ----a-r- c:\windows\SETB7.tmp
2010-04-12 07:46:54 1296669 ----a-r- c:\windows\SETB2.tmp
2010-04-12 07:35:39 16535 ----a-r- c:\windows\SETC3.tmp
2010-04-12 07:35:34 1088840 ----a-r- c:\windows\SETB3.tmp
2010-04-12 07:35:30 1296669 ----a-r- c:\windows\SETB0.tmp
2010-04-12 07:24:19 16535 ----a-r- c:\windows\SETBF.tmp
2010-04-12 07:24:16 1088840 ----a-r- c:\windows\SETAF.tmp
2010-04-12 07:24:12 1296669 ----a-r- c:\windows\SETAB.tmp
2010-04-12 07:12:53 16535 ----a-r- c:\windows\SETBE.tmp
2010-04-12 07:12:48 1088840 ----a-r- c:\windows\SETAE.tmp
2010-04-12 07:12:45 1296669 ----a-r- c:\windows\SETA9.tmp
2010-04-12 07:01:08 16535 ----a-r- c:\windows\SETBA.tmp
2010-04-12 07:01:05 1088840 ----a-r- c:\windows\SETAA.tmp
2010-04-12 07:01:01 1296669 ----a-r- c:\windows\SETA7.tmp
2010-04-12 06:49:44 16535 ----a-r- c:\windows\SETB6.tmp
2010-04-12 06:49:40 1088840 ----a-r- c:\windows\SETA6.tmp
2010-04-12 06:49:36 1296669 ----a-r- c:\windows\SETA2.tmp
2010-04-12 06:38:40 16535 ----a-r- c:\windows\SETB5.tmp
2010-04-12 06:38:36 1088840 ----a-r- c:\windows\SETA5.tmp
2010-04-12 06:38:32 1296669 ----a-r- c:\windows\SETA0.tmp
2010-04-12 06:27:28 16535 ----a-r- c:\windows\SETB1.tmp
2010-04-12 06:27:24 1088840 ----a-r- c:\windows\SETA1.tmp
2010-04-12 06:27:20 1296669 ----a-r- c:\windows\SET9E.tmp
2010-04-12 06:16:02 16535 ----a-r- c:\windows\SETAD.tmp
2010-04-12 06:15:58 1088840 ----a-r- c:\windows\SET9D.tmp
2010-04-12 06:15:55 1296669 ----a-r- c:\windows\SET99.tmp
2010-04-12 06:04:39 16535 ----a-r- c:\windows\SETAC.tmp
2010-04-12 06:04:35 1088840 ----a-r- c:\windows\SET9C.tmp
2010-04-12 06:04:31 1296669 ----a-r- c:\windows\SET97.tmp
2010-04-12 05:53:09 16535 ----a-r- c:\windows\SETA8.tmp
2010-04-12 05:53:05 1088840 ----a-r- c:\windows\SET98.tmp
2010-04-12 05:53:01 1296669 ----a-r- c:\windows\SET95.tmp
2010-04-12 05:41:39 16535 ----a-r- c:\windows\SETA4.tmp
2010-04-12 05:41:35 1088840 ----a-r- c:\windows\SET94.tmp
2010-04-12 05:41:31 1296669 ----a-r- c:\windows\SET8F.tmp
2010-04-12 05:30:28 16535 ----a-r- c:\windows\SETA3.tmp
2010-04-12 05:30:24 1088840 ----a-r- c:\windows\SET93.tmp
2010-04-12 05:30:21 1296669 ----a-r- c:\windows\SET8D.tmp
2010-04-12 05:18:47 16535 ----a-r- c:\windows\SET9F.tmp
2010-04-12 05:18:43 1088840 ----a-r- c:\windows\SET8E.tmp
2010-04-12 05:18:39 1296669 ----a-r- c:\windows\SET8B.tmp
2010-04-12 05:07:28 16535 ----a-r- c:\windows\SET9B.tmp
2010-04-12 05:07:24 1088840 ----a-r- c:\windows\SET8A.tmp
2010-04-12 05:07:20 1296669 ----a-r- c:\windows\SET85.tmp
2010-04-12 04:56:13 16535 ----a-r- c:\windows\SET9A.tmp
2010-04-12 04:56:09 1088840 ----a-r- c:\windows\SET89.tmp
2010-04-12 04:56:05 1296669 ----a-r- c:\windows\SET84.tmp
2010-04-12 04:44:42 16535 ----a-r- c:\windows\SET96.tmp
2010-04-12 04:44:39 1088840 ----a-r- c:\windows\SET86.tmp
2010-04-12 04:44:35 1296669 ----a-r- c:\windows\SET83.tmp
2010-04-12 04:33:32 16535 ----a-r- c:\windows\SET91.tmp
2010-04-12 04:33:29 1088840 ----a-r- c:\windows\SET82.tmp
2010-04-12 04:33:25 1296669 ----a-r- c:\windows\SET7F.tmp
2010-04-12 04:22:27 16535 ----a-r- c:\windows\SET90.tmp
2010-04-12 04:22:24 1088840 ----a-r- c:\windows\SET81.tmp
2010-04-12 04:22:20 1296669 ----a-r- c:\windows\SET7E.tmp
2010-04-12 04:11:07 16535 ----a-r- c:\windows\SET8C.tmp
2010-04-12 04:11:04 1088840 ----a-r- c:\windows\SET7D.tmp
2010-04-12 04:11:00 1296669 ----a-r- c:\windows\SET7A.tmp
2010-04-12 03:59:55 16535 ----a-r- c:\windows\SET88.tmp
2010-04-12 03:59:53 1088840 ----a-r- c:\windows\SET7C.tmp
2010-04-12 03:59:49 1296669 ----a-r- c:\windows\SET79.tmp
2010-04-12 03:48:33 16535 ----a-r- c:\windows\SET87.tmp
2010-04-12 03:48:29 1088840 ----a-r- c:\windows\SET7B.tmp
2010-04-12 03:48:26 1296669 ----a-r- c:\windows\SET78.tmp
2010-04-12 03:34:13 9219973 ----a-w- c:\windows\setupapi.log.2.old
2010-04-11 19:33:43 0 d-----w- c:\windows\NLDRV
2010-04-11 14:04:25 4 ----a-w- c:\program files\1565609.dat
2010-04-11 06:53:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 06:53:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 06:53:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 13:36:23 4 ----a-w- c:\program files\1080250.dat
2010-04-07 14:01:06 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-06 19:44:19 1165 ----a-w- c:\docume~1\alluse~1\applic~1\_VOIDmfeklnmal.dll
2010-04-06 19:27:55 0 d-----w- c:\docume~1\arthur~1\applic~1\C6EE56CCF0E2DD9A471316C132F3B8B6
2010-04-06 19:27:30 0 d-----w- C:\spoolerlogs

