Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Unknown - Infected fsvga.sys


  • This topic is locked This topic is locked
11 replies to this topic

#1 zeron2

zeron2

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 09 June 2010 - 06:16 PM

I believe I have an infection. When I open my Internet Explorer and browse the internet, after a bit of time a new IE browser window pops up with various ads, virus protection offers, google things etc. It happens every so often. I have tried Malwarebytes, and it did not find the virus. Other virus removal tools have indicated the following is infected:

fsvga.sys

The anti virus tools do say they fix it, but it gets infected again afterwards.

I have seen the following message:

Infected copy of c:\windows\system32\drivers\fsvga.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif


And it continues to be infected.

According to GMER, as im sure you will notice, it does show the following:

C:\WINDOWS\system32\DRIVERS\fsvga.sys suspicious modification
C:\WINDOWS\system32\drivers\atapi.sys suspicious modification


I have followed you instructions on posting virus removal help request, and the requested files have been attached. Here is also the DDS as follows. Thank you for your help in advance on this matter:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Joel at 14:48:26.03 on Wed 06/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Downloads\Drivers\Creative\XFiMode_1.7_Build_22\XFiMode.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Joel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.blizzard.com/en-us/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTAPR2] "c:\program files\creative\sb wow wireless headset\wowaudiocp\CTAPR2.exe" /r
mRun: [XFMC] c:\downloads\drivers\creative\xfimode_1.7_build_22\XFiMode.exe
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220348602812
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: {E9F5B9DC-94CD-4531-B750-AEF4B636192A} = 151.164.14.201,151.164.1.8
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-23 31744]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-5-9 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-5-9 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-5-9 72728]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 ppcwod;ppcwod; [x]
S0 sptdNomore;sptdNomore;c:\windows\system32\drivers\sptd.sys --> c:\windows\system32\drivers\sptd.sys [?]
S0 wzlwh;wzlwh; [x]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\vcdrom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-23 135336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-24 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-5-9 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-5-9 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-5-9 72728]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2006-7-8 19020]
S3 UsbFltr;%SvcDisplayName%;c:\windows\system32\drivers\copperhd.sys [2006-7-27 11596]
S3 WRFilt;WRFilt;c:\windows\system32\drivers\WRFilt.sys [2010-5-14 2006784]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-23 267432]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-06-08 04:07:13 0 d-----w- c:\program files\ESET
2010-06-04 10:36:56 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-22 00:48:52 0 d-----w- c:\program files\Koei
2010-05-17 07:08:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 02:46:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Amazon
2010-05-15 02:46:42 0 d-----w- c:\program files\Amazon
2010-05-14 23:02:51 30688 ----a-w- c:\windows\system32\xfiWR.ini
2010-05-14 23:02:41 782336 ----a-w- c:\windows\OALInst.exe
2010-05-14 23:02:41 53248 ----a-w- c:\windows\WRDef.exe
2010-05-14 23:02:41 2006784 ----a-w- c:\windows\system32\drivers\WRFilt.sys
2010-05-14 23:02:41 1374 ----a-w- c:\windows\WRDef.reg

==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 20:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-03-24 20:29:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-24 20:29:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2006-04-19 06:46:10 77 --sh--w- c:\program files\common files\Desktop.ini
2009-12-20 04:37:34 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 14:49:38.43 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 09 June 2010 - 06:41 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

==========

Re-run Gmer and post a log

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Change "Drivers" to "All"
  6. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  7. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    fsvga.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  8. Push
  9. A report will open. Copy and Paste that report in your next reply.
  10. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

I see you have run Combofix unsupervised.....this is ill advised!!

excl.gif This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! excl.gif

I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt


==========
  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt

  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.

==========

With your next post please provide:

* TDSSKiller.txt
* OTL.txt
* Extra.txt
* Qoobox log
* Combofix.txt
* How is your computer running now?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 zeron2

zeron2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 09 June 2010 - 10:17 PM

I would like to thank you very much for taking your precious time to assit me, and I really appreciate the prompt response. Its people like you that this world needs more of.

I have done as you instructed but as you know, GMER takes some time.

Incidently, when I ran GMER, after it was done scanning, saved report and closed it, A problem occured. My computer slowed down then locked up, when I moved my browser window, it started to do a "ghosting" effect where it would leave a permanent window after I moved it. I dont know how else to explained it, but after moving it, there were many copies of the same browser window, then my computer froze and I had to turn off the CPU.

Is this a normal occurence after running GMER?


Also as I was copying and pasting these logs or when I hit enter or type a letter, there was a very slow response time for the text to show up on this screen. Is this normal due to the amount of text involved?

