Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Redirects, unable to update virus definitions


  • Please log in to reply
34 replies to this topic

#1 Nimrod919112

Nimrod919112

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 10 May 2010 - 11:28 PM

First of all, let my say thank you very much for taking your time to help me out! I am having some problems. Every yahoo link I click redirects me. I cannot update virus programs (however yesterday I reinstalled Malwarebytes and somehow was able to).

I ran Malwarebytes and SUPERAntiSpyware and got rid of a few things. However the situation isn't any better. It's getting pretty frustrating. Also I was unable to Create a GMER Log as it just crashes when loading. My apologies. Any help would be greatly appreciated!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 0:18:38.50 on Tue 05/11/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1519 [GMT -4:00]

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\Customapp\PROGRAM\RAZER BARRACUDA AC-1 GAMING AUDIO CARD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Firefox 3.5\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\roboform\roboform.dll
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Zone Labs Client] "c:\program files\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
IE: Customize Menu - file://c:\program files\roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\roboform\RoboFormComSavePass.html
Trusted Zone: line6.net
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: AnyDiscHelp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\k2okeeo4.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\vlc mediaplayer\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox 3.5\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox 3.5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\firefox 3.5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\firefox 3.5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\firefox 3.5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\firefox 3.5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\firefox 3.5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\firefox 3.5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\firefox 3.5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\firefox 3.5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\firefox 3.5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\firefox 3.5\greprefs\all.js - pref("html5.enable", false);
c:\program files\firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\firefox 3.5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\firefox 3.5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\firefox 3.5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\firefox 3.5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\firefox 3.5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2005-5-11 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2005-5-11 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-9 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [2008-3-21 1423360]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2007-1-29 29312]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-4-17 223128]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-8-21 394872]
S2 EZWRIT3;EZWRIT3;c:\windows\system32\drivers\ezwrit3.sys [2006-7-10 12672]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
S3 adxapie;adxapie;\??\c:\docume~1\compaq~1\locals~1\temp\adxapie.sys --> c:\docume~1\compaq~1\locals~1\temp\adxapie.sys [?]
S3 APLOADER;APLOADER;c:\windows\system32\drivers\ApLoader.SYS [2006-7-10 21376]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [2007-1-29 609408]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]

=============== Created Last 30 ================

2010-05-11 03:53:16 0 d-----w- c:\windows\SxsCaPendDel
2010-05-11 03:28:45 0 d-----w- c:\program files\Hijack This
2010-05-11 02:08:44 0 d-----w- c:\program files\AnyDVD2
2010-05-11 01:44:04 0 d-----w- c:\program files\AnyDVD
2010-05-10 04:38:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-10 04:37:52 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-10 04:37:52 0 d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2010-05-10 04:22:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-10 02:57:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-10 02:55:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-10 02:54:43 0 d-----w- c:\program files\Lavasoft
2010-05-10 01:01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 01:01:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 16:32:18 0 d-----w- c:\program files\Bonjour
2010-05-09 13:49:06 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-08 22:53:41 24 ----a-w- c:\windows\0F76CD0E4C7A6E1A.log[20100508_1853].bak
2010-05-08 22:47:56 4608 ------w- c:\windows\system32\AnyDiscHelp.dll
2010-05-03 04:40:01 0 d-----w- C:\ib
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-23 16:31:01 106432 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

==================== Find3M ====================

2010-05-11 01:54:48 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-05-10 00:30:27 87608 ----a-w- c:\docume~1\compaq~1\applic~1\inst.exe
2010-05-10 00:30:27 47360 ----a-w- c:\docume~1\compaq~1\applic~1\pcouffin.sys
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-19 13:31:57 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-13 15:26:55 27652 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2008-01-14 01:02:29 0 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 0:19:24.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 12 May 2010 - 05:58 PM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Since you're having issues with GMEr, please try in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, please run in safe mode, but only check 'files' and 'sections'. Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Nimrod919112

Nimrod919112
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 17 May 2010 - 07:19 PM

Sheesh! Sorry for taking forever to reply. I was able to run gmer this time. So here is everything. However.. now I'm having problems with websites loading really funny looking, then normal after refreshing. Maybe related somehow, I'm not sure. Thanks again for taking your time to help others with their problems!

OTL.txt
OTL logfile created on: 5/16/2010 7:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.38 Gb Total Space | 8.98 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.82 Gb Free Space | 17.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 19:57:33 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/05/16 17:39:55 | 000,029,696 | ---- | M] (eSXi) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\svchost.exe
PRC - [2010/04/03 11:14:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox 3.5\firefox.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/12 23:13:20 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/16 19:57:33 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/05/16 17:40:03 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\system32\fontinst.dll
MOD - [2010/05/08 18:47:56 | 000,004,608 | ---- | M] () -- C:\WINDOWS\system32\AnyDiscHelp.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 17:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/03 14:21:00 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2005/08/10 23:17:28 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2005/01/21 23:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/12/05 02:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/10/20 01:59:21 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/01/29 21:22:42 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)
DRV - [2007/01/29 21:17:36 | 000,609,408 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6PODLV.sys -- (L6PODLV)
DRV - [2006/12/28 04:38:54 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/12/07 11:23:00 | 001,423,360 | ---- | M] (Razer) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2006/09/09 09:43:05 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/06/18 17:54:58 | 000,394,872 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/04/17 00:49:31 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/12 10:00:38 | 000,012,672 | ---- | M] (USTC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ezwrit3.sys -- (EZWRIT3)
DRV - [2005/10/18 12:00:46 | 000,021,376 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ApLoader.SYS -- (APLOADER)
DRV - [2005/01/21 23:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 23:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 23:31:46 | 000,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 23:31:44 | 000,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 23:31:44 | 000,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 23:31:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/12/20 19:58:18 | 000,110,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/12/10 13:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/12/10 13:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/08/23 13:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/08/03 17:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/07/19 20:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 07:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/12/12 09:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/05/06 12:01:08 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.startnow.com/
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..browser.search.selectedEngine: "Search"


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Firefox (3)\components [2010/04/10 13:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Firefox (3)\plugins [2010/05/09 09:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Firefox 3\components [2010/04/10 13:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Firefox 3\plugins [2010/05/09 09:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Firefox 3.5\components [2010/05/16 19:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Firefox 3.5\plugins [2010/05/09 09:55:10 | 000,000,000 | ---D | M]

[2008/07/24 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/05/15 19:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions
[2009/01/28 01:32:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/02/18 20:35:08 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/03/13 10:57:08 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2010/05/03 20:11:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/02/22 13:14:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/09/14 15:37:37 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/02/22 13:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}(2)
[2010/04/17 11:24:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/22 13:14:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/05/02 11:01:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/14 18:22:56 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/22 13:16:03 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010/01/25 23:44:21 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2008/11/14 23:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\snaplinks@snaplinks.net
[2010/04/04 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\tubestop@efinke.com
[2009/08/04 22:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions
[2005/05/24 17:29:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2005/05/24 18:02:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2005/05/25 13:23:17 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2005/08/07 02:00:42 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2005/05/24 17:29:27 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2005/05/24 17:29:28 | 000,000,000 | ---D | M] (ieview) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2005/05/24 18:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{71C54606-83ED-4ea6-9315-1AAB29466D33}
[2005/05/25 12:38:13 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2005/06/12 06:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2005/05/24 17:11:31 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/22 13:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/02/22 13:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}(2)
[2010/03/02 23:00:14 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2005/05/24 17:37:11 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2005/05/25 12:47:35 | 000,000,000 | ---D | M] (FLST) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{cd2b821e-19f9-40a7-ac5c-08d6c197fc43}
[2005/05/24 18:49:25 | 000,000,000 | ---D | M] (Add Bookmark Here) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{F33233B3-EDB1-41f4-8482-917AB190E647}
[2005/05/25 13:23:16 | 000,000,000 | ---D | M] (Text to Image) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2005/05/24 18:05:12 | 000,000,000 | ---D | M] (Mouse Gestures) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2005/08/07 02:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\temp
[2008/04/26 16:44:42 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\searchplugins\search.xml