==================== Find3M ====================

2010-04-17 07:05:51 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys
2010-04-14 04:47:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 04:47:54 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 04:47:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 01:42:54 27792 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 9:59:59.45 ===================



This is a POS business system and I would love to get this resolved. Thanks to whoever ends up helping me with this issue.

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:46 AM

Posted 17 April 2010 - 08:21 PM

Hi, buggssy smile.gif

welcome.gif

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:





  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as CFScript.txt
    • Change the Save as Type to All Files
    • and Save it on the desktop
    QUOTE
    TDL::
    C:\WINDOWS\system32\drivers\WudfPf.sys




    Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe.
  7. Install the Recovery Console if prompted.
  8. When finished, it will produce a report for you.
  9. Please post the "C:\Combo-Fix.txt" along with a fresh GMER report.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 buggssy

buggssy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 18 April 2010 - 04:11 AM

Here you go. I've attached both files.

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:46 AM

Posted 18 April 2010 - 06:30 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
CODE
Driver::
taF62

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"=-
"TkBellExe"=-
"PHIME2002ASync"=-
"PHIME2002A"=-
"MSPY2002"=-
"IntelMeM"=-
"IMJPMIG8.1"=-
"IMEKRMIG6.1"=-
"IgfxTray"=-
"HP Software Update"=-
"HotKeysCmds"=-
"dla"=-
"ANIWZCSService"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\_VOIDd.sys]

RenV::
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Alpha Networks\ANIWZCS Service\wzcsldr .exe
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Intel\Modem Event Monitor\intelmem .exe
c:\program files\QuickTime\qttask            .exe
c:\program files\Zune\zunelauncher .exe
c:\windows\IME\IMJP8_1\imjpmig .exe
c:\windows\IME\IMKR6_1\imekrmig .exe
c:\windows\PCHealth\HelpCtr\Binaries\msconfig .exe
c:\windows\SYSTEM32\dla\tfswctrl .exe
c:\windows\SYSTEM32\IME\PINTLGNT\imscinst .exe
c:\windows\SYSTEM32\IME\TINTLGNT\tintsetp .exe

SRPeek::
c:\windows\SYSTEM32\sfcfiles.dll




Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 buggssy

buggssy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 18 April 2010 - 10:11 PM

Here you go and thanks for your time.



ComboFix 10-04-17.07 - Arthur Akins 04/18/2010 19:30:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.114 [GMT -7:00]
Running from: c:\documents and settings\Arthur Akins\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Arthur Akins\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_taF62


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-17 16:54 . 2010-04-17 16:54 503808 ----a-w- c:\documents and settings\Arthur Akins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62827e51-n\msvcp71.dll
2010-04-17 16:54 . 2010-04-17 16:54 499712 ----a-w- c:\documents and settings\Arthur Akins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62827e51-n\jmc.dll
2010-04-17 16:54 . 2010-04-17 16:54 348160 ----a-w- c:\documents and settings\Arthur Akins\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62827e51-n\msvcr71.dll
2010-04-17 16:54 . 2010-04-17 16:54 61440 ----a-w- c:\documents and settings\Arthur Akins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71b3f8e7-n\decora-sse.dll
2010-04-17 16:54 . 2010-04-17 16:54 12800 ----a-w- c:\documents and settings\Arthur Akins\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71b3f8e7-n\decora-d3d.dll
2010-04-15 03:39 . 2010-04-15 03:39 52224 ----a-w- c:\documents and settings\Test\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-15 03:39 . 2010-04-15 03:39 117760 ----a-w- c:\documents and settings\Test\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-15 03:38 . 2010-04-15 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-15 03:38 . 2010-04-15 03:38 -------- d-----w- c:\documents and settings\Test\Application Data\SUPERAntiSpyware.com
2010-04-14 21:00 . 2010-04-14 21:00 -------- d-----w- c:\documents and settings\Test\Application Data\AVG9
2010-04-14 19:26 . 2010-04-14 19:26 503808 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65488713-n\msvcp71.dll
2010-04-14 19:26 . 2010-04-14 19:26 499712 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65488713-n\jmc.dll
2010-04-14 19:26 . 2010-04-14 19:26 348160 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65488713-n\msvcr71.dll
2010-04-14 19:26 . 2010-04-14 19:26 61440 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c3e7fa9-n\decora-sse.dll
2010-04-14 19:26 . 2010-04-14 19:26 12800 ----a-w- c:\documents and settings\Test\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c3e7fa9-n\decora-d3d.dll
2010-04-14 16:35 . 2010-04-14 16:35 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 16:35 . 2010-04-14 16:35 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-14 04:46 . 2010-04-14 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-14 02:36 . 2010-04-14 02:36 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-14 02:26 . 2010-04-14 02:26 -------- d-----w- c:\documents and settings\Test\Application Data\Malwarebytes
2010-04-11 06:47 . 2004-06-14 23:05 -------- d-----w- c:\documents and settings\Test\Application Data\Symantec
2010-04-11 06:47 . 2004-06-14 23:04 -------- d-----w- c:\documents and settings\Test\Application Data\Jasc Software Inc
2010-04-11 06:47 . 2004-06-14 23:00 -------- d-----w- c:\documents and settings\Test\Application Data\Sonic
2010-04-07 14:01 . 2010-04-07 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-06 19:27 . 2010-04-11 15:51 -------- d-----w- c:\documents and settings\Arthur Akins\Application Data\C6EE56CCF0E2DD9A471316C132F3B8B6
2010-03-21 15:08 . 2010-04-09 17:10 439816 ----a-w- c:\documents and settings\Arthur Akins\Application Data\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 02:30 . 2008-08-03 17:31 -------- d-----w- c:\program files\Zune
2010-04-19 02:30 . 2008-04-10 21:45 -------- d-----w- c:\program files\QuickTime
2010-04-18 02:16 . 2004-06-14 23:10 154776 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 07:05 . 2006-09-29 01:55 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys
2010-04-16 15:10 . 2004-06-19 00:39 -------- d-----w- c:\program files\Google
2010-04-15 03:38 . 2010-04-15 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 03:36 . 2010-04-15 03:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-14 21:03 . 2010-04-11 06:47 154776 ----a-w- c:\documents and settings\Test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 20:52 . 2009-07-01 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-14 20:10 . 2010-04-14 20:10 -------- d-----w- c:\program files\Apple Software Update
2010-04-14 19:53 . 2004-06-14 22:45 -------- d-----w- c:\program files\Common Files\Java
2010-04-14 19:25 . 2010-04-14 19:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-14 19:25 . 2004-06-14 22:45 -------- d-----w- c:\program files\Java
2010-04-14 19:16 . 2004-07-21 19:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-14 04:47 . 2008-09-21 00:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 04:47 . 2008-09-21 00:28 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 04:47 . 2008-09-21 00:28 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-14 04:47 . 2008-09-21 00:28 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-14 04:46 . 2008-09-21 00:26 -------- d-----w- c:\program files\AVG
2010-04-14 02:37 . 2010-04-11 06:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 01:42 . 2004-03-20 17:55 27792 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-14 01:42 . 2010-04-14 01:42 1663 ----a-w- c:\windows\INF\COM111C.tmp
2010-04-11 14:04 . 2010-04-11 14:04 4 ----a-w- c:\program files\1565609.dat
2010-04-11 06:48 . 2010-04-11 06:48 127 ----a-w- c:\documents and settings\Test\Local Settings\Application Data\fusioncache.dat
2010-04-10 13:36 . 2010-04-10 13:36 4 ----a-w- c:\program files\1080250.dat
2010-03-30 07:46 . 2010-04-11 06:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-04-11 06:53 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2009-05-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 21:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-29 68856]