Here is the copy and paste of the logs you have requested, and I have attached the new GMER report file:



19:14:52:250 0396 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:14:52:250 0396 ================================================================================
19:14:52:250 0396 SystemInfo:

19:14:52:250 0396 OS Version: 5.1.2600 ServicePack: 3.0
19:14:52:250 0396 Product type: Workstation
19:14:52:250 0396 ComputerName: ZERON
19:14:52:250 0396 UserName: Joel
19:14:52:250 0396 Windows directory: C:\WINDOWS
19:14:52:250 0396 Processor architecture: Intel x86
19:14:52:250 0396 Number of processors: 2
19:14:52:250 0396 Page size: 0x1000
19:14:52:250 0396 Boot type: Normal boot
19:14:52:250 0396 ================================================================================
19:14:52:640 0396 Initialize success
19:14:52:640 0396
19:14:52:640 0396 Scanning Services ...
19:14:53:000 0396 Raw services enum returned 386 services
19:14:53:015 0396
19:14:53:015 0396 Scanning Drivers ...
19:14:53:750 0396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:14:53:781 0396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:14:53:828 0396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:14:53:906 0396 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:14:53:937 0396 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:14:53:968 0396 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:14:53:984 0396 AmdTools (cec8b2a9e39d3ecebb32456da4d7b6b2) C:\WINDOWS\system32\DRIVERS\AmdTools.sys
19:14:54:140 0396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:14:54:171 0396 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
19:14:54:203 0396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:14:54:234 0396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:14:54:390 0396 ati2mtag (3e6878df6cedcd36957cc5776335fcc5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:14:54:437 0396 ATIAVAIW (fed003fd00011946b0e4f8fb7a8b4307) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
19:14:54:468 0396 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
19:14:54:500 0396 atinevxx (0587c82711ca059ff71e040a4c028551) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
19:14:54:531 0396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:14:54:546 0396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:14:54:609 0396 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:14:54:640 0396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:14:54:765 0396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:14:54:796 0396 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:14:54:812 0396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:14:54:843 0396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:14:54:890 0396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:14:54:937 0396 COMMONFX.DLL (c160c203727aaf02bce992e4d56313b0) C:\WINDOWS\system32\COMMONFX.DLL
19:14:55:031 0396 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
19:14:55:046 0396 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
19:14:55:093 0396 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
19:14:55:125 0396 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:14:55:156 0396 CTAUDFX.DLL (277132bf8fb5127ab4b6f87cdcf6391b) C:\WINDOWS\system32\CTAUDFX.DLL
19:14:55:203 0396 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:14:55:234 0396 CTEAPSFX.DLL (fb5a6ae2f3b0deda158c575bc26d5341) C:\WINDOWS\system32\CTEAPSFX.DLL
19:14:55:281 0396 CTEDSPFX.DLL (fe0823d8280a51a5575ae2fd9a3732e2) C:\WINDOWS\system32\CTEDSPFX.DLL
19:14:55:296 0396 CTEDSPIO.DLL (eaf112535481ab76a022a274f1a8f924) C:\WINDOWS\system32\CTEDSPIO.DLL
19:14:55:312 0396 CTEDSPSY.DLL (db50923f48b8a8fd80329dae21ad316c) C:\WINDOWS\system32\CTEDSPSY.DLL
19:14:55:343 0396 CTERFXFX.DLL (c7f3e238871c8a0473430f8f87921ec5) C:\WINDOWS\system32\CTERFXFX.DLL
19:14:55:421 0396 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
19:14:55:500 0396 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
19:14:55:531 0396 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
19:14:55:546 0396 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
19:14:55:546 0396 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:14:55:609 0396 CTSBLFX.DLL (31cfb7fe27744c3fbc3e838be3b5f255) C:\WINDOWS\system32\CTSBLFX.DLL
19:14:55:640 0396 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:14:55:687 0396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:14:55:734 0396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:14:55:781 0396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:14:55:812 0396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:14:55:843 0396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:14:55:875 0396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:14:55:937 0396 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
19:14:55:968 0396 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
19:14:56:000 0396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:14:56:031 0396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:14:56:062 0396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:14:56:093 0396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:14:56:156 0396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:14:56:187 0396 FsVga (46eeacb7b8f44039dcb2c576fd323fe8) C:\WINDOWS\system32\DRIVERS\fsvga.sys
19:14:56:187 0396 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\fsvga.sys. Real md5: 46eeacb7b8f44039dcb2c576fd323fe8, Fake md5: 455f778ee14368468560bd7cb8c854d0
19:14:56:187 0396 File "C:\WINDOWS\system32\DRIVERS\fsvga.sys" infected by TDSS rootkit ... 19:14:57:828 0396 Backup copy found, using it..
19:14:57:859 0396 will be cured on next reboot
19:14:57:937 0396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:14:58:015 0396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:14:58:046 0396 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:14:58:078 0396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:14:58:140 0396 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
19:14:58:171 0396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:14:58:203 0396 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:14:58:234 0396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:14:58:296 0396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:14:58:343 0396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:14:58:468 0396 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:14:58:578 0396 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:14:58:593 0396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:14:58:625 0396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:14:58:656 0396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:14:58:703 0396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:14:58:734 0396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:14:58:765 0396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:14:58:812 0396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:14:58:828 0396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:14:58:843 0396 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
19:14:58:890 0396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:14:58:921 0396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:14:58:968 0396 L8042PR2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\Drivers\l8042pr2.sys
19:14:59:015 0396 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
19:14:59:015 0396 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
19:14:59:031 0396 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
19:14:59:078 0396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:14:59:125 0396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:14:59:156 0396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:14:59:187 0396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:14:59:234 0396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:14:59:250 0396 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:14:59:296 0396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:14:59:375 0396 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:14:59:406 0396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:14:59:421 0396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:14:59:437 0396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:14:59:453 0396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:14:59:484 0396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:14:59:515 0396 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:14:59:546 0396 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
19:14:59:578 0396 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:14:59:593 0396 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:14:59:625 0396 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:14:59:625 0396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:14:59:640 0396 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:14:59:656 0396 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:14:59:687 0396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:14:59:718 0396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:14:59:718 0396 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:14:59:765 0396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:14:59:796 0396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:14:59:828 0396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:14:59:859 0396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:14:59:875 0396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:14:59:921 0396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:14:59:968 0396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:14:59:984 0396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:00:031 0396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:15:00:062 0396 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:15:00:109 0396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:15:00:125 0396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:00:171 0396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:00:234 0396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:00:250 0396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:00:312 0396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:00:375 0396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:00:390 0396 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:15:00:406 0396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:15:00:437 0396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:00:500 0396 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:15:00:562 0396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:00:593 0396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:00:609 0396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:00:625 0396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:00:656 0396 Razerlow (a1e70b8354d52aeb3cb49568c7c0a2ff) C:\WINDOWS\system32\Drivers\Razerlow.sys
19:15:00:703 0396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:15:00:718 0396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:00:750 0396 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:00:781 0396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:00:828 0396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:00:859 0396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:00:906 0396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:15:00:906 0396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:15:00:968 0396 SI3132 (0b9b5c6df6226497ef4819b6e1b2efd5) C:\WINDOWS\system32\DRIVERS\SI3132.sys
19:15:01:000 0396 SiFilter (ad29a80543c63e5b3588d118fb327e22) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
19:15:01:015 0396 SiRemFil (b19efe5e45ae31f3c3e4c4f0f9da3c49) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
19:15:01:046 0396 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:15:01:093 0396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:15:01:140 0396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:01:187 0396 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:15:01:234 0396 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:15:01:265 0396 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
19:15:01:296 0396 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:15:01:328 0396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:01:343 0396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:15:01:375 0396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:01:453 0396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:01:484 0396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:01:515 0396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:01:546 0396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:01:578 0396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:15:01:625 0396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:15:01:671 0396 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:15:01:703 0396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:15:01:718 0396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:01:734 0396 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys
19:15:01:765 0396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:01:781 0396 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:15:01:828 0396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:15:01:843 0396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:01:859 0396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:01:921 0396 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:15:01:984 0396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:02:062 0396 WRFilt (e4b388dd3097103b5a182f416b5acf79) C:\WINDOWS\system32\drivers\WRFilt.sys
19:15:02:093 0396 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:15:02:109 0396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:15:02:125 0396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:15:02:156 0396 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
19:15:02:187 0396 yukonwxp (80f84ab266217ac4c8cc7dbca0e554fe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:15:02:187 0396 Reboot required for cure complete..
19:15:02:640 0396 Cure on reboot scheduled successfully
19:15:02:640 0396
19:15:02:640 0396 Completed
19:15:02:640 0396
19:15:02:640 0396 Results:
19:15:02:640 0396 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:15:02:640 0396 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:15:02:640 0396
19:15:02:640 0396 KLMD(ARK) unloaded successfully