O1 HOSTS File: ([2008/02/29 14:50:16 | 000,227,676 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7988 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Roboform\roboform.dll (Siber Systems)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Roboform\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Roboform\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O8 - Extra context menu item: Customize Menu - C:\Program Files\Roboform\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Roboform\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Roboform\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Roboform\RoboFormComSavePass.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.62.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) - C:\WINDOWS\System32\AnyDiscHelp.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 09:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{905b8742-5620-11d9-8071-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{905b8742-5620-11d9-8071-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{905b8742-5620-11d9-8071-806d6172696f}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: diskec32 - (C:\WINDOWS\system32\fontinst.dll) - C:\WINDOWS\system32\fontinst.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/05 03:29:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SENS - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "SNDSrvc"
MsConfig - Services: "navapsvc"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "MDM"
MsConfig - Services: "O&O Defrag"
MsConfig - Services: "Avg7UpdSvc"
MsConfig - Services: "Avg7Alrt"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "NMIndexingService"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "ImapiService"
MsConfig - Services: "Bonjour Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGEIA PhysX SysTray - hkey= - key= - C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
MsConfig - StartUpReg: AlcxMonitor - hkey= - key= - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\AnyDVD2\AnyDVD.exe (SlySoft, Inc.)
MsConfig - StartUpReg: AVG7_CC - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Awola - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: Cmaudio8788 - hkey= - key= - File not found
MsConfig - StartUpReg: combofix - hkey= - key= - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: InCD - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Microsoft Windows Adapter 5.1.3214 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OFFICEKB - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Sonic RecordNow! - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Srro - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: Symantec NetDriver Monitor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ViewMgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - Security Update for Microsoft .NET Framework 2.0 (KB922770)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {967B098A-042D-4367-BAC9-8BC11684174F} - Security Update for Microsoft .NET Framework 2.0 (KB917283)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\L3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.DX50 - C:\WINDOWS\System32\DivXVfWCodec.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: vidc.SEDG - C:\WINDOWS\System32\SamsungVfWCodec.dll ()
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (7050485169127424)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 19:57:33 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/05/11 12:01:06 | 000,000,000 | ---D | C] -- C:\del
[2010/05/10 23:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/10 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Hijack This
[2010/05/10 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\AnyDVD2
[2010/05/10 21:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\AnyDVD
[2010/05/10 00:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/10 00:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2010/05/10 00:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/09 22:57:10 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/09 22:55:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/09 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/09 21:01:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/09 21:01:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/09 12:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/09 09:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/09 09:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Windows Server
[2010/05/08 19:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\SlySoft.AnyDVD.HD.v6.6.3.4.Multilingual.WinAll.Incl.Keygen.and.Patch-BRD
[2010/05/08 18:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\v6.6.3.6
[2010/05/03 00:40:01 | 000,000,000 | ---D | C] -- C:\ib
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 12:31:01 | 000,106,432 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/04/17 13:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Slash - Slash (2010)
[2010/04/17 13:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\1995 - It's Five O'clock Somewhere
[2010/04/11 23:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Insanity
[2010/04/10 13:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/19 09:31:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/17 11:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Trilogy soundtrack
[2010/03/08 13:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/19 15:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 15:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 15:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 15:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2005/05/11 05:32:32 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2005/05/11 05:32:32 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 19:57:33 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/05/16 19:56:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/05/16 17:40:03 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\System32\fontinst.dll
[2010/05/16 17:40:02 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\kqyvwo.dat
[2010/05/16 11:51:51 | 000,003,857 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Library.rtf
[2010/05/16 10:23:00 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/16 10:22:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 10:22:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/16 10:21:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 10:21:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 10:20:24 | 018,874,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/05/16 10:20:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/05/16 10:20:10 | 000,001,214 | ---- | M] () -- C:\WINDOWS\System\Cmicnfgp.ini
[2010/05/16 10:20:05 | 000,000,756 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/16 10:20:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/16 10:20:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/15 19:46:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/05/13 20:10:25 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 00:08:28 | 000,002,579 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2010/05/10 22:17:48 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/10 22:08:48 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/05/10 21:54:48 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/10 00:37:59 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/09 22:55:02 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/09 21:01:47 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/09 20:30:27 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
[2010/05/09 20:30:27 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
[2010/05/09 20:30:27 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.cat
[2010/05/09 20:30:27 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.inf
[2010/05/09 20:28:19 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/09 19:34:39 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\360.rtf
[2010/05/09 13:54:01 | 004,773,847 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Tone Loc - Funky Cold Medina.mp3
[2010/05/09 12:41:09 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/08 18:47:56 | 000,004,608 | ---- | M] () -- C:\WINDOWS\System32\AnyDiscHelp.dll
[2010/05/02 11:53:36 | 002,117,816 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\avatar7930_15.gif
[2010/05/02 01:38:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/04/20 20:00:23 | 000,298,522 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\page 1 ©.JPG
[2010/04/20 19:52:10 | 000,258,982 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\page 1.JPG
[2010/04/07 07:49:14 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mw2.rtf
[2010/03/28 23:58:13 | 004,263,652 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2010/03/28 22:14:59 | 000,001,100 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TA45p2
[2010/03/28 22:14:59 | 000,001,100 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\TA45p2
[2010/03/22 19:02:08 | 000,005,046 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\OIXQ
[2010/03/22 19:02:08 | 000,005,046 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\OIXQ
[2010/03/22 18:07:29 | 000,007,858 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\VH56DJI7u87yo
[2010/03/22 18:07:29 | 000,007,858 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/22 18:07:28 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll
[2010/03/21 02:09:22 | 000,010,308 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjKmVd7cW2
[2010/03/21 02:09:22 | 000,010,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kjKmVd7cW2
[2010/03/19 19:58:23 | 004,124,779 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Godsmack - Whatever.mp3
[2010/03/19 09:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/16 23:00:09 | 000,568,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 23:00:09 | 000,473,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/16 23:00:09 | 000,084,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 23:05:17 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Foreign films.rtf
[2010/03/15 00:07:17 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DVD copy.rtf
[2010/03/13 11:26:55 | 000,027,652 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/13 01:55:55 | 010,516,551 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Scorpions - The Zoo.mp3
[2010/03/12 19:47:02 | 004,435,521 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\The Rolling Stones - Give Me Shelter.mp3
[2010/03/09 11:01:00 | 014,779,393 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\03_Raw_Dog.mp3
[2010/03/08 13:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/07 14:28:40 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/02/19 15:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 15:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 15:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 15:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 17:40:03 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\fontinst.dll
[2010/05/16 17:40:02 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\kqyvwo.dat
[2010/05/10 23:28:45 | 000,002,579 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2010/05/10 21:44:08 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/05/10 00:37:59 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/10 00:22:44 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/09 23:02:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/09 22:55:02 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/09 21:01:47 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/09 20:39:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/09 13:53:54 | 004,773,847 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Tone Loc - Funky Cold Medina.mp3
[2010/05/09 12:41:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/08 18:47:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AnyDiscHelp.dll
[2010/05/06 23:03:25 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\360.rtf
[2010/05/02 11:53:34 | 002,117,816 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\avatar7930_15.gif
[2010/04/20 20:00:23 | 000,298,522 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\page 1 ©.JPG
[2010/04/20 19:52:10 | 000,258,982 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\page 1.JPG
[2010/04/07 07:49:14 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mw2.rtf
[2010/03/28 22:14:58 | 000,001,100 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TA45p2
[2010/03/28 22:14:58 | 000,001,100 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TA45p2
[2010/03/22 18:56:48 | 000,005,046 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\OIXQ
[2010/03/22 18:56:48 | 000,005,046 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\OIXQ
[2010/03/22 18:07:28 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll
[2010/03/22 00:01:09 | 000,007,858 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\VH56DJI7u87yo
[2010/03/22 00:01:09 | 000,007,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/21 01:27:58 | 000,010,308 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjKmVd7cW2
[2010/03/21 01:27:58 | 000,010,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kjKmVd7cW2
[2010/03/19 19:58:18 | 004,124,779 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Godsmack - Whatever.mp3
[2010/03/17 11:41:53 | 014,779,393 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\03_Raw_Dog.mp3
[2010/03/14 01:31:34 | 000,001,294 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Foreign films.rtf
[2010/03/13 11:26:55 | 000,027,652 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/12 19:46:54 | 004,435,521 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\The Rolling Stones - Give Me Shelter.mp3
[2010/03/10 21:42:12 | 010,516,551 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Scorpions - The Zoo.mp3
[2010/02/20 03:04:47 | 000,003,857 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Library.rtf
[2009/08/26 02:02:56 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/08/13 15:53:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/12/22 00:59:26 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/22 00:59:24 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/22 00:59:08 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/22 00:52:02 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/11/01 01:10:18 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2008/03/21 20:34:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmrmdrvp.dll
[2008/02/03 05:28:45 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/03 05:28:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/10 22:17:14 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/08 02:08:53 | 000,000,297 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/08/04 10:41:15 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/04/14 23:45:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/03 04:30:47 | 000,001,113 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007/02/12 15:58:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/09/02 14:33:54 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\msgas.dll
[2006/08/21 22:44:35 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/08/03 02:10:08 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2006/07/08 23:17:56 | 000,000,700 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/10 21:29:57 | 000,000,296 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2006/05/10 21:18:32 | 000,000,133 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2006/04/17 00:56:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/04/17 00:52:58 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/04/17 00:49:31 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/04/17 00:49:31 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd8957.sys
[2006/04/17 00:11:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\VGANGMJYMWVPD.SYS
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/02/19 15:55:10 | 000,000,727 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/02/06 21:50:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/11/27 05:49:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/20 03:30:19 | 000,000,831 | ---- | C] () -- C:\WINDOWS\CODUO.ini
[2005/10/15 00:28:55 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/28 01:33:38 | 000,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2005/06/13 03:22:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\BurnStar.INI
[2005/06/04 00:07:50 | 000,000,790 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2005/05/26 17:56:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/26 17:56:52 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/05/26 17:56:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/26 00:37:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/05/26 00:37:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/05/26 00:37:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/05/20 15:56:32 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/05/18 01:55:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/05/18 01:55:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/16 03:02:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/04 17:59:27 | 000,000,877 | ---- | C] () -- C:\WINDOWS\sofgold.INI
[2005/01/20 20:09:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/30 21:23:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/12/30 21:23:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CPUINFO.DLL
[2004/12/30 19:51:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/30 01:38:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xfire_lsp_10908.dll
[2004/10/29 15:26:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/29 15:26:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/29 15:26:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/29 15:26:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/29 15:26:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/29 15:26:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/17 18:12:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/11 10:19:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/10 11:49:42 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/10 11:42:09 | 000,025,960 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/10 11:41:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/10 11:25:46 | 000,000,622 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/10 09:57:41 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/10 09:57:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/10 09:57:14 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/10 09:44:56 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 09:19:50 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/29 08:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2004/08/10 12:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/05/09 01:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2007/09/14 01:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/01/21 19:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2005/01/17 15:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hyperbar
[2008/03/05 00:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2007/05/29 07:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2008/04/27 00:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/10 21:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/09/13 01:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonoma Wire Works
[2009/05/29 20:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/10/20 02:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2005/05/11 05:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/10 14:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/09 22:55:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/09/10 05:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/24 03:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/04 00:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\.ABC
[2008/12/04 00:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\.BitTornado
[2008/12/04 00:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\.bittorrent
[2008/12/04 00:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
[2008/03/20 04:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Aim
[2010/05/10 23:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Amazon
[2006/04/04 22:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CoreFTP
[2005/05/26 17:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Dash anti
[2007/09/26 02:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DMCache
[2006/07/23 02:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FlashFXP
[2006/05/05 04:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\fltk.org
[2006/11/04 00:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Gearbox Software
[2008/01/13 03:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2005/01/17 15:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Hyperbar
[2006/02/06 21:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ICAClient
[2007/09/03 18:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ImgBurn
[2008/02/29 23:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InfraRecorder
[2004/12/30 19:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2010/03/23 23:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\kikin
[2004/12/25 00:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2007/05/29 07:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Line 6
[2009/02/20 00:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Megaupload
[2007/08/02 07:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OnReally
[2009/09/27 22:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Opera
[2006/12/25 17:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Pi Eye Games
[2004/08/10 12:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2005/05/23 01:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SEGA
[2006/08/21 03:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SlySoft
[2006/06/24 02:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\System Requirements Lab
[2007/06/15 03:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SystemRequirementsLab
[2005/10/03 21:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2005/09/20 14:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2005/05/11 05:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
[2010/05/09 20:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
[2005/11/05 00:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Wildfire
[2004/08/10 12:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/05/15 19:46:39 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/05/16 10:22:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 17:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 17:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 17:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 17:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/03 17:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 17:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 17:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 17:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VAXSCSI.SYS >
[2006/12/28 04:38:54 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vaxscsi.sys