c:\documents and settings\Arthur Akins\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-10-20 255408]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe [2006-11-21 806912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-2 180224]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 04:47 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-03-19 15:56 2046816 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Intuit\\DatabaseServer\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Intuit\\DatabaseServer\\QBDBMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:*:Disabled:@xpsp2res.dll,-22007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/20/2008 5:28 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/20/2008 5:28 PM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/13/2010 9:46 PM 308064]
S2 gupdate1c9905a721e44d4;Google Update Service (gupdate1c9905a721e44d4);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2009 10:17 AM 133104]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [3/12/2004 8:38 PM 344928]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/14/2010 9:23 AM 369920]
S3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lne100v5.sys [7/19/2004 6:34 PM 36013]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:17]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:17]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883031571-3467996092-3652237072-1013Core.job
- c:\documents and settings\Test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 10:58]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883031571-3467996092-3652237072-1013UA.job
- c:\documents and settings\Test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Arthur Akins\Application Data\Mozilla\Firefox\Profiles\fsk8ifzg.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2772)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
c:\program files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
c:\program files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-18 20:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 03:05
ComboFix2.txt 2010-04-18 05:45

Pre-Run: 54,365,143,040 bytes free
Post-Run: 54,332,354,560 bytes free

- - End Of File - - FAB8EBEE382904EFAD39DAE024BFCADD


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:46 AM

Posted 18 April 2010 - 11:29 PM

One file is failing its signature test.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    sfcfiles.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 buggssy

buggssy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 19 April 2010 - 06:56 AM

OTL logfile created on: 4/19/2010 4:35:01 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Arthur Akins\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 41.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 50.60 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 986.39 Mb Total Space | 647.02 Mb Free Space | 65.60% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POS
Current User Name: Arthur Akins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/19 04:29:02 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arthur Akins\Desktop\OTL.exe
PRC - [2010/04/14 09:35:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/13 21:47:07 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/13 21:47:07 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/13 21:47:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/13 21:46:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/19 14:29:14 | 001,436,432 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/04/29 14:50:23 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
PRC - [2006/11/21 19:09:51 | 000,806,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2006/06/02 05:29:26 | 000,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/02/21 14:06:02 | 000,077,824 | R--- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 04:29:02 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arthur Akins\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/13 21:46:56 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2007/11/19 14:29:14 | 001,436,432 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServices)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (All) ==========