_______________________________________________________________________________________________________________


OTL logfile created on: 6/9/2010 7:21:12 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Joel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 31.95 Gb Free Space | 24.97% Space Free | Partition Type: NTFS
Drive D: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZERON
Current User Name: Joel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/09 19:19:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/11/16 19:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/15 13:00:36 | 000,569,344 | ---- | M] (Spectra9 [Budyanto Nurhalim]) -- C:\Downloads\Drivers\Creative\XFiMode_1.7_Build_22\XFiMode.exe
PRC - [2007/09/26 20:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2006/12/12 11:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/09 19:19:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/20 20:58:42 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/01/08 09:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/01/08 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ioloSystemService)
SRV - File not found [Disabled | Stopped] -- -- (ioloFileInfoList)
SRV - [2010/05/03 19:09:30 | 000,267,432 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/24 15:30:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/16 19:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)


========== Driver Services (All) ==========

DRV - File not found [Kernel | Boot | Stopped] -- -- (wzlwh)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [File_System | System | Stopped] -- -- (vcdrom)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Boot | Stopped] -- -- (sptdNomore)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SANDRA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Boot | Stopped] -- -- (ppcwod)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (LMouKE)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (CT20XUT.DLL)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Amsmpu4p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/06/09 19:16:31 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/09 16:47:00 | 002,006,784 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WRFilt.sys -- (WRFilt)
DRV - [2009/11/24 22:50:16 | 004,463,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/18 18:24:26 | 000,095,232 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/25 14:14:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/20 12:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/05/14 20:24:32 | 000,171,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 13:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 13:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 13:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 13:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/03 22:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 22:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 22:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2007/02/26 20:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/12/19 09:32:56 | 000,168,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\cteapsfx.dll -- (CTEAPSFX.DLL)
DRV - [2006/12/19 09:32:44 | 000,557,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ctsblfx.dll -- (CTSBLFX.DLL)
DRV - [2006/12/19 09:32:32 | 000,546,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ctaudfx.dll -- (CTAUDFX.DLL)
DRV - [2006/12/19 09:31:42 | 000,095,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\commonfx.dll -- (COMMONFX.DLL)
DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/09/16 02:05:32 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/27 14:24:16 | 000,031,744 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdTools.sys -- (AmdTools)
DRV - [2006/04/20 00:44:38 | 000,479,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/02/01 10:28:52 | 000,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/12/21 21:22:18 | 000,005,685 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/11/22 08:47:00 | 000,243,200 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/11/02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\copperhd.sys -- (UsbFltr)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/12 10:11:10 | 000,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/08/23 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 07:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/23 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.blizzard.com/en-us/
IE - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/05/03 20:31:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\SB WoW Wireless Headset\WoWAudioCP\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XFMC] C:\Downloads\Drivers\Creative\XFiMode_1.7_Build_22\XFiMode.exe (Spectra9 [Budyanto Nurhalim])
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\System32\mididef.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\System32\mididef.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1220348602812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Joel\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joel\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/19 01:22:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: javaethc - (C:\WINDOWS\system32\AppShare.dll) - C:\WINDOWS\System32\AppShare.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/19 10:01:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: klmdb.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C63781B8-7B6F-A3EA-EFE0-2016453AFC48} - NetShow
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/09 19:19:15 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2010/06/09 14:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Desktop\gmer
[2010/06/09 14:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Cache
[2010/06/09 14:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Backup Nude Patches
[2010/06/09 14:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\WTF
[2010/06/09 14:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sam
[2010/06/07 23:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/06 21:06:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/06 01:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/04 05:36:56 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/03 05:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Joel\Desktop\TDSSKiller.exe
[2010/05/21 19:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\Koei
[2010/05/21 19:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Koei
[2010/05/21 17:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\My Documents\My Downloads
[2010/05/17 02:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/14 21:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/05/14 21:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/05/14 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/05/14 18:02:41 | 002,006,784 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\WRFilt.sys
[2010/05/14 18:02:41 | 000,782,336 | ---- | C] (Creative Labs Inc.) -- C:\WINDOWS\OALInst.exe
[2010/05/14 18:02:41 | 000,053,248 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\WRDef.exe
[2006/12/12 11:47:24 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/09 19:19:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2010/06/09 19:17:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/09 19:17:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/09 19:16:31 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys
[2010/06/09 19:16:01 | 000,055,828 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000012-00001102-00000005-00311102}.rfx
[2010/06/09 19:16:01 | 000,055,828 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000012-00001102-00000005-00311102}.rfx
[2010/06/09 19:16:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/09 19:16:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/09 19:16:01 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000012-00001102-00000005-00311102}.rfx
[2010/06/09 19:15:58 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Joel\ntuser.dat
[2010/06/09 19:15:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/06/09 19:11:49 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Joel\Desktop\TDSSKiller.exe
[2010/06/09 19:11:35 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\tdsskiller.zip
[2010/06/09 14:52:34 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\gmer.zip
[2010/06/09 14:47:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\dds.scr
[2010/06/09 02:32:23 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\rkill.com
[2010/06/07 00:04:49 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\World of Warcraft.lnk
[2010/06/06 21:21:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/06 01:49:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/06 01:31:26 | 003,703,149 | R--- | M] () -- C:\Documents and Settings\Joel\Desktop\ComboFix.exe
[2010/06/04 16:28:51 | 000,026,976 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\ship-label-img-src.gif