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2007/09/14 02:20:49 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2007/06/23 07:35:28 | 000,000,000 | ---D | M](C:\WINDOWS\System32\a?sembly) -- C:\WINDOWS\System32\aѕsembly
[2007/06/23 07:35:28 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2007/06/21 06:46:23 | 000,000,000 | ---D | C](C:\WINDOWS\System32\a?sembly) -- C:\WINDOWS\System32\aѕsembly

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xfire_lsp_10908.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VTTimer.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SymRedir.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spider.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimgvw.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shgina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schedsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcjt32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcji32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbccp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswstr10.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcirt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstsc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstask.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspatcha.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjtes40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjter40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSIMTF.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgas.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCTF.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpg2splt.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\moricons.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmcshext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipnathlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetwiz.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhsetup.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\expsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ersvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dsound.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\modem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipnat.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpnet.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dplayx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dinput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ddraw.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dciman32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d8.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compatUI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advpack.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\accwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\hpsysdrv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\hh.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\AGRSMMSG.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbajet32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utilman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telnet.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysmon.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SymNeti.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sorttbls.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndrec32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slayerxp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skeys.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfcfiles.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\security.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcad32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvfw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspaint.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msls31.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjint40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexch40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdmo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msapsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mobsync.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\magnify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logonui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locale.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\itss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\itircl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ir50_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\filemgmt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\faultrep.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\els.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx8vb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dwwin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dumprep.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vtmini.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\videoprt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\viaide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\viaagp1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\udfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tdi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMNDIS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMIDS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMFW.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMDNS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srvkp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sisgrp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\SISAGPX.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfloppy.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\R8139n51.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PS2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\pci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\npfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\intelide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fips.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fetnd5b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\fasttx2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fastfat.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Entech.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxg.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\amdk7.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ALCXSENS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\a347scsi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\a347bus.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpcdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\digest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\desk.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbghelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim700.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3d9.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cleanmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmfd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\access.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\24wwxsp1.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\NOTEPAD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DIIUnin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\tempdiff.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\telnet.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\ntuser.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\ml2.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\ml1.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\authz.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
< End of report >


Extras.txt
OTL Extras logfile created on: 5/16/2010 7:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.38 Gb Total Space | 8.98 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.82 Gb Free Space | 17.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox 3.5\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] --
https [open] --
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC MediaPlayer\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC MediaPlayer\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Zone Labs, LLC)
"C:\Program Files\Games\Diablo II\Diablo II.exe" = C:\Program Files\Games\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- (Blizzard North)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1133085073\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133085073\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1133085073\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1133085073\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Games\Medal of Honor - Pacific Assault\mohpa.exe" = C:\Program Files\Games\Medal of Honor - Pacific Assault\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™ -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Games\SWAT 4\ContentExpansion\System\Swat4X.exe" = C:\Program Files\Games\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate -- File not found
"C:\Program Files\Games\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe" = C:\Program Files\Games\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B072A33-D445-46D5-9442-7B41F5171AAC}" = Guitar Hero Explorer
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{322867FD-DC4A-41F3-BBEA-53CF5940FDB7}" = Elite Warriors - Vietnam Demo
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{329BF75E-4876-4687-9CAD-5AE7DE56EA22}" = The Punisher
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD25A8FE-964F-48DB-B5C5-AD4DDB3895AD}" = System Requirements Lab
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AI RoboForm" = AI RoboForm (All Users)
"AnyDVD" = AnyDVD
"AudioLabel" = AudioLabel
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"C-Media Oxygen HD Sound" = Razer Barracuda AC-1 Gaming Audio Card
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"DC++" = DC++ 0.698
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.7.0 (18/09/2009)
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Guild Wars" = Guild Wars
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GuitarPort 2.51.0" = GuitarPort 2.51.0 (Remove Only)
"Heavy Weapon_is1" = Heavy Weapon
"Help and Support Additions" = Help and Support Additions
"ImgBurn" = ImgBurn
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"Line 6 Edit" = Line 6 Edit (remove only)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Magic ISO Maker v5.4 (build 0245)" = Magic ISO Maker v5.4 (build 0245)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"Peggle Deluxe_is1" = Peggle Deluxe
"Plants vs Zombies_is1" = Plants vs Zombies
"PS2" = PS2
"QuicktimeAlt_is1" = QuickTime Alternative 1.62
"RealAlt_is1" = Real Alternative 1.43
"Registry Mechanic_is1" = Registry Mechanic
"Ricochet Lost Worlds: Recharged_is1" = Ricochet Lost Worlds: Recharged
"RiffWorks Demo" = RiffWorks Demo
"S3" = VIA/S3G Display Driver
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #2" = Hero Editor V0.90
"Steam App 3483" = Peggle Extreme
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"Unlocker" = Unlocker 1.7.8
"Variax Workbench" = Variax Workbench (remove only)
"VLC media player" = VLC media player 1.0.0
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VobSub" = VobSub v2.23 (Remove Only)
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WBFS Manager 3.0" = WBFS Manager 3.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBC 5.1" = XBC 5.1
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZDaemon" = ZDaemon (remove only)
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 215" = Source SDK Base

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2010 6:58:42 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/8/2010 6:58:42 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/8/2010 6:58:42 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/8/2010 6:58:42 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/8/2010 7:04:06 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/8/2010 7:04:20 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/8/2010 7:04:20 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/8/2010 7:04:20 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/8/2010 7:04:20 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/8/2010 7:04:20 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 5/16/2010 7:02:58 PM | Computer Name = CHRIS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/16/2010 7:03:29 PM | Computer Name = CHRIS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/16/2010 7:03:50 PM | Computer Name = CHRIS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/16/2010 7:04:15 PM | Computer Name = CHRIS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/16/2010 7:04:22 PM | Computer Name = CHRIS | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/16/2010 7:29:02 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 5/16/2010 7:38:42 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 5/16/2010 7:54:16 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 5/16/2010 7:55:45 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 5/16/2010 7:56:48 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126