DRV - File not found [Kernel | Auto | Stopped] -- -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/04/17 00:05:51 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2010/04/13 21:47:54 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/13 21:47:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/13 21:47:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/14 05:51:44 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys -- (kmixer)
DRV - [2008/04/14 05:51:44 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys -- (aec)
DRV - [2008/04/14 05:51:44 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 05:51:44 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys -- (Parport)
DRV - [2008/04/14 05:51:44 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 05:51:44 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys -- (swmidi)
DRV - [2008/04/14 05:51:44 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor)
DRV - [2008/04/14 05:51:44 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys -- (Modem)
DRV - [2008/04/14 05:51:44 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 05:51:44 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 05:51:44 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 05:51:44 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmbatt.sys -- (CmBatt)
DRV - [2008/04/14 05:51:44 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tunmp.sys -- (tunmp)
DRV - [2008/04/14 05:51:44 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/14 05:51:44 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/14 05:51:44 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/14 05:51:44 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys -- (MSPQM)
DRV - [2008/04/14 05:51:44 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys -- (swenum)
DRV - [2008/04/14 05:51:44 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 05:43:24 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 05:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2008/04/14 05:43:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 05:43:22 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 00:58:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys -- (NetBT)
DRV - [2008/04/14 00:50:44 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys -- (NDIS)
DRV - [2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 00:49:50 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)
DRV - [2008/04/14 00:49:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/04/14 00:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 00:47:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mup.sys -- (Mup)
DRV - [2008/04/14 00:47:02 | 000,456,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - [2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 00:45:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/04/14 00:45:12 | 000,334,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys -- (Srv)
DRV - [2008/04/14 00:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 00:44:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 00:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:27:34 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 00:27:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys -- (NDProxy)
DRV - [2008/04/14 00:27:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 00:27:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/14 00:27:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 00:27:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys -- (IpNat)
DRV - [2008/04/14 00:27:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 00:26:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys -- (PSched)
DRV - [2008/04/14 00:26:34 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys -- (Gpc)
DRV - [2008/04/14 00:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 00:23:54 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys -- (HTTP)
DRV - [2008/04/14 00:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 00:23:24 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bridge.sys -- (BridgeMP)
DRV - [2008/04/14 00:23:24 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bridge.sys -- (Bridge)
DRV - [2008/04/14 00:21:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 00:15:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys -- (USBSTOR)
DRV - [2008/04/14 00:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2008/04/14 00:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2008/04/14 00:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 00:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2008/04/14 00:14:48 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/14 00:14:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 00:11:24 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/14 00:11:24 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/14 00:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 00:11:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys -- (Imapi)
DRV - [2008/04/14 00:10:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 00:10:50 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/14 00:10:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/14 00:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/14 00:10:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys -- (Fdc)
DRV - [2008/04/14 00:10:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 00:10:14 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys -- (serenum)
DRV - [2008/04/14 00:09:48 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\update.sys -- (Update)
DRV - [2008/04/14 00:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 00:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/14 00:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/14 00:06:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/14 00:03:30 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys -- (Fips)
DRV - [2008/04/14 00:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys -- (rdpdr)
DRV - [2008/04/14 00:02:46 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 00:02:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys -- (Npfs)
DRV - [2008/04/14 00:02:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys -- (Msfs)
DRV - [2008/04/14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfs.sys -- (Udfs)
DRV - [2008/04/14 00:01:44 | 000,092,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ksecdd.sys -- (KSecDD)
DRV - [2008/04/14 00:01:34 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 22:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys -- (IRENUM)
DRV - [2008/04/13 11:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2008/04/13 11:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2008/04/13 11:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys -- (splitter)
DRV - [2008/04/13 11:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys -- (DMusic)
DRV - [2008/04/13 11:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys -- (redbook)
DRV - [2008/04/13 11:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 11:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 11:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 11:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/03/27 16:27:46 | 000,503,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdf01000.sys -- (Wdf01000)
DRV - [2007/10/31 15:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys -- (WudfRd)
DRV - [2005/11/03 04:00:00 | 000,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/10/19 08:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/12/14 09:07:44 | 000,051,120 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2004/12/14 09:07:44 | 000,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2004/12/14 09:07:44 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2004/09/26 19:42:00 | 000,345,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (DELL_A02)
DRV - [2004/08/11 01:45:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 05:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2004/08/04 05:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2004/08/04 05:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/04 05:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\perc2.sys -- (perc2)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpn.sys -- (hpn)
DRV - [2004/08/04 05:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/04 05:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2004/08/04 05:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspti.sys -- (Raspti)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2004/08/04 05:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2004/08/04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2004/08/04 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2004/08/04 05:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amsint.sys -- (amsint)
DRV - [2004/08/04 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 05:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/04 05:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmload.sys -- (dmload)
DRV - [2004/08/04 05:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/04 05:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\toside.sys -- (TosIde)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys -- (Beep)
DRV - [2004/08/04 05:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2004/08/04 05:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\null.sys -- (Null)
DRV - [2004/03/14 23:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/14 23:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/14 23:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/14 23:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/14 23:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/14 23:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/14 23:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/14 23:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/14 23:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/12 20:38:54 | 000,344,928 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/27 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 01:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 17:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 17:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/11/18 09:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/05 18:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
DRV - [2003/04/15 08:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 08:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97ich4.sys -- (ac97intc) Intel® 82801DB/DBM Audio Driver Service (WDM)
DRV - [2002/04/01 11:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 11:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS -- (audstub)
DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/04/01 12:01:12 | 000,036,013 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lne100v5.sys -- (lne100v5) Linksys LNE100TX(v5)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/02 07:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/13 21:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/04/14 09:23:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 14:00:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/14 12:25:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 13:04:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 13:49:28 | 000,000,000 | ---D | M]