[2010/06/04 16:28:51 | 000,014,494 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\blank003__ZXcc5452332d343036353235342d3735323638323226ce,50,0,0,0,advc128d,30,0,0,0_V45444238_.jpg
[2010/06/04 16:19:42 | 000,196,798 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Label
[2010/06/04 05:34:59 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/02 21:43:47 | 000,055,770 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\!Bu,JtDgEWk~$(KGrHqN,!isEv1+0C)7uBM!OZH6NRQ~~_12.jpg
[2010/06/02 21:43:08 | 000,222,915 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\costumes1.jpg
[2010/05/21 20:10:47 | 000,183,296 | ---- | M] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 19:48:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Romance of the Three Kingdoms XI.lnk
[2010/05/17 02:08:52 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 18:02:51 | 000,000,361 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2010/05/13 20:27:25 | 002,110,328 | -H-- | M] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\IconCache.db
[2010/05/13 15:14:33 | 003,037,717 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\august03.wmv
[2010/05/11 23:45:39 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Joel\My Documents\SC2 Race units.xls
[2010/05/11 23:07:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/09 19:11:31 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\tdsskiller.zip
[2010/06/09 14:52:33 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\gmer.zip
[2010/06/09 14:47:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\dds.scr
[2010/06/09 02:28:57 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\rkill.com
[2010/06/04 16:29:32 | 000,026,976 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\ship-label-img-src.gif
[2010/06/04 16:29:27 | 000,014,494 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\blank003__ZXcc5452332d343036353235342d3735323638323226ce,50,0,0,0,advc128d,30,0,0,0_V45444238_.jpg
[2010/06/04 16:19:40 | 000,196,798 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Label
[2010/06/04 05:35:49 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/02 21:44:06 | 000,222,915 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\costumes1.jpg
[2010/06/02 21:43:56 | 000,055,770 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\!Bu,JtDgEWk~$(KGrHqN,!isEv1+0C)7uBM!OZH6NRQ~~_12.jpg
[2010/05/27 20:54:05 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\World of Warcraft.lnk
[2010/05/21 19:48:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Romance of the Three Kingdoms XI.lnk
[2010/05/17 02:08:52 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 18:02:51 | 000,030,688 | ---- | C] () -- C:\WINDOWS\System32\xfiWR.ini
[2010/05/14 18:02:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\WRDef.reg
[2010/05/13 15:15:18 | 003,037,717 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\august03.wmv
[2010/05/11 23:45:39 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Joel\My Documents\SC2 Race units.xls
[2010/03/04 12:11:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WRTSPI32.dll
[2010/01/24 02:24:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/18 18:33:15 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2009/08/25 14:03:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/06/10 02:15:56 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/09/02 03:12:41 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/13 13:36:59 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\work.ini
[2008/07/13 13:36:06 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\hgset.ini
[2008/05/09 15:28:42 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2007/11/18 01:40:54 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/07/15 21:12:09 | 000,000,063 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/15 20:43:41 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/15 20:43:41 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/15 20:43:41 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/12 11:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/10/02 17:25:18 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/06/26 21:14:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/05/20 18:30:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/25 22:26:49 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/04/20 11:18:48 | 000,000,143 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/19 12:51:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/04/19 02:20:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2006/04/19 02:20:38 | 000,005,685 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2006/04/19 02:20:37 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2006/04/19 02:20:37 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2006/04/19 02:08:32 | 000,002,559 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/04/19 01:55:22 | 000,024,744 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2006/04/19 01:54:58 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/04/19 01:54:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/11/28 22:09:56 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/28 09:53:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/01/28 09:53:43 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2004/01/28 09:53:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2003/05/23 05:08:52 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 05:08:52 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/12/18 18:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/05/14 21:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/12/02 06:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/12/13 19:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/11/28 03:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/09/02 02:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/12/02 06:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/16 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/03/26 15:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/19 15:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/12/02 06:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\DriverCure
[2008/11/28 03:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Flood Light Games
[2008/09/16 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\GetRightToGo
[2008/01/06 04:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterTrust
[2010/03/22 18:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2008/09/02 03:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\iolo
[2006/04/25 22:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Leadertech
[2008/01/16 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sandlot Games
[2009/08/25 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Softplicity
[2010/03/17 01:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\The Creative Assembly
[2009/12/02 06:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Uniblue
[2008/09/02 03:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/06/06 21:21:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/05/13 16:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/14 21:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/08/26 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/23 03:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/21 10:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/03 09:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/05/14 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2008/06/27 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative Labs
[2009/12/02 06:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/12/13 19:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/11/28 03:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/03/26 15:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/25 20:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/09/02 02:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/06/06 21:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2006/09/21 20:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/09/23 12:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/05 19:49:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/11 23:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/13 22:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/12/02 06:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/16 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/12/02 16:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/26 15:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/16 00:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2006/04/19 05:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/19 15:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/03/22 17:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/05/17 02:09:27 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/05/13 16:53:55 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
[2009/12/11 14:35:13 | 001,956,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