< End of report >


gmer.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-17 07:18:29
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fgldqpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB4A70520]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xB4A7B8B0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB4A73EB0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB4A7A6C0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB4A7A8F0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB4A7DEB0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB4A73F90]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB4A70BA0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB4A7C890]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB4A7C4E0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB4A79EA0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB4A7CBC0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB4A709F0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xB4A79BF0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xB4A79A10]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB4A7CEB0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB4A7D160]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB4A73CD0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB4A70D10]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xB4A7C077]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xB4A7AB20]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [B0, 3E, A7, B4, C0, A6, A7, ...]
? srescan.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C47380, 0x346307, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Firefox 3.5\firefox.exe[960] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Firefox 3.5\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTxujcxejeor.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTxujcxejeor.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTogjxilmpxl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmgyvknmwye.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTjkjkflevoc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTwnaoowmkmr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTnrdqspvgpu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0x59 0xB0 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF1 0x33 0xAE 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE6 0x2A 0x20 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0x59 0xB0 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF1 0x33 0xAE 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE6 0x2A 0x20 0x38 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0x59 0xB0 0x04 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF1 0x33 0xAE 0x48 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE6 0x2A 0x20 0x38 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION ED2E05A172270CA8B079475B0761BB2ECFDFF5234A98A60153B06B14E16F3383DF3917DDCC449EDEC806361565C0606675B95C9F26EFD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B55503B697243E753896A747B29A02CAA69418EDAAE60B483EFA2CE60849144ACF3C6EE23958A8CA970C7BF3EA8787B1DF0D6D37E4822071A6D15FE2045014ECDA31F7153352CD3FA3DE09FA0309AA3E3DE4BD43512B2B5A645DD9E46E15C24D4F0608B1ED76A4143622B83E70E52F3C7125119088B0E201A33963A9AB8968B4F08F4A56397CA3014D7B3A59883C5FF2D2E7B5570BB381D433178EA484F5CF5E29312FD145F0C82E0B25FA16847C89955EDDBE01BDA9C53B08B9AC7C247349FC0663E9A7A733933A356FB2F6846A7FD130C882A8E55C7109B9F9540B1C71A736B6B4748F59F58AB635B8D9AF89A116450D011A22B0E9CC8D0544E15FDF3344A011460A74384335AA99FAAE297A8B27035A71E4F2AB43A1084818743CC84E794B0D4D2AF505749F8F153F2FFEA16B8F13259983D24C303E2B870BEE97132F2737C8939868E53ADB53FBA2A4822ED4B26F998B5D31E8C8F621ECC4F71CDD1330D705745FD2E419FCD848D8153732B0F4878D719BAEBCFA208341017
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xE1 0x3C 0x27 0x5F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{c360967b-27d3-4af7-8bc7-f5e7c083c226}@Model 237
Reg HKLM\SOFTWARE\Classes\CLSID\{c360967b-27d3-4af7-8bc7-f5e7c083c226}@Therad 39
Reg HKLM\SOFTWARE\Classes\CLSID\{c360967b-27d3-4af7-8bc7-f5e7c083c226}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24EE97E6-3424-D1F3-7E30-1CB930E57B6E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24EE97E6-3424-D1F3-7E30-1CB930E57B6E}@abgcbkgihgilecdidifiabfhlmpkcbcphi 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24EE97E6-3424-D1F3-7E30-1CB930E57B6E}@bbgcbkgihgilecdidigihfbgajpimkchjedo 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 19 May 2010 - 05:40 PM

Hello, Nimrod919112.

Ok, let's get started.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.


Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case CCleaner). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

I also see you have keygens/cracks. I must warn you that this is an extremely common attack vector. Please refrain from using them until we are done. I can't condone the use of keygens and crack, but I will still help you to remove the viruses you have so others are not infected. This is the last you'll hear about this from me; although if they are infected, we will have to remove them.



Step 1

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



Step 2

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as Nimrod919112CF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Nimrod919112CF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Nimrod919112

Nimrod919112
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 21 May 2010 - 10:00 AM

Yeah, my brother insists on downloading all kinds of stuff. He is surely the root of the problem here. Got this to come up yesterday on ZoneAlarm. Looks like someone was trying to access my comp? And here is my log. Thanks!
http://i.imgur.com/BiXhA.png


ComboFix 10-05-20.A2 - Compaq_Owner 05/21/2010 10:15:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1665 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Nimrod919112CF.exe
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - netcfgx.dll: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\inst.exe
c:\documents and settings\Compaq_Owner\arp.exe
c:\documents and settings\Compaq_Owner\Desktop\Chris's Folder\CDs\Full\Tenacious D - [2001] Tenacious D\_desktop.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\lysitfiop
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\lysitfiop\gigjpyhtssd.exe
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Windows Server
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Compaq_Owner\nslookup.exe
C:\Thumbs.db
c:\windows\desktop
c:\windows\patch.exe
c:\windows\ping.exe
c:\windows\system32\asembl~1
c:\windows\system32\mantec~1
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-16 21:40 . 2010-05-16 21:40 40960 ---ha-w- c:\windows\system32\fontinst.dll
2010-05-11 16:01 . 2010-05-20 03:05 -------- d-----w- C:\del
2010-05-11 03:53 . 2010-05-11 04:01 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-11 03:28 . 2010-05-11 03:28 -------- d-----w- c:\program files\Hijack This
2010-05-11 02:08 . 2010-05-11 02:08 -------- d-----w- c:\program files\AnyDVD2
2010-05-11 01:44 . 2010-05-11 01:44 -------- d-----w- c:\program files\AnyDVD
2010-05-10 04:38 . 2010-05-10 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-10 04:37 . 2010-05-10 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-10 04:37 . 2010-05-10 04:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2010-05-10 04:22 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-10 02:57 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-10 02:55 . 2010-05-10 02:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-10 02:54 . 2010-05-10 02:55 -------- d-----w- c:\program files\Lavasoft
2010-05-10 01:01 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 01:01 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 16:32 . 2010-05-09 16:32 -------- d-----w- c:\program files\Bonjour
2010-05-09 13:49 . 2010-05-09 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-08 22:47 . 2010-05-08 22:47 4608 ------w- c:\windows\system32\AnyDiscHelp.dll
2010-05-03 04:40 . 2010-05-03 04:40 -------- d-----w- C:\ib
2010-04-23 16:31 . 2010-04-23 16:31 106432 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 14:29 . 2006-10-08 16:17 17661512 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-05-21 13:51 . 2005-05-24 20:05 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-05-21 05:13 . 2009-07-13 19:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\vlc
2010-05-20 02:40 . 2006-01-28 16:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\dvdcss
2010-05-16 23:56 . 2009-07-22 06:05 -------- d-----w- c:\program files\Firefox 3.5
2010-05-16 21:40 . 2010-05-16 21:40 12 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\kqyvwo.dat
2010-05-16 20:57 . 2004-12-25 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-13 22:25 . 2009-08-04 20:44 -------- d-----w- c:\program files\JDownloader
2010-05-12 11:49 . 2010-05-13 03:38 2541568 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-05-12 11:49 . 2010-05-13 03:38 307712 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-05-11 03:59 . 2004-08-10 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 03:56 . 2009-09-04 07:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Amazon
2010-05-11 03:56 . 2009-09-04 07:04 -------- d-----w- c:\program files\Amazon MP3 Downloader
2010-05-11 03:28 . 2010-05-11 03:28 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-11 01:44 . 2008-03-20 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-05-10 04:38 . 2010-05-10 04:38 63488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-10 04:38 . 2010-05-10 04:38 52224 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-10 04:38 . 2010-05-10 04:38 117760 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-10 04:37 . 2005-07-21 19:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-10 04:22 . 2009-10-18 22:10 -------- d-----w- c:\program files\DVDFab
2010-05-10 01:01 . 2009-03-08 04:57 -------- d-----w- c:\program files\Malwarebytes
2010-05-10 00:32 . 2008-12-05 04:54 -------- d-----w- c:\program files\Avast
2010-05-10 00:30 . 2007-10-20 05:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-05-10 00:30 . 2007-10-20 05:58 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-05-10 00:30 . 2007-10-20 05:58 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-05-09 16:41 . 2009-02-08 22:34 -------- d-----w- c:\program files\iTunes
2010-05-09 16:39 . 2009-02-08 22:34 -------- d-----w- c:\program files\iPod
2010-05-09 16:30 . 2010-05-09 16:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-09 13:57 . 2010-05-09 13:57 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-09 13:55 . 2008-01-17 07:41 -------- d-----w- c:\program files\DivX
2010-05-09 13:55 . 2010-05-09 13:55 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-09 13:55 . 2010-05-09 13:55 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-09 13:55 . 2010-05-09 13:55 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-09 13:55 . 2010-05-09 13:55 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-09 13:54 . 2008-01-17 07:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2010-05-09 13:54 . 2010-05-09 13:54 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-09 13:54 . 2010-05-09 13:54 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-09 13:50 . 2010-05-09 13:50 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-09 13:50 . 2009-08-08 05:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-09 13:50 . 2010-05-09 13:50 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-09 13:49 . 2010-05-09 13:49 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-09 13:49 . 2010-05-09 13:55 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-09 13:49 . 2010-05-09 13:55 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-09 05:43 . 2009-08-25 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2010-05-08 23:11 . 2010-05-08 23:13 2406912 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-05-05 11:39 . 2010-05-06 22:16 247808 ----a-w- c:\windows\Internet Logs\xDB1111.tmp
2010-05-05 11:39 . 2010-05-06 22:16 2380288 ----a-w- c:\windows\Internet Logs\xDB1112.tmp
2010-04-14 22:21 . 2004-12-25 03:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2010-04-10 18:01 . 2010-04-10 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 17:40 . 2005-10-09 05:22 -------- d-----w- c:\program files\QuickTime Alternative
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 11:49 . 2010-04-08 22:26 2352128 ----a-w- c:\windows\Internet Logs\xDB4F9.tmp
2010-04-07 11:49 . 2010-04-08 22:26 208896 ----a-w- c:\windows\Internet Logs\xDB4F8.tmp
2010-03-31 11:46 . 2010-04-01 23:51 2321920 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-03-31 11:46 . 2010-04-01 23:51 2438656 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-03-31 01:58 . 2008-01-17 07:41 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2005-10-15 04:29 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2005-10-15 04:29 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2004-04-22 16:02 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-24 03:04 . 2009-08-05 02:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\kikin
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-13 15:26 . 2010-03-13 15:26 27652 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2008-01-14 01:02 . 2008-01-14 01:02 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"Zone Labs Client"="c:\program files\ZoneAlarm\zlclient.exe" [2006-06-18 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Adapter 5.1.3214
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 14:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
2006-03-20 19:43 331776 ----a-w- c:\program files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-05-04 09:31 93120 ----a-w- c:\program files\AnyDVD2\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-09 01:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 09:42 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-12-14 11:26 1410296 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-06 21:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-03-27 04:07 49152 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"MDM"=2 (0x2)
"O&O Defrag"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"LightScribeService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ImapiService"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
diskec32 REG_SZ c:\windows\system32\fontinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Games\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/9/2010 10:57 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1228208]
R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [3/21/2008 8:34 PM 1423360]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [1/29/2007 9:22 PM 29312]
S2 EZWRIT3;EZWRIT3;c:\windows\system32\drivers\ezwrit3.sys [7/10/2006 10:29 AM 12672]
S3 adxapie;adxapie;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\adxapie.sys [?]
S3 APLOADER;APLOADER;c:\windows\system32\drivers\ApLoader.SYS [7/10/2006 10:28 AM 21376]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [1/29/2007 9:17 PM 609408]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [4/17/2006 12:52 AM 223128]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [5/11/2005 5:32 AM 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [5/11/2005 5:32 AM 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/17/2006 12:49 AM 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 02:35]