[2009/12/29 13:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur Akins\Application Data\Mozilla\Extensions
[2009/12/29 13:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Arthur Akins\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/16 02:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur Akins\Application Data\Mozilla\Firefox\Profiles\fsk8ifzg.default\extensions
[2009/09/05 11:37:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Arthur Akins\Application Data\Mozilla\Firefox\Profiles\fsk8ifzg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 02:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/16 06:53:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/14 12:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/03/16 06:53:14 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/16 06:53:14 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/08/06 16:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/04/14 12:25:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/03/16 06:53:18 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/04/03 16:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/04/02 07:45:41 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/04/02 07:46:26 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/04/02 07:45:05 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/12/02 00:38:29 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/02 00:38:29 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/16 02:12:14 | 000,001,353 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/12/02 00:38:29 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/02 00:38:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/02 00:38:29 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/02 00:38:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/02 00:38:29 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/18 19:54:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Arthur Akins\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Arthur Akins\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1126452381750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8190.3923958333 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.13.31.12 68.94.157.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\SYSTEM32\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 10:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/28 12:59:48 | 000,000,123 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2010/04/13 18:46:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/19 04:33:14 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arthur Akins\Desktop\OTL.exe
[2010/04/17 19:59:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/17 19:18:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/17 19:18:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/17 19:18:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/17 19:18:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/17 19:17:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/17 19:16:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/17 14:22:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Arthur Akins\IECompatCache
[2010/04/16 16:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/15 19:24:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Arthur Akins\IETldCache
[2010/04/15 19:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arthur Akins\Desktop\Malware
[2010/04/14 20:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/14 20:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/14 20:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/14 15:38:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2010/04/14 15:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/04/14 14:46:39 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/04/14 13:37:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/14 13:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/14 12:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/14 12:26:15 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/14 12:26:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/14 12:26:15 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/14 12:26:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/14 12:26:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/14 08:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/14 08:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/14 08:53:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/14 08:53:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/14 08:28:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pidgen.dll.wga
[2010/04/14 08:28:23 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpcdll.dll.wga
[2010/04/14 01:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/04/14 01:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/04/13 21:48:19 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/04/13 21:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/13 18:59:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/13 18:54:18 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/04/13 18:54:18 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/04/13 18:54:18 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/04/13 18:54:18 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/04/13 18:54:18 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/04/13 18:54:17 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/04/13 18:53:46 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/04/13 18:53:43 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/04/13 18:53:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/04/13 18:53:40 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/04/13 18:53:33 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/04/13 18:53:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/04/13 18:53:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/04/13 18:53:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/04/13 18:53:29 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/04/13 18:53:29 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/04/13 18:53:28 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/04/13 18:53:28 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/04/13 18:53:28 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/04/13 18:53:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/04/13 18:53:19 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010/04/13 18:53:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/04/13 18:53:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/04/13 18:53:17 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/04/13 18:53:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/04/13 18:53:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/04/13 18:53:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/04/13 18:53:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/04/13 18:53:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/04/13 18:53:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/04/13 18:53:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/04/13 18:53:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/04/13 18:53:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/04/13 18:53:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/04/13 18:53:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/04/13 18:53:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/04/13 18:53:15 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/04/13 18:53:13 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/04/13 18:53:13 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/04/13 18:53:13 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/04/13 18:53:04 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/04/13 18:53:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/04/13 18:53:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/04/13 18:53:04 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/04/13 18:53:04 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/04/13 18:53:04 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/04/13 18:53:04 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/04/13 18:52:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/04/13 18:52:57 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/04/13 18:52:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/04/13 18:52:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/04/13 18:52:52 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/04/13 18:52:51 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/04/13 18:52:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/04/13 18:52:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/04/13 18:52:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/04/13 18:52:50 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/04/13 18:52:34 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/04/13 18:52:22 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/04/13 18:52:11 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/04/13 18:52:11 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/04/13 18:52:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/04/13 18:52:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/04/13 18:52:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/04/13 18:52:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/04/13 18:52:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/04/13 18:52:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/04/13 18:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/04/13 18:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/04/13 18:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/04/13 18:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/04/13 18:52:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/04/13 18:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/04/13 18:52:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/04/13 18:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/04/13 18:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/04/13 18:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/04/13 18:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/04/13 18:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/04/13 18:51:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/04/13 18:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/04/13 18:51:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/04/13 18:51:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/04/13 18:51:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/04/13 18:51:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/04/13 18:51:56 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/04/13 18:51:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/04/13 18:51:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/04/13 18:51:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/04/13 18:51:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/04/13 18:51:38 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/04/13 18:51:37 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/04/13 18:51:37 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/04/13 18:51:37 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/04/13 18:51:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/04/13 18:51:28 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/04/13 18:51:26 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/04/13 18:51:25 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/04/13 18:51:25 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/04/13 18:51:25 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/04/13 18:51:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/04/13 18:51:06 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/04/13 18:51:06 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/04/13 18:51:04 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/04/13 18:51:04 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/04/13 18:51:04 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/04/13 18:51:03 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/04/13 18:51:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/04/13 18:51:02 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/04/13 18:51:02 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/04/13 18:51:02 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/04/13 18:51:02 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/04/13 18:51:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/04/13 18:51:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/04/13 18:51:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/04/13 18:50:59 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/04/13 18:50:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/04/13 18:50:46 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/04/13 18:50:46 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/04/13 18:50:46 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/04/13 18:50:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/04/13 18:50:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/04/13 18:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/04/13 18:45:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/04/13 18:39:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/04/13 18:38:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/04/13 18:38:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/04/13 18:38:35 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/04/13 18:38:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/04/13 18:38:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/04/13 18:38:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/04/13 18:38:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/04/13 18:38:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/04/13 05:33:53 | 000,036,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dosapp.fon
[2010/04/11 20:35:42 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/04/11 20:35:42 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/04/11 20:35:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/04/11 20:35:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/04/11 12:33:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2010/04/10 23:53:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/10 23:53:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/10 23:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 08:50:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Arthur Akins\Recent
[2010/04/07 07:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 07:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\avG
[2010/04/07 07:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/07 07:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/07 06:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 06:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 12:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arthur Akins\Application Data\C6EE56CCF0E2DD9A471316C132F3B8B6
[2010/04/06 12:27:30 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2009/02/17 07:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/16 10:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/21 08:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/03/21 08:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/12/13 15:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/13 09:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2004/09/16 19:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2 C:\Documents and Settings\Arthur Akins\My Documents\*.tmp files -> C:\Documents and Settings\Arthur Akins\My Documents\*.tmp -> ]
[164 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/19 04:29:02 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arthur Akins\Desktop\OTL.exe