< %APPDATA%\*. >
[2008/02/06 20:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Adobe
[2006/04/26 02:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\AdobeUM
[2006/10/09 09:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Apple Computer
[2007/11/24 00:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\ATI
[2010/04/14 11:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Avira
[2008/10/04 19:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Creative
[2009/12/02 06:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\DriverCure
[2008/11/28 03:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Flood Light Games
[2008/09/16 01:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\GetRightToGo
[2006/11/10 06:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Google
[2006/04/19 02:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Help
[2006/04/19 01:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Identities
[2010/06/04 00:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\IGN_DLM
[2007/07/18 21:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InstallShield
[2008/01/06 04:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterTrust
[2010/03/22 18:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\InterVideo
[2010/02/26 02:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Intuit
[2008/09/02 03:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\iolo
[2006/09/19 05:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Lavasoft
[2006/04/25 22:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Leadertech
[2006/09/21 20:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Macromedia
[2009/09/23 12:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Malwarebytes
[2007/04/02 16:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Media Player Classic
[2009/08/25 20:55:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Joel\Application Data\Microsoft
[2009/06/10 01:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Microsoft Games
[2008/01/16 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sandlot Games
[2009/08/25 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Softplicity
[2006/09/19 05:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Spybot - Search & Destroy
[2006/12/21 01:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Sun
[2010/03/17 01:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\The Creative Assembly
[2009/12/02 06:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Uniblue
[2010/01/24 02:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Ventrilo
[2008/07/16 13:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2006/09/21 20:10:30 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Joel\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/04/19 05:13:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/02 04:26:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/04/19 05:13:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/02 04:26:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/04/19 05:13:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/02 04:26:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/04/19 05:13:07 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/02 04:26:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: FSVGA.SYS >
[2001/08/17 13:57:26 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\dllcache\fsvga.sys
[2010/06/09 19:16:31 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\drivers\fsvga.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/19 10:02:29 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/19 10:02:29 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/19 10:02:29 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >




OTL Extras logfile created on: 6/9/2010 7:21:12 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Joel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 31.95 Gb Free Space | 24.97% Space Free | Partition Type: NTFS
Drive D: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZERON
Current User Name: Joel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9027:TCP" = 9027:TCP:*:Enabled:BitComet 9027 TCP
"9027:UDP" = 9027:UDP:*:Enabled:BitComet 9027 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"3784:UDP" = 3784:UDP:*:Enabled:Ventrilo
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"1120:TCP" = 1120:TCP:*:Enabled:Blizzard Downloader
"6113:TCP" = 6113:TCP:*:Enabled:Blizzard Downloader
"6114:TCP" = 6114:TCP:*:Enabled:Blizzard Downloader
"6115:TCP" = 6115:TCP:*:Enabled:Blizzard Downloader
"6116:TCP" = 6116:TCP:*:Enabled:Blizzard Downloader
"6117:TCP" = 6117:TCP:*:Enabled:Blizzard Downloader
"6118:TCP" = 6118:TCP:*:Enabled:Blizzard Downloader
"6119:TCP" = 6119:TCP:*:Enabled:Blizzard Downloader
"4000:TCP" = 4000:TCP:*:Enabled:Blizzard Downloader