2010-05-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
IE: Customize Menu - file://c:\program files\Roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Roboform\RoboFormComSavePass.html
Trusted Zone: line6.net
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VLC MediaPlayer\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Firefox 3.5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox 3.5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox 3.5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox 3.5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox 3.5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox 3.5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Cmaudio8788 - cmicnfgp.cpl
MSConfigStartUp-combofix - Combobatch.bat
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
MSConfigStartUp-PWRISOVM - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 10:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24EE97E6-3424-D1F3-7E30-1CB930E57B6E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abgcbkgihgilecdidifiabfhlmpkcbcphi"=hex:61,61,00,00
"bbgcbkgihgilecdidigihfbgajpimkchjedo"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,3c,27,5f,32,61,8c,8d,30,17,24,bc,d6,7f,8f,7f,b9,55,65,0a,d3,
c6,f1,e1,e4,9d,4e,08,4c,de,ca,2b,95,d4,4b,2f,b6,d8,f9,1c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c360967b-27d3-4af7-8bc7-f5e7c083c226}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ed
"Therad"=dword:00000027
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,40,02,13,ad,75,b8,fc,03,0e,19,9b,7e,c0,c3,5d,71,ae,29,89,e6,ae,dd,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="ED2E05A172270CA8B079475B0761BB2ECFDFF5234A98A60153B06B14E16F3383DF3917DDCC449EDEC806361565C0606675B95C9F26EFD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B55503B697243E753896A747B29A02CAA69418EDAAE60B483EFA2CE60849144ACF3C6EE23958A8CA970C7BF3EA8787B1DF0D6D37E4822071A6D15FE2045014ECDA31F7153352CD3FA3DE09FA0309AA3E3DE4BD43512B2B5A645DD9E46E15C24D4F0608B1ED76A4143622B83E70E52F3C7125119088B0E201A33963A9AB8968B4F08F4A56397CA3014D7B3A59883C5FF2D2E7B5570BB381D433178EA484F5CF5E29312FD145F0C82E0B25FA16847C89955EDDBE01BDA9C53B08B9AC7C247349FC0663E9A7A733933A356FB2F6846A7FD130C882A8E55C7109B9F9540B1C71A736B6B4748F59F58AB635B8D9AF89A116450D011A22B0E9CC8D0544E15FDF3344A011460A74384335AA99FAAE297A8B27035A71E4F2AB43A1084818743CC84E794B0D4D2AF505749F8F153F2FFEA16B8F13259983D24C303E2B870BEE97132F2737C8939868E53ADB53FBA2A4822ED4B26F998B5D31E8C8F621ECC4F71CDD1330D705745FD2E419FCD848D8153732B0F4878D719BAEBCFA208341017B292F0E7D9725644A71EDE71D7599A74FD723BBC0BDF503AD2166891564761128CEEE06FA53B365E7B15252D77230E963CEDB86836A6E12C5126B09B5451FD8F0D66936965C5D130E3949D94E8FF18DA6BC1CF72ED83501583EB164E3A1F4CF8D394FACC5767298D45F6A50267DE91434F70446B6C52E46A09785D785E2D204792634CD005B6839162E345D0662451466871CFD18E55F6F9CC4957686E93814F27F114E3F38D74975E608FE1C59D4B85FA74E02CDDFF3990F9DF526D50BC8B4FD5C423A042E7D3254FCA98397EE11BF05CAE685DBCEBAF8FC311D9F648ECDAD60050870D3523A715C16C40EAE26127B7F131B12C5C127D43140E6F1292FB2DC277A88A233AD9498F80FE59719F39651BD5A0084163C4F08B940927D201E86319F6FC8592F3DB2CC5A77FD6B14447FBC6EAC900D5AB4EF02E95AC47947FD7E2F5E48386D58F0E2C5F493E2285F7354CC084B2AB12515E4C555EC826EA0E872EF3A21250F42AE175201D9CDC4C0D43D21C32A10C88ABE346B5809B9BA34695C9E4DC8C540035062D3F9755C85802C88F19F726802A504821E90F3B78F0C80DDFC7740B0D8B622FEBF21C58F08EA36A80AD900BD5C13A91C1D5F28B1743520B9DC5D3FE3817D64489E7A604D3C51203445FA63FDACF4ED6E3BEBD13EC0C4335AA9E2B03F3BFB4C410DCC0B5E65878A63184AE07C9BEF7E0E5FA054D8A3509448DC37"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-21 10:39:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-21 14:39

Pre-Run: 8,602,988,544 bytes free
Post-Run: 8,555,094,016 bytes free

- - End Of File - - B54D7A09F16B765F82776CA7A3BE5E49


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 21 May 2010 - 02:13 PM

Hello, Nimrod919112.

OK, there's still lots of stuff left. THanks for the picture...if you get that again, please click 'view properties' and let me know the full path of the file.

But before we continue, I still don't see an antivirus installed. There may have been one with a keygen/crack from the initial log. If so, please remove it an install one of hte free ones below. These provide solid protection. Without a legit antivirus running, anything we do is wasted since you will become reinfected.



Step 1

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Nimrod919112

Nimrod919112
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 21 May 2010 - 09:29 PM

Sorry, I had Ad-Aware running before and I thought that would do the trick. I installed avast (used the program before, never should have uninstalled it). Did a boot time scan. I'll keep Avast running at all times along with Zone Alarm.

05/21/2010 19:29
Scan of D:\*

Scan of C:\*

File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-66c2acfe|>vmain.class is infected by Java:Gimsh-A [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\41\b023ae9-64e88050|>AppletX.class is infected by Java:Agent-R [Trj], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-5d66e635.zip|>vmain.class is infected by Java:Gimsh-A [Expl], Moved to chest
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\Classes\SwatAmmo.u Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\HavokData\MP-Hotel.mopp Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\HavokData\MP-JewelryHeist.mopp Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\Maps\MP-ABomb.s4m Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\Maps\SP-ABomb.s4m Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\Maps\SP-ConvenienceStore.s4m Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\Maps\SP-Hotel.s4m Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\Maps\SP-JewelryHeist.s4m Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\System\AICommon.dll Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\System\AICommon.u Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Games\SWAT 4\UK Update Patch v1_1.exe|>%MAINDIR%\Content\System\ALAudio.dll Error 42145 {Installer archive is corrupted.}
File C:\Documents and Settings\Compaq_Owner\Desktop\Chris's Folder\Burn\Programs\Ideal DVD Copy [v3.1.0]\Keygen.exe is infected by Win32:Trojan-gen, Moved to chest
File C:\Documents and Settings\Compaq_Owner\Desktop\v6.6.3.6\AnyDVD-HD-6.6.3.6-Patcher.exe is infected by Win32:Malware-gen, Moved to chest
File C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll.vir is infected by Win32:MalOb-AL [Cryp], Moved to chest
File C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Local Settings\Application Data\lysitfiop\gigjpyhtssd.exe.vir is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP17\A0007209.dll is infected by Win32:MalOb-AL [Cryp], Moved to chest
File C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP17\A0007210.exe is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP18\A0007588.exe is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP19\A0007603.exe is infected by Win32:Trojan-gen, Moved to chest
File C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP19\A0007604.exe is infected by Win32:Malware-gen, Moved to chest
File C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP7\A0000674.exe is infected by Win32:Malware-gen, Moved to chest
Number of searched folders: 15506
Number of tested files: 563294
Number of infected files: 13




Now, I'm going on vacation and won't have access to this comp for about a week. Yahoo still redirecting everything to http://results.yahoo.com/ .. what gives? As always, thanks for the help.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 22 May 2010 - 09:33 AM

Hi...ok, reply to this thread when you're back. enjoy the vacation. I won't close this thread. You still have malware we have to remove manually. We just needed to have an antivirus installed so our work won't get undone.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 29 May 2010 - 03:55 PM

Hi...are you back yet?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Nimrod919112

Nimrod919112
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 30 May 2010 - 10:40 PM

Hi, yes I just got back from Florida today! Home sweet home. Ready for the next step, thanks.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 31 May 2010 - 08:52 AM

Hello, Nimrod919112.