[2010/04/19 04:18:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3883031571-3467996092-3652237072-1013UA.job
[2010/04/19 04:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/19 04:03:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/19 00:41:12 | 059,034,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/18 19:58:44 | 000,705,536 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/18 19:58:44 | 000,370,688 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/04/18 19:55:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/18 19:54:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/04/18 19:54:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/18 19:43:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/18 19:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/18 19:43:31 | 803,278,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/18 19:42:13 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\NTUSER.DAT
[2010/04/18 19:42:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Arthur Akins\NTUSER.INI
[2010/04/18 19:27:09 | 003,919,755 | R--- | M] () -- C:\Documents and Settings\Arthur Akins\Desktop\Combo-Fix.exe
[2010/04/18 13:18:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3883031571-3467996092-3652237072-1013Core.job
[2010/04/17 19:59:18 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/17 09:56:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\defogger_reenable
[2010/04/16 08:11:31 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 20:38:16 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/14 19:45:57 | 000,525,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/14 19:45:57 | 000,443,900 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/04/14 19:45:57 | 000,072,572 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/04/14 15:15:52 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.original
[2010/04/14 13:41:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 13:10:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/14 12:25:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/14 12:25:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/14 12:25:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/14 12:25:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/14 12:25:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/14 08:49:48 | 000,000,638 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/04/14 08:49:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/14 08:28:31 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/04/13 21:47:56 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/13 21:47:55 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/13 21:47:54 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/13 21:47:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/13 21:47:52 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/13 21:47:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/13 19:27:26 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/13 18:58:25 | 000,481,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 18:55:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/13 18:49:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/13 18:48:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/13 18:48:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/13 18:48:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/13 18:45:50 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/13 18:45:50 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/13 18:42:54 | 000,027,792 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/13 18:42:04 | 000,001,078 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010/04/13 05:58:40 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/11 07:08:46 | 000,009,586 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/04/11 07:04:25 | 000,000,004 | ---- | M] () -- C:\Program Files\1565609.dat
[2010/04/10 23:53:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 23:45:14 | 000,010,506 | -HS- | M] () -- C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\86K35bLqF
[2010/04/10 23:45:14 | 000,010,506 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\86K35bLqF
[2010/04/10 06:36:23 | 000,000,004 | ---- | M] () -- C:\Program Files\1080250.dat
[2010/04/06 10:41:58 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\Desktop\Microsoft Word.lnk
[2010/04/06 09:34:38 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\My Documents\Brown Trout Gallery&Gift 2010.xls
[2010/04/06 09:31:35 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\My Documents\Brown Trout Cafe 2010.xls
[2010/04/05 10:53:38 | 004,816,276 | -H-- | M] () -- C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\IconCache.db
[2010/04/03 11:26:03 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\My Documents\SHOP LOC16.doc
[2010/04/01 13:10:00 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\My Documents\Brown Trout Gallery&Gift for 2009.xls
[2010/03/30 13:45:36 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\Desktop\Microsoft Excel.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 10:38:02 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\My Documents\TIME CARD.xls
[2010/03/28 10:35:56 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Arthur Akins\My Documents\SCHEDULE CAFEAUG.xls
[2 C:\Documents and Settings\Arthur Akins\My Documents\*.tmp files -> C:\Documents and Settings\Arthur Akins\My Documents\*.tmp -> ]
[164 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 19:59:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/17 19:59:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/17 19:18:01 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/17 19:18:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/17 19:18:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/17 19:18:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/17 19:18:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/17 19:13:07 | 003,919,755 | R--- | C] () -- C:\Documents and Settings\Arthur Akins\Desktop\Combo-Fix.exe
[2010/04/17 09:56:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\defogger_reenable
[2010/04/16 08:11:31 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 20:38:16 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/14 15:37:52 | 803,278,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/14 13:13:54 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3883031571-3467996092-3652237072-1013UA.job
[2010/04/14 13:13:52 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3883031571-3467996092-3652237072-1013Core.job
[2010/04/14 13:10:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/14 08:49:37 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/04/14 08:49:37 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/04/13 21:47:56 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/13 18:51:03 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/04/13 18:50:58 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/04/13 18:50:58 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/04/13 18:50:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/04/13 18:50:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/04/13 18:50:57 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/04/13 18:50:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/04/13 18:50:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/04/13 18:50:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/04/13 18:50:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/04/13 18:50:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/04/13 18:50:53 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/04/13 18:50:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/04/13 18:50:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/04/13 18:50:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/04/13 18:50:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/04/13 18:50:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/04/13 18:50:52 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/04/13 18:50:52 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/04/13 18:50:52 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/04/13 18:50:52 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/04/13 18:50:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/04/13 18:50:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/04/13 18:50:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/04/13 18:50:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/04/13 18:50:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/04/13 18:50:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/04/13 18:50:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/04/13 18:50:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/04/13 18:50:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/04/13 18:50:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/04/13 18:50:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/04/13 18:50:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/04/13 18:50:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/04/13 18:50:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/04/13 18:45:50 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/13 18:45:39 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/13 05:58:40 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/11 20:36:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 20:35:24 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/04/11 20:35:24 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/04/11 20:35:24 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/04/11 20:35:24 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/04/11 20:35:24 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/04/11 20:35:24 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/04/11 20:35:24 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/04/11 20:35:24 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/04/11 20:35:23 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/04/11 20:35:23 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/04/11 20:35:23 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/04/11 20:35:23 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/04/11 20:35:23 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/04/11 20:35:23 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/04/11 20:35:23 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/04/11 20:35:23 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/04/11 20:35:23 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/04/11 20:35:22 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/04/11 20:35:22 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/04/11 07:04:25 | 000,000,004 | ---- | C] () -- C:\Program Files\1565609.dat
[2010/04/10 23:53:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 06:36:23 | 000,000,004 | ---- | C] () -- C:\Program Files\1080250.dat
[2010/04/06 12:27:58 | 000,010,506 | -HS- | C] () -- C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\86K35bLqF
[2010/04/06 12:27:58 | 000,010,506 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\86K35bLqF
[2010/04/03 11:26:02 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\My Documents\SHOP LOC16.doc
[2008/09/18 08:45:28 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\NTUSER.DAT
[2008/09/09 12:13:07 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2008/04/13 22:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/09 16:46:51 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/25 13:30:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\ini.tpl
[2006/12/08 08:43:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/14 10:02:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/04/12 08:09:20 | 000,005,366 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/12 08:09:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/11 00:01:16 | 002,888,620 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\ProductContext6200.log
[2006/04/10 15:23:34 | 000,002,476 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/04 17:17:05 | 000,000,144 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/04 08:10:28 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\LuResult.txt
[2005/05/16 11:42:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2005/05/05 18:44:36 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\ExecNetsh.txt
[2005/04/25 12:51:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/04 16:22:25 | 000,000,203 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/21 17:11:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/10/08 17:11:59 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\Application Data\PFP110JPR.{PB
[2004/10/08 17:11:59 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\Application Data\PFP110JCM.{PB
[2004/09/04 11:38:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\QBInstanceFinder.log
[2004/09/03 14:53:13 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2004/08/10 08:56:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/07/20 09:20:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/06/22 06:21:09 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\fusioncache.dat
[2004/06/20 12:26:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/19 10:33:58 | 000,000,532 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/06/18 17:04:51 | 000,176,594 | ---- | C] () -- C:\Documents and Settings\Arthur Akins\~
[2004/06/18 15:01:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\RPROschd.INI
[2004/06/18 13:49:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 13:39:38 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Arthur Akins\ntuser.dat.LOG
[2004/06/18 13:39:38 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Arthur Akins\NTUSER.INI
[2004/06/18 13:38:29 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/06/18 13:38:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/06/14 16:10:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/14 15:57:20 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/06/14 15:54:08 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/14 15:21:40 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 14:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 11:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/19 15:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/15 22:35:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2004/02/19 10:58:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\metrodbdll.dll
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/03/20 10:58:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/14 08:49:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/17 19:59:18 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007/01/30 16:45:41 | 000,000,076 | ---- | M] () -- C:\Catalog.LiveSubscribe
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/04/18 20:06:03 | 000,017,593 | ---- | M] () -- C:\ComboFix.txt
[2004/03/20 10:58:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/06/14 15:25:38 | 000,004,856 | RH-- | M] () -- C:\DELL.SDR
[2010/04/06 12:46:07 | 000,000,216 | ---- | M] () -- C:\feed.txt
[2010/04/18 19:43:31 | 803,278,848 | -HS- | M] () -- C:\hiberfil.sys
[2004/03/20 10:58:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/06/14 15:56:06 | 000,000,866 | -H-- | M] () -- C:\IPH.PH
[2008/04/19 12:25:35 | 000,019,968 | ---- | M] () -- C:\kirsten storie 3.doc
[2008/04/19 19:45:24 | 000,019,456 | ---- | M] () -- C:\kirstensfamilystory.doc
[2010/04/13 19:37:08 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/03/20 10:58:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/18 19:43:30 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
[2010/04/15 19:25:32 | 000,000,391 | ---- | M] () -- C:\rkill.log
[2004/08/21 10:41:23 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2004/06/14 15:57:43 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini


< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 11:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/03/19 15:43:04 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2003/04/23 07:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/03/19 15:37:08 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: IASTOR.SYS >
[2009/05/12 08:21:21 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/03/19 15:40:30 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/03/19 15:42:24 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/03/19 15:42:34 | 001,157,632 | ---- | M] (Microsoft Corporation) MD5=2564949DBE5F643F50913BBE45D346E2 -- C:\I386\SFCFILES.DLL
[2009/05/12 08:21:25 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=362BC5AF8EAF712832C58CC13AE05750 -- C:\WINDOWS\SYSTEM32\sfcfiles.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/04/11 12:44:02 | 000,786,432 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2010/04/11 07:18:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2010/04/11 12:44:02 | 039,059,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2010/04/11 12:44:02 | 008,126,464 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >



OTL Extras logfile created on: 4/19/2010 4:35:01 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Arthur Akins\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 41.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 50.60 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 986.39 Mb Total Space | 647.02 Mb Free Space | 65.60% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POS
Current User Name: Arthur Akins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe" = C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe:*:Enabled:Adaptive Server Anywhere Network Server -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgr.exe" = C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgr.exe:*:Enabled:Adaptive Server Anywhere Database Engine -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374625-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier: Retail Edition 2005
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2b02f825-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Retail Edition 2004
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}" = ANIWZCS Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus Xtreme G
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9ABA26E1-843A-4A72-95AF-C72474E191F6}" = Hoyle Card Games 2003
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBA67AB4-94E3-4818-8104-7B6CF7F8538C}" = DesignPro 5.0 Sign Edition
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C8A88636-9D7B-4755-B86E-733A52AB88A6}" = QuickBooks Point of Sale
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F2C67ACD-7AE1-4D19-8EB3-7024C5F64C2A}" = QuickBooks Point of Sale 4.0
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avery Wizard 2.1 MSW2000" = Avery® Wizard 2.1 forMicrosoft® Word 2000
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner (remove only)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus Xtreme G
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{9ABA26E1-843A-4A72-95AF-C72474E191F6}" = Hoyle Card Games 2003
"InstallShield_{BBA67AB4-94E3-4818-8104-7B6CF7F8538C}" = DesignPro 5.0 Sign Edition
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"PrintMaster Platinum 4.00" = PrintMaster Platinum 4.00
"RealPlayer 6.0" = RealPlayer
"Typing Pal 3" = Typing Pal 3.0
"Ultimate Mahjongg" = Ultimate Mahjongg
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Puzzle Pirates" = Puzzle Pirates

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2010 7:36:47 AM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 9:36:50 AM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 11:36:53 AM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 12:51:21 PM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 12:51:22 PM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/17/2010 2:51:35 PM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 4:51:40 PM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 6:51:42 PM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/17/2010 8:51:45 PM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/18/2010 12:51:49 AM | Computer Name = POS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 4/17/2010 9:00:00 PM | Computer Name = POS | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402

Error - 4/17/2010 10:00:00 PM | Computer Name = POS | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 4/17/2010 10:00:00 PM | Computer Name = POS | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402

Error - 4/18/2010 1:06:41 AM | Computer Name = POS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 4/18/2010 1:06:41 AM | Computer Name = POS | Source = Service Control Manager | ID = 7023
Description = The Windows Protected Access service terminated with the following
error: %%126

Error - 4/18/2010 1:09:16 AM | Computer Name = POS | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 4/18/2010 1:25:41 AM | Computer Name = POS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 4/18/2010 1:28:15 AM | Computer Name = POS | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 4/18/2010 10:43:56 PM | Computer Name = POS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 4/18/2010 10:45:26 PM | Computer Name = POS | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.