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\redlightcenter\redlightcenter\Redlightcenter.exe" = C:\Program Files\redlightcenter\redlightcenter\Redlightcenter.exe:*:Enabled:Redlightcenter -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Hasbro Interactive\Clue\Clue.exe" = C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Enabled:Clue -- ()
"C:\Program Files\ASUS\AsusUpdate\Update.exe" = C:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Windows Platform Flash Program -- (ASUSTek Computer Inc.)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15133\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\Steam\SteamApps\common\napoleon total war\Napoleon.exe" = C:\Program Files\Steam\SteamApps\common\napoleon total war\Napoleon.exe:*:Enabled:Napoleon: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15580\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15580\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15623\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15623\SC2.exe:*:Disabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15655\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15655\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233CA1A1-FE20-4495-BA80-07E832B1AC2D}" = Romance of the Three Kingdoms XI
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C73A54-1428-4893-B041-58AA594F4ACD}" = RedLightCenter
"{397EF8BA-A868-43AF-9E75-AF26C32954B2}" = TurboTax 2008 wmoiper
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{477E717B-36FD-7318-0FAE-AF20D23DC9B3}" = ATI AVIVO Codecs
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{67D29F24-DB21-8599-CC54-AE736306180D}" = ATI Catalyst Install Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}" = AMD Dual-Core Optimizer
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{925E386D-369B-419A-BB28-99958969BE11}" = PapseudaNvw
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B905C2C6-E171-4D6A-B235-EDECF1F5EFB1}" = Samsung PC Studio 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 2.0
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"0000RetrofitMod_is1" = Medieval II - Retrofit Mod version 1.0
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Clue" = Clue
"Driver Cleaner" = Driver Cleaner 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 34030" = Napoleon: Total War
"SysInfo" = Creative System Information
"The Game Of Life" = The Game Of Life
"TurboTax 2008" = TurboTax 2008
"TurboTax Premier 2007" = TurboTax Premier 2007
"Warlords III: Darklords Rising 1.0" = Warlords III: Darklords Rising
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WGA" = Windows Genuine Advantage Validation Tool
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-1614895754-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2010 5:23:13 AM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/8/2010 5:23:14 AM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/9/2010 12:17:01 AM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/9/2010 12:17:01 AM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/9/2010 12:27:23 AM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/9/2010 12:27:23 AM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/9/2010 3:52:12 PM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/9/2010 3:52:12 PM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/9/2010 7:23:12 PM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/9/2010 7:23:13 PM | Computer Name = ZERON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 6/9/2010 3:31:49 PM | Computer Name = ZERON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/9/2010 3:32:01 PM | Computer Name = ZERON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/9/2010 3:32:26 PM | Computer Name = ZERON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/9/2010 3:32:38 PM | Computer Name = ZERON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/9/2010 3:32:56 PM | Computer Name = ZERON | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/9/2010 7:19:10 PM | Computer Name = ZERON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 6/9/2010 7:19:18 PM | Computer Name = ZERON | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/9/2010 7:19:18 PM | Computer Name = ZERON | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/9/2010 8:17:01 PM | Computer Name = ZERON | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 6/9/2010 8:17:15 PM | Computer Name = ZERON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >







Volume in drive C is ZERON
Volume Serial Number is ACCE-16D3

Directory of C:\QooBox

06/06/2010 01:52 AM <DIR> .
06/06/2010 01:52 AM <DIR> ..
06/06/2010 01:51 AM 8,686 Add-Remove Programs.txt
06/06/2010 01:39 AM <DIR> BackEnv
06/06/2010 01:51 AM 27,311 ComboFix-quarantined-files.txt
06/05/2010 01:55 AM 31,675 ComboFix2.txt
05/03/2010 08:36 PM 32,910 ComboFix3.txt
03/26/2010 03:39 PM 29,399 ComboFix4.txt
06/06/2010 01:32 AM 121,095 ComboFix5.txt
12/20/2009 01:45 AM <DIR> Quarantine
12/20/2009 02:02 AM 1,297,055 SnapShot@2009-12-20_06.58.51.dat
01/20/2010 05:38 AM 1,259,283 SnapShot_2010-01-20_10.37.47.dat
02/13/2010 11:50 PM 1,288,169 SnapShot_2010-02-14_04.46.29.dat
03/02/2010 02:26 AM 1,290,515 SnapShot_2010-03-02_07.25.27.dat
03/11/2010 01:55 PM 1,299,949 SnapShot_2010-03-11_18.54.52.dat
03/26/2010 03:38 PM 1,297,025 SnapShot_2010-03-26_20.37.47.dat
05/03/2010 08:35 PM 1,310,741 SnapShot_2010-05-04_01.31.53.dat
06/05/2010 01:53 AM 1,317,043 SnapShot_2010-06-05_06.53.00.dat
14 File(s) 10,610,856 bytes