Welcome back!



Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\svchost.exe
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\documents and settings\Compaq_Owner\Application Data\kqyvwo.dat
c:\windows\Internet Logs\xDBF.tmp
c:\windows\Internet Logs\xDB1111.tmp
c:\windows\Internet Logs\xDB1112.tmp
c:\windows\Internet Logs\xDB4F9.tmp
c:\windows\Internet Logs\xDB4F8.tmp
c:\windows\Internet Logs\xDBE.tmp
c:\windows\Internet Logs\xDBD.tmp
c:\windows\system32\drivers\H8SRTxujcxejeor.sys
c:\windows\system32\H8SRTogjxilmpxl.dll
c:\windows\system32\H8SRTmgyvknmwye.dat
c:\windows\system32\H8SRTjkjkflevoc.dll
c:\windows\system32\H8SRTwnaoowmkmr.dll
c:\windows\system32\H8SRTnrdqspvgpu.dll

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

folder::
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TA45p2
C:\Documents and Settings\All Users\Application Data\TA45p2
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\OIXQ
C:\Documents and Settings\All Users\Application Data\OIXQ
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\VH56DJI7u87yo
C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjKmVd7cW2
C:\Documents and Settings\All Users\Application Data\kjKmVd7cW2

Registry::
[-HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Driver::
adxapie

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c360967b-27d3-4af7-8bc7-f5e7c083c226}]

RegNull::
[HKEY_USERS\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24EE97E6-3424-D1F3-7E30-1CB930E57B6E}*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Nimrod919112

Nimrod919112
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 31 May 2010 - 10:00 PM

I didn't rename ComboFix.exe this time around.. not sure if that matters?



ComboFix 10-05-31.02 - Compaq_Owner 05/31/2010 22:28:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1525 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\Compaq_Owner\Application Data\kqyvwo.dat"
"c:\documents and settings\Compaq_Owner\Local Settings\Temp\svchost.exe"
"c:\windows\Internet Logs\xDB1111.tmp"
"c:\windows\Internet Logs\xDB1112.tmp"
"c:\windows\Internet Logs\xDB27.tmp"
"c:\windows\Internet Logs\xDB28.tmp"
"c:\windows\Internet Logs\xDB4F8.tmp"
"c:\windows\Internet Logs\xDB4F9.tmp"
"c:\windows\Internet Logs\xDBD.tmp"
"c:\windows\Internet Logs\xDBE.tmp"
"c:\windows\Internet Logs\xDBF.tmp"
"c:\windows\system32\drivers\H8SRTxujcxejeor.sys"
"c:\windows\system32\H8SRTjkjkflevoc.dll"
"c:\windows\system32\H8SRTmgyvknmwye.dat"
"c:\windows\system32\H8SRTnrdqspvgpu.dll"
"c:\windows\system32\H8SRTogjxilmpxl.dll"
"c:\windows\system32\H8SRTwnaoowmkmr.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\kqyvwo.dat
c:\windows\Internet Logs\xDB1111.tmp
c:\windows\Internet Logs\xDB1112.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB4F8.tmp
c:\windows\Internet Logs\xDB4F9.tmp
c:\windows\Internet Logs\xDBD.tmp
c:\windows\Internet Logs\xDBE.tmp
c:\windows\Internet Logs\xDBF.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADXAPIE
-------\Service_adxapie


((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-05-21 23:21 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-21 23:21 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-21 23:21 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-21 23:21 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-21 23:21 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-21 23:21 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-21 23:21 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-21 23:18 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-21 23:18 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-21 23:17 . 2010-05-21 23:25 -------- d-----w- c:\program files\Avast
2010-05-21 23:17 . 2010-05-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-16 21:40 . 2010-05-16 21:40 40960 ---ha-w- c:\windows\system32\fontinst.dll
2010-05-11 16:01 . 2010-05-22 12:57 -------- d-----w- C:\del
2010-05-11 03:53 . 2010-05-11 04:01 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-11 03:28 . 2010-05-11 03:28 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-11 03:28 . 2010-05-11 03:28 -------- d-----w- c:\program files\Hijack This
2010-05-10 04:38 . 2010-05-10 04:38 63488 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-10 04:38 . 2010-05-10 04:38 52224 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-10 04:38 . 2010-05-10 04:38 117760 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-10 04:38 . 2010-05-10 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-10 04:37 . 2010-05-10 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-10 04:37 . 2010-05-10 04:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2010-05-10 01:01 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 01:01 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 16:32 . 2010-05-09 16:32 -------- d-----w- c:\program files\Bonjour
2010-05-09 16:30 . 2010-05-09 16:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-09 13:57 . 2010-05-09 13:57 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-09 13:55 . 2010-05-09 13:49 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-09 13:55 . 2010-05-09 13:49 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-09 13:55 . 2009-08-08 05:25 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-09 13:55 . 2009-08-08 05:25 529200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-09 13:55 . 2010-05-09 13:55 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-09 13:55 . 2010-05-09 13:55 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-09 13:55 . 2010-05-09 13:55 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-09 13:55 . 2010-05-09 13:55 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-09 13:54 . 2010-05-09 13:54 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-09 13:54 . 2010-05-09 13:54 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-09 13:53 . 2010-05-09 13:53 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-09 13:50 . 2010-05-09 13:50 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-09 13:50 . 2010-05-09 13:50 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-09 13:49 . 2010-05-09 13:49 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-09 13:49 . 2010-05-09 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-08 22:47 . 2010-05-08 22:47 4608 ------w- c:\windows\system32\AnyDiscHelp.dll
2010-05-03 04:40 . 2010-05-03 04:40 -------- d-----w- C:\ib