< End of report >


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:46 AM

Posted 19 April 2010 - 10:55 AM

The other copy of that file in the computer doesn't seem appropriate. Please go to VirusTotal and scan the following file:

C:\WINDOWS\SYSTEM32\sfcfiles.dll

Copy and paste the results.
  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    DRV - File not found [Kernel | Auto | Stopped] -- -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)

    :files
    C:\SDFix
    C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\86K35bLqF
    C:\Documents and Settings\All Users\Application Data\86K35bLqF

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Is the computer still redirecting?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 buggssy

buggssy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 19 April 2010 - 08:50 PM

The system has stopped redirecting. Great Job!

Here are the posts:



File sfcfiles.dll received on 2010.04.09 02:04:38 (UTC)
Current status: finished

Result: 0/39 (0.00%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.09 -
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.49 2010.04.08 -
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 -
Avast 4.8.1351.0 2010.04.08 -
Avast5 5.0.332.0 2010.04.08 -
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.09 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4544 2010.04.09 -
DrWeb 5.0.2.03300 2010.04.09 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7416 2010.04.08 -
F-Prot 4.5.1.85 2010.04.08 -
F-Secure 9.0.15370.0 2010.04.08 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 -
Ikarus T3.1.1.80.0 2010.04.09 -
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.09 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.08 -
NOD32 5011 2010.04.08 -
Norman 6.04.11 2010.04.08 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 -
PCTools 7.0.3.5 2010.04.09 -
Prevx 3.0 2010.04.09 -
Rising 22.42.03.03 2010.04.08 -
Sophos 4.52.0 2010.04.09 -
Sunbelt 6153 2010.04.09 -
Symantec 20091.2.0.41 2010.04.09 -
TheHacker 6.5.2.0.258 2010.04.08 -
TrendMicro 9.120.0.1004 2010.04.08 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 -
Additional information
File size: 1614848 bytes
MD5 : 362bc5af8eaf712832c58cc13ae05750
SHA1 : c8c2d44f34115f27f10bc435dd986d4eff00fe3f
SHA256: 8b9ef2f37266e7dcb4ebfc0e3f0065f6f5cc0d9555d7589ce8b5ca42cd158fc4
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x120D
timedatestamp.....: 0x48025222 (Sun Apr 13 20:34:10 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xCBF 0xE00 5.90 d3fe89394e3542961bec08f951a2b772
.data 0x2000 0x17E730 0x17E800 3.28 2e54b06118c98cf9da49ccc14783dee2
.rsrc 0x181000 0x408 0x600 2.49 6ad33d817c21d5547a4921c76c19efff
.reloc 0x182000 0xA230 0xA400 5.76 31a909823c459f02f7ee7c2c9f09fc93

( 1 imports )

> ntdll.dll: LdrDisableThreadCalloutsForDll, NtClose, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, RtlGetVersion, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind, NtQueryVirtualMemory

( 1 exports )

> SfcGetFiles
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:uUeP8F3PH/mvTKurhqCaDfzqdKfD+P7KbLxvmzmeXuNrR4:ur8Fymfzqn4Lxvmzp
sigcheck: publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows 2000 System File Checker
original name:
internal name:
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
RDS : NSRL Reference Data Set




All processes killed
========== OTL ==========
Service zumbus stopped successfully!
Service zumbus deleted successfully!
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Error: No service named wanatw) WAN Miniport (ATW was found to stop!
Service\Driver key wanatw) WAN Miniport (ATW not found.
Service Simbad stopped successfully!
Service Simbad deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Service Atdisk stopped successfully!
Service Atdisk deleted successfully!
Service Abiosdsk stopped successfully!
Service Abiosdsk deleted successfully!
========== FILES ==========
C:\SDFix\backups\movedfile.vir\SDFix_Filecheck\SF folder moved successfully.
C:\SDFix\backups\movedfile.vir\SDFix_Filecheck folder moved successfully.
C:\SDFix\backups\movedfile.vir\Google Toolbar folder moved successfully.
C:\SDFix\backups\movedfile.vir\956d2004-53a4-47ac-a127-50d34241d226 folder moved successfully.
C:\SDFix\backups\movedfile.vir\49c0c279-4a66-49e1-944a-e644c8d97b04 folder moved successfully.
C:\SDFix\backups\movedfile.vir folder moved successfully.
C:\SDFix\backups folder moved successfully.
C:\SDFix\apps\Replace\xp folder moved successfully.
C:\SDFix\apps\Replace\w2k folder moved successfully.
C:\SDFix\apps\Replace folder moved successfully.
C:\SDFix\apps folder moved successfully.
C:\SDFix folder moved successfully.
C:\Documents and Settings\Arthur Akins\Local Settings\Application Data\86K35bLqF moved successfully.
C:\Documents and Settings\All Users\Application Data\86K35bLqF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Arthur Akins
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1913188 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33165720 bytes
->Apple Safari cache emptied: 181462619 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->FireFox cache emptied: 1698713 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 616267 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 8920 bytes

User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373795 bytes
->Java cache emptied: 9064 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 898 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 127159057 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8272 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 764793 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 332.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.3 log created on 04192010_184135

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:46 AM

Posted 19 April 2010 - 10:56 PM

Congratulations.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.
Launch OTL and click on the Cleanup button. Follow the prompts.

Manually remove any tool left.

Create a Restore point:
  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  4. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  5. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  6. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:46 AM

Posted 27 April 2010 - 01:03 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users