Directory of C:\QooBox\BackEnv

06/06/2010 01:39 AM <DIR> .
06/06/2010 01:39 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine

12/20/2009 01:45 AM <DIR> .
12/20/2009 01:45 AM <DIR> ..
12/20/2009 01:49 AM <DIR> C
06/06/2010 01:38 AM 1,450 catchme.log
06/06/2010 01:50 AM <DIR> Registry_backups
1 File(s) 1,450 bytes

Directory of C:\QooBox\Quarantine\C

12/20/2009 01:49 AM <DIR> .
12/20/2009 01:49 AM <DIR> ..
03/11/2010 01:54 PM <DIR> Documents and Settings
05/03/2010 08:29 PM <DIR> Program Files
06/04/2010 02:00 AM <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings

03/11/2010 01:54 PM <DIR> .
03/11/2010 01:54 PM <DIR> ..
02/13/2010 11:44 PM <DIR> All Users
03/11/2010 01:54 PM <DIR> Joel
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\All Users

02/13/2010 11:44 PM <DIR> .
02/13/2010 11:44 PM <DIR> ..
02/13/2010 11:44 PM <DIR> Application Data
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data

02/13/2010 11:44 PM <DIR> .
02/13/2010 11:44 PM <DIR> ..
12/18/2009 05:08 PM 8 sysReserve.ini.vir
1 File(s) 8 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel

03/11/2010 01:54 PM <DIR> .
03/11/2010 01:54 PM <DIR> ..
03/11/2010 01:54 PM <DIR> Local Settings
05/03/2010 08:29 PM <DIR> Recent
05/03/2010 08:29 PM <DIR> Start Menu
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings

03/11/2010 01:54 PM <DIR> .
03/11/2010 01:54 PM <DIR> ..
03/26/2010 03:37 PM <DIR> Application Data
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data

03/26/2010 03:37 PM <DIR> .
03/26/2010 03:37 PM <DIR> ..
03/11/2010 01:54 PM <DIR> {144C3E20-5FD2-4692-BEF8-9CE74946EA27}
03/26/2010 03:37 PM <DIR> {51AB1C23-1CDA-4160-9DEA-37AAF1AA0F01}
05/03/2010 08:29 PM <DIR> {C2432B81-8C53-4308-BD00-97E426D6618F}
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{144C3E20-5FD2-4692-BEF8-9CE74946EA27}

03/11/2010 01:54 PM <DIR> .
03/11/2010 01:54 PM <DIR> ..
03/11/2010 01:54 PM <DIR> chrome
03/11/2010 09:49 PM 122 chrome.manifest.vir
03/11/2010 09:49 PM 764 install.rdf.vir
2 File(s) 886 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{144C3E20-5FD2-4692-BEF8-9CE74946EA27}\chrome

03/11/2010 01:54 PM <DIR> .
03/11/2010 01:54 PM <DIR> ..
03/11/2010 01:54 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{144C3E20-5FD2-4692-BEF8-9CE74946EA27}\chrome\content

03/11/2010 01:54 PM <DIR> .
03/11/2010 01:54 PM <DIR> ..
03/11/2010 09:49 PM 6,778 overlay.xul.vir
03/11/2010 09:49 PM 2,054 _cfg.js.vir
2 File(s) 8,832 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{51AB1C23-1CDA-4160-9DEA-37AAF1AA0F01}

03/26/2010 03:37 PM <DIR> .
03/26/2010 03:37 PM <DIR> ..
03/26/2010 03:37 PM <DIR> chrome
03/26/2010 02:45 PM 122 chrome.manifest.vir
03/26/2010 02:45 PM 764 install.rdf.vir
2 File(s) 886 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{51AB1C23-1CDA-4160-9DEA-37AAF1AA0F01}\chrome

03/26/2010 03:37 PM <DIR> .
03/26/2010 03:37 PM <DIR> ..
03/26/2010 03:37 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{51AB1C23-1CDA-4160-9DEA-37AAF1AA0F01}\chrome\content

03/26/2010 03:37 PM <DIR> .
03/26/2010 03:37 PM <DIR> ..
03/26/2010 02:45 PM 6,778 overlay.xul.vir
03/26/2010 02:45 PM 2,054 _cfg.js.vir
2 File(s) 8,832 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{C2432B81-8C53-4308-BD00-97E426D6618F}

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
05/03/2010 08:29 PM <DIR> chrome
05/03/2010 12:39 AM 122 chrome.manifest.vir
05/03/2010 12:39 AM 764 install.rdf.vir
2 File(s) 886 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{C2432B81-8C53-4308-BD00-97E426D6618F}\chrome

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
05/03/2010 08:29 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Local Settings\Application Data\{C2432B81-8C53-4308-BD00-97E426D6618F}\chrome\content

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
05/03/2010 12:39 AM 6,778 overlay.xul.vir
05/03/2010 12:39 AM 2,060 _cfg.js.vir
2 File(s) 8,838 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Recent

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
04/27/2010 10:46 PM 117,760 Thumbs.db.vir
1 File(s) 117,760 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Start Menu

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
05/03/2010 08:29 PM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Start Menu\Programs