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 04:03 . 2009-07-13 19:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\vlc
2010-05-31 03:37 . 2005-05-24 20:05 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-05-22 11:43 . 2006-01-28 16:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\dvdcss
2010-05-22 11:42 . 2004-12-25 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-21 23:08 . 2005-07-21 19:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 23:07 . 2007-06-19 19:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 23:07 . 2005-04-18 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 23:02 . 2008-08-23 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-21 14:29 . 2006-10-08 16:17 17661512 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-05-16 23:56 . 2009-07-22 06:05 -------- d-----w- c:\program files\Firefox 3.5
2010-05-13 22:25 . 2009-08-04 20:44 -------- d-----w- c:\program files\JDownloader
2010-05-11 03:59 . 2004-08-10 15:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-11 03:56 . 2009-09-04 07:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Amazon
2010-05-11 03:56 . 2009-09-04 07:04 -------- d-----w- c:\program files\Amazon MP3 Downloader
2010-05-11 01:44 . 2008-03-20 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-05-10 04:22 . 2009-10-18 22:10 -------- d-----w- c:\program files\DVDFab
2010-05-10 01:01 . 2009-03-08 04:57 -------- d-----w- c:\program files\Malwarebytes
2010-05-10 00:30 . 2007-10-20 05:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-05-10 00:30 . 2007-10-20 05:58 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-05-10 00:30 . 2007-10-20 05:58 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-05-09 16:41 . 2009-02-08 22:34 -------- d-----w- c:\program files\iTunes
2010-05-09 16:39 . 2009-02-08 22:34 -------- d-----w- c:\program files\iPod
2010-05-09 13:55 . 2008-01-17 07:41 -------- d-----w- c:\program files\DivX
2010-05-09 13:54 . 2008-01-17 07:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2010-05-09 13:50 . 2009-08-08 05:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-09 05:43 . 2009-08-25 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2010-04-23 16:31 . 2010-04-23 16:31 106432 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-04-14 22:21 . 2004-12-25 03:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2010-04-10 18:01 . 2010-04-10 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 17:40 . 2005-10-09 05:22 -------- d-----w- c:\program files\QuickTime Alternative
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 01:58 . 2008-01-17 07:41 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2005-10-15 04:29 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2005-10-15 04:29 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2004-04-22 16:02 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-03-13 15:26 . 2010-03-13 15:26 27652 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2008-01-14 01:02 . 2008-01-14 01:02 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"Zone Labs Client"="c:\program files\ZoneAlarm\zlclient.exe" [2006-06-18 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"avast5"="c:\progra~1\Avast\avastUI.exe" [2010-05-06 2815192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 14:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
2006-03-20 19:43 331776 ----a-w- c:\program files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-05 06:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-05 06:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-05 06:41 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-09 01:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 09:42 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-12-14 11:26 1410296 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-06 21:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-03-27 04:07 49152 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"MDM"=2 (0x2)
"O&O Defrag"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"LightScribeService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ImapiService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
diskec32 REG_SZ c:\windows\system32\fontinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Games\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/21/2010 7:21 PM 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/21/2010 7:21 PM 19024]
R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [3/21/2008 8:34 PM 1423360]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [1/29/2007 9:22 PM 29312]
S2 EZWRIT3;EZWRIT3;c:\windows\system32\drivers\ezwrit3.sys [7/10/2006 10:29 AM 12672]
S3 APLOADER;APLOADER;c:\windows\system32\drivers\ApLoader.SYS [7/10/2006 10:28 AM 21376]
S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [1/29/2007 9:17 PM 609408]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [4/17/2006 12:52 AM 223128]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [5/11/2005 5:32 AM 158720]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [5/11/2005 5:32 AM 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/17/2006 12:49 AM 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Customize Menu - file://c:\program files\Roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Roboform\RoboFormComSavePass.html
Trusted Zone: line6.net
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VLC MediaPlayer\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Firefox 3.5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox 3.5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox 3.5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox 3.5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox 3.5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox 3.5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox 3.5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AnyDVD - c:\program files\AnyDVD2\AnyDVD.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="ED2E05A172270CA8B079475B0761BB2ECFDFF5234A98A60153B06B14E16F3383DF3917DDCC449EDEC806361565C0606675B95C9F26EFD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B55503B697243E753896A747B29A02CAA69418EDAAE60B483EFA2CE60849144ACF3C6EE23958A8CA970C7BF3EA8787B1DF0D6D37E4822071A6D15FE2045014ECDA31F7153352CD3FA3DE09FA0309AA3E3DE4BD43512B2B5A645DD9E46E15C24D4F0608B1ED76A4143622B83E70E52F3C7125119088B0E201A33963A9AB8968B4F08F4A56397CA3014D7B3A59883C5FF2D2E7B5570BB381D433178EA484F5CF5E29312FD145F0C82E0B25FA16847C89955EDDBE01BDA9C53B08B9AC7C247349FC0663E9A7A733933A356FB2F6846A7FD130C882A8E55C7109B9F9540B1C71A736B6B4748F59F58AB635B8D9AF89A116450D011A22B0E9CC8D0544E15FDF3344A011460A74384335AA99FAAE297A8B27035A71E4F2AB43A1084818743CC84E794B0D4D2AF505749F8F153F2FFEA16B8F13259983D24C303E2B870BEE97132F2737C8939868E53ADB53FBA2A4822ED4B26F998B5D31E8C8F621ECC4F71CDD1330D705745FD2E419FCD848D8153732B0F4878D719BAEBCFA208341017B292F0E7D9725644A71EDE71D7599A74FD723BBC0BDF503AD2166891564761128CEEE06FA53B365E7B15252D77230E963CEDB86836A6E12C5126B09B5451FD8F0D66936965C5D130E3949D94E8FF18DA6BC1CF72ED83501583EB164E3A1F4CF8D394FACC5767298D45F6A50267DE91434F70446B6C52E46A09785D785E2D204792634CD005B6839162E345D0662451466871CFD18E55F6F9CC4957686E93814F27F114E3F38D74975E608FE1C59D4B85FA74E02CDDFF3990F9DF526D50BC8B4FD5C423A042E7D3254FCA98397EE11BF05CAE685DBCEBAF8FC311D9F648ECDAD60050870D3523A715C16C40EAE26127B7F131B12C5C127D43140E6F1292FB2DC277A88A233AD9498F80FE59719F39651BD5A0084163C4F08B940927D201E86319F6FC8592F3DB2CC5A77FD6B14447FBC6EAC900D5AB4EF02E95AC47947FD7E2F5E48386D58F0E2C5F493E2285F7354CC084B2AB12515E4C555EC826EA0E872EF3A21250F42AE175201D9CDC4C0D43D21C32A10C88ABE346B5809B9BA34695C9E4DC8C540035062D3F9755C85802C88F19F726802A504821E90F3B78F0C80DDFC7740B0D8B622FEBF21C58F08EA36A80AD900BD5C13A91C1D5F28B1743520B9DC5D3FE3817D64489E7A604D3C51203445FA63FDACF4ED6E3BEBD13EC0C4335AA9E2B03F3BFB4C410DCC0B5E65878A63184AE07C9BEF7E0E5FA054D8A3509448DC37"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-05-31 22:57:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-01 02:57
ComboFix2.txt 2010-05-21 14:39

Pre-Run: 8,315,039,744 bytes free
Post-Run: 8,259,457,024 bytes free

- - End Of File - - E5B37B9D6A69F87A32C1BE5F15ED5D5B


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 02 June 2010 - 05:53 PM

Hello, Nimrod919112.
Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O3 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    MsConfig - StartUpReg: AVG7_CC - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Awola - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Cmaudio8788 - hkey= - key= - File not found
    MsConfig - StartUpReg: combofix - hkey= - key= - File not found
    MsConfig - StartUpReg: InCD - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Microsoft Windows Adapter 5.1.3214 - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: OFFICEKB - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Sonic RecordNow! - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Srro - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Symantec NetDriver Monitor - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: updateMgr - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: ViewMgr - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
    IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.startnow.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
    :files
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TA45p2
    C:\Documents and Settings\All Users\Application Data\TA45p2
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\OIXQ
    C:\Documents and Settings\All Users\Application Data\OIXQ
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\VH56DJI7u87yo
    C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjKmVd7cW2
    C:\Documents and Settings\All Users\Application Data\kjKmVd7cW2
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Nimrod919112

Nimrod919112
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 03 June 2010 - 11:03 PM

06032010_005248.log
All processes killed
========== OTL ==========
Error: No service named UserAccess7) SecuROM User Access Service (V7 was found to stop!
Service\Driver key UserAccess7) SecuROM User Access Service (V7 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG7_CC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Awola\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Cmaudio8788\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\combofix\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\InCD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Microsoft Windows Adapter 5.1.3214\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\nwiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\OFFICEKB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PWRISOVM.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Sonic RecordNow!\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Srro\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Symantec NetDriver Monitor\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TkBellExe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\updateMgr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ViewMgr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VTTimer\ deleted successfully.
HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Internet Explorer\Search\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\TA45p2 moved successfully.
C:\Documents and Settings\All Users\Application Data\TA45p2 moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\OIXQ moved successfully.
C:\Documents and Settings\All Users\Application Data\OIXQ moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\VH56DJI7u87yo moved successfully.
C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo moved successfully.
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\3570694465.dll not found.
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\kjKmVd7cW2 moved successfully.
C:\Documents and Settings\All Users\Application Data\kjKmVd7cW2 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->FireFox cache emptied: 720209 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 137221304 bytes
->Java cache emptied: 38522350 bytes
->FireFox cache emptied: 97437646 bytes
->Flash cache emptied: 28047 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 348 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4281873 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 265.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06032010_005248

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL.Txt
OTL logfile created on: 6/3/2010 1:03:11 AM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.38 Gb Total Space | 7.62 Gb Free Space | 5.28% Space Free | Partition Type: NTFS
Drive D: | 4.66 Gb Total Space | 0.82 Gb Free Space | 17.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/03 00:51:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast\AvastSvc.exe
PRC - [2010/04/03 11:14:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox 3.5\firefox.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/12 23:13:20 | 000,098,304 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/03 00:51:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 17:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/03 14:21:00 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
SRV - File not found [On_Demand | Stopped] -- -- (TUWinStylerThemeSvc)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2005/01/21 23:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/12/05 02:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/10/20 01:59:21 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/01/29 21:22:42 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)
DRV - [2007/01/29 21:17:36 | 000,609,408 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6PODLV.sys -- (L6PODLV)
DRV - [2006/12/28 04:38:54 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/12/07 11:23:00 | 001,423,360 | ---- | M] (Razer) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2006/09/09 09:43:05 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/06/18 17:54:58 | 000,394,872 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/04/17 00:49:31 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/12 10:00:38 | 000,012,672 | ---- | M] (USTC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ezwrit3.sys -- (EZWRIT3)
DRV - [2005/10/18 12:00:46 | 000,021,376 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ApLoader.SYS -- (APLOADER)
DRV - [2005/01/21 23:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 23:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 23:31:46 | 000,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 23:31:44 | 000,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 23:31:44 | 000,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 23:31:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/12/20 19:58:18 | 000,110,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/12/10 13:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/12/10 13:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/08/23 13:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/08/03 17:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/07/19 20:33:14 | 000,218,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/07/17 07:20:34 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/12/12 09:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/05/06 12:01:08 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page =
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..browser.search.selectedEngine: "Search"


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Firefox (3)\components [2010/04/10 13:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Firefox (3)\plugins [2010/05/09 09:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Firefox 3\components [2010/04/10 13:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Firefox 3\plugins [2010/05/09 09:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Firefox 3.5\components [2010/05/16 19:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Firefox 3.5\plugins [2010/05/09 09:55:10 | 000,000,000 | ---D | M]

[2008/07/24 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/06/02 18:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions
[2009/01/28 01:32:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/02/18 20:35:08 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/03/13 10:57:08 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2010/05/31 02:26:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/02/22 13:14:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/09/14 15:37:37 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/02/22 13:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}(2)
[2010/04/17 11:24:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/22 13:14:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/05/02 11:01:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/14 18:22:56 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/02/22 13:16:03 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010/01/25 23:44:21 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2008/11/14 23:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\snaplinks@snaplinks.net
[2010/04/04 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\k2okeeo4.Default User\extensions\tubestop@efinke.com
[2009/08/04 22:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions
[2005/05/24 17:29:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2005/05/24 18:02:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2005/05/25 13:23:17 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2005/08/07 02:00:42 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2005/05/24 17:29:27 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2005/05/24 17:29:28 | 000,000,000 | ---D | M] (ieview) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2005/05/24 18:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{71C54606-83ED-4ea6-9315-1AAB29466D33}
[2005/05/25 12:38:13 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2005/06/12 06:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2005/05/24 17:11:31 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/22 13:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/02/22 13:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}(2)
[2010/03/02 23:00:14 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2005/05/24 17:37:11 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2005/05/25 12:47:35 | 000,000,000 | ---D | M] (FLST) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{cd2b821e-19f9-40a7-ac5c-08d6c197fc43}
[2005/05/24 18:49:25 | 000,000,000 | ---D | M] (Add Bookmark Here) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{F33233B3-EDB1-41f4-8482-917AB190E647}
[2005/05/25 13:23:16 | 000,000,000 | ---D | M] (Text to Image) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2005/05/24 18:05:12 | 000,000,000 | ---D | M] (Mouse Gestures) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2005/08/07 02:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\extensions\temp
[2008/04/26 16:44:42 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\lvlg6sf2.default\searchplugins\search.xml

O1 HOSTS File: ([2010/05/31 22:48:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Roboform\roboform.dll (Siber Systems)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Roboform\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Roboform\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [avast5] C:\Program Files\Avast\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Roboform\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Roboform\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Roboform\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Roboform\RoboFormComSavePass.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.62.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 09:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: diskec32 - (C:\WINDOWS\system32\fontinst.dll) - C:\WINDOWS\system32\fontinst.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2153764493-246003535-2105379524-1009\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 00:52:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/03 00:51:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/06/01 00:07:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/21 19:21:17 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/21 19:21:16 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/21 19:21:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/21 19:21:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/21 19:21:13 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/21 19:21:13 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/21 19:21:12 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/21 19:18:04 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/21 19:18:04 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/21 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avast
[2010/05/21 19:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/21 10:11:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/21 10:11:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/21 10:11:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/21 10:11:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/21 10:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/21 10:10:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/11 12:01:06 | 000,000,000 | ---D | C] -- C:\del
[2010/05/10 23:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/10 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Hijack This
[2010/05/10 00:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/10 00:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2010/05/10 00:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/09 21:01:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/09 21:01:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/09 12:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/09 09:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2005/05/11 05:32:32 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2005/05/11 05:32:32 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

========== Files - Modified Within 30 Days ==========

[2010/06/03 00:56:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 00:55:49 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/06/03 00:55:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 00:55:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 00:54:32 | 018,874,368 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/06/03 00:54:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/06/03 00:51:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/06/02 18:55:31 | 000,003,794 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Library.rtf
[2010/06/01 23:12:57 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/31 22:49:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/31 22:48:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/21 22:19:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/21 22:19:28 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 19:21:13 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/21 18:53:14 | 000,000,756 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/21 18:53:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/19 00:54:28 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/16 20:24:17 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2010/05/16 17:40:03 | 000,040,960 | -H-- | M] () -- C:\WINDOWS\System32\fontinst.dll
[2010/05/16 10:20:10 | 000,001,214 | ---- | M] () -- C:\WINDOWS\System\Cmicnfgp.ini
[2010/05/09 20:30:27 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
[2010/05/09 20:30:27 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.cat
[2010/05/09 20:30:27 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.inf
[2010/05/09 12:41:09 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/08 18:47:56 | 000,004,608 | ---- | M] () -- C:\WINDOWS\System32\AnyDiscHelp.dll
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2010/05/21 10:11:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/21 10:11:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/21 10:11:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/21 10:11:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/21 10:11:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/16 20:24:09 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\defogger_reenable
[2010/05/16 17:40:03 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\fontinst.dll
[2010/05/09 20:39:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/09 12:41:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/08 18:47:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AnyDiscHelp.dll
[2009/08/26 02:02:56 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/08/13 15:53:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/12/22 00:59:26 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/22 00:59:24 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/22 00:59:08 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/22 00:52:02 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/11/01 01:10:18 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2008/03/21 20:34:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmrmdrvp.dll
[2008/02/03 05:28:45 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/03 05:28:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/10 22:17:14 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/08 02:08:53 | 000,000,297 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/08/04 10:41:15 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/04/14 23:45:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/03 04:30:47 | 000,001,113 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007/02/12 15:58:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/09/02 14:33:54 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\msgas.dll
[2006/08/21 22:44:35 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/08/03 02:10:08 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2006/07/08 23:17:56 | 000,000,700 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/10 21:29:57 | 000,000,296 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2006/05/10 21:18:32 | 000,000,133 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2006/04/17 00:56:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/04/17 00:11:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\VGANGMJYMWVPD.SYS
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 15:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/02/19 15:55:10 | 000,000,727 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/02/06 21:50:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/11/27 05:49:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/20 03:30:19 | 000,000,831 | ---- | C] () -- C:\WINDOWS\CODUO.ini
[2005/10/15 00:28:55 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/28 01:33:38 | 000,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2005/06/13 03:22:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\BurnStar.INI
[2005/06/04 00:07:50 | 000,000,790 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2005/05/26 17:56:52 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/26 17:56:52 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/05/26 17:56:30 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/26 00:37:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/05/26 00:37:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/05/26 00:37:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/05/20 15:56:32 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/05/18 01:55:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/05/18 01:55:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/16 03:02:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/04 17:59:27 | 000,000,877 | ---- | C] () -- C:\WINDOWS\sofgold.INI
[2005/01/20 20:09:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/30 21:23:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/12/30 21:23:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CPUINFO.DLL
[2004/12/30 19:51:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/30 01:38:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xfire_lsp_10908.dll
[2004/10/29 15:26:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/29 15:26:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/29 15:26:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/29 15:26:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/29 15:26:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/29 15:26:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/17 18:12:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/11 10:19:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/10 11:49:42 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/10 11:42:09 | 000,025,960 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/10 11:41:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/10 11:25:46 | 000,000,622 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/10 09:57:41 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/10 09:57:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/10 09:57:14 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/10 09:44:56 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 09:19:50 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/29 08:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xfire_lsp_10908.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VTTimer.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SymRedir.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spider.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimgvw.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shgina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schedsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcjt32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcji32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbccp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswstr10.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr71.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcirt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstsc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstask.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspatcha.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjtes40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjter40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSIMTF.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgas.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCTF.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mpg2splt.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\moricons.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmcshext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipnathlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetwiz.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hhsetup.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\expsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ersvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dsound.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ohci1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\modem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ipnat.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ACPI.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpnet.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dplayx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dinput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ddraw.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dciman32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3d8.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\compatUI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advpack.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\accwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\hpsysdrv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\hh.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\AGRSMMSG.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbajet32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utilman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\url.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telnet.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysmon.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SymNeti.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sorttbls.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndrec32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slayerxp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\skeys.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfcfiles.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\security.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcad32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvfw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspaint.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msnsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msls31.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjint40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexch40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdmo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msapsspc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mobsync.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mlang.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\magnify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logonui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locale.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\itss.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\itircl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ir50_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hal.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\filemgmt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\faultrep.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\els.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx8vb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dwwin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dumprep.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vtmini.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\videoprt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\viaide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\viaagp1.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbuhci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbhub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\udfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tdi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMNDIS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMIDS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMFW.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\SYMDNS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\srvkp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\sr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sisgrp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\SISAGPX.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfloppy.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\R8139n51.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PS2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\pci.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\npfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndproxy.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\kbdclass.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\isapnp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\intelppm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\intelide.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fips.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fetnd5b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\fasttx2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fastfat.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\hosts.20080229-135016.backup:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Entech.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxg.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\disk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdfs.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\atapi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\amdk7.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ALCXSENS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Drivers\a347scsi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\DRIVERS\a347bus.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpcdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\digest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\desk.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbghelp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim700.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\d3d9.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptnet.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cleanmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmfd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\access.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\24wwxsp1.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\NOTEPAD.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DIIUnin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\tempdiff.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\telnet.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\ntuser.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\ml2.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Compaq_Owner\ml1.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\authz.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS
< End of report >


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 04 June 2010 - 05:48 AM

Hello, Nimrod919112.

How is your computer running now? Let's get an online scan for a second opinion.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users