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
06/04/2010 02:00 AM <DIR> Startup
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Joel\Start Menu\Programs\Startup

06/04/2010 02:00 AM <DIR> .
06/04/2010 02:00 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
05/03/2010 08:29 PM <DIR> XXXXX
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\XXXXX

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
01/06/2010 11:32 PM 17,765 changes.rtf.vir
05/03/2010 08:29 PM <DIR> Languages
01/04/2009 06:31 PM 4,124 license.txt.vir
01/07/2010 02:57 PM 59,241 mbam.chm.vir
01/07/2010 04:07 PM 167,760 mbam.dll.vir
01/07/2010 04:07 PM 1,394,000 mbam.exe.vir
12/03/2009 05:13 PM 84,816 mbamext.dll.vir
01/07/2010 04:07 PM 429,392 mbamgui.exe.vir
01/07/2010 04:07 PM 236,368 mbamservice.exe.vir
12/03/2009 05:14 PM 1,394,000 myapp.exe.vir
12/03/2009 05:14 PM 46,416 ssubtmr6.dll.vir
03/26/2010 02:56 PM 18,036 unins000.dat.vir
03/26/2010 02:56 PM 702,288 unins000.exe.vir
03/26/2010 02:56 PM 10,498 unins000.msg.vir
12/03/2009 05:14 PM 496,976 vbalsgrid6.ocx.vir
01/07/2010 04:07 PM 79,696 zlib.dll.vir
15 File(s) 5,141,376 bytes

Directory of C:\QooBox\Quarantine\C\Program Files\XXXXX\Languages

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
07/03/2008 09:10 AM 13,924 albanian.lng.vir
04/09/2009 11:53 PM 10,331 arabic.lng.vir
12/28/2009 11:45 PM 11,612 belarusian.lng.vir
08/01/2009 03:14 PM 12,636 bosnian.lng.vir
09/08/2009 10:46 PM 12,610 bulgarian.lng.vir
03/04/2008 07:05 PM 12,595 catalan.lng.vir
08/01/2008 08:03 AM 8,045 chineseSI.lng.vir
08/04/2008 11:58 AM 8,141 chineseTR.lng.vir
12/27/2008 03:41 PM 11,977 croatian.lng.vir
09/07/2009 06:42 PM 12,199 czech.lng.vir
02/17/2009 07:27 PM 11,893 danish.lng.vir
03/04/2008 06:56 PM 12,255 dutch.lng.vir
09/03/2009 09:22 AM 11,314 english.lng.vir
01/07/2010 09:50 AM 11,146 estonian.lng.vir
05/17/2008 09:09 AM 11,624 finnish.lng.vir
09/08/2009 10:45 PM 13,442 french.lng.vir
09/10/2009 01:12 PM 13,642 german.lng.vir
10/07/2008 02:15 PM 13,234 greek.lng.vir
09/14/2009 04:43 PM 8,766 hebrew.lng.vir
03/03/2008 04:39 PM 12,048 hungarian.lng.vir
03/04/2008 07:03 PM 13,019 italian.lng.vir
07/23/2009 06:46 PM 9,269 korean.lng.vir
12/19/2008 03:30 PM 11,457 latvian.lng.vir
09/10/2008 09:29 PM 13,314 macedonian.lng.vir
11/25/2009 02:29 PM 11,602 norwegian.lng.vir
01/10/2009 11:56 PM 11,623 polish.lng.vir
03/04/2008 06:56 PM 12,245 portugueseBR.lng.vir
06/15/2008 12:04 PM 12,345 portuguesePT.lng.vir
03/13/2008 06:09 PM 12,672 romanian.lng.vir
07/03/2008 11:58 PM 11,779 russian.lng.vir
09/06/2009 08:23 AM 12,198 serbian.lng.vir
07/26/2008 08:58 AM 11,599 slovak.lng.vir
03/03/2008 10:28 PM 11,205 slovenian.lng.vir
09/08/2009 10:46 PM 12,962 spanish.lng.vir
09/07/2009 12:51 AM 12,265 swedish.lng.vir
04/15/2009 04:00 AM 13,808 turkish.lng.vir
10/31/2008 04:54 PM 13,097 ukrainian.lng.vir
37 File(s) 439,893 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS

06/04/2010 02:00 AM <DIR> .
06/04/2010 02:00 AM <DIR> ..
05/03/2010 08:29 PM <DIR> system32
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32

05/03/2010 08:29 PM <DIR> .
05/03/2010 08:29 PM <DIR> ..
12/22/2000 12:08 AM 114,688 CBUTTON.OCX.vir
01/20/2010 05:36 AM <DIR> Data
06/08/2010 03:03 AM <DIR> drivers
12/19/2009 11:15 PM 673 krl32mainweq.dll.vir
02/17/2009 03:19 PM 2,082 readme.txt.vir
12/19/2009 11:15 PM 202 srcr.dat.vir
04/27/2010 10:45 PM 8,704 Thumbs.db.vir
5 File(s) 126,349 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\Data

01/20/2010 05:36 AM <DIR> .
01/20/2010 05:36 AM <DIR> ..
02/20/2008 08:44 PM 235,142 CT0060W.DAT.vir
06/04/2009 12:33 AM 26,919 ctd20x.dat.vir
02/20/2008 08:44 PM 201,502 CTEAPSW.DAT.vir
02/20/2008 08:44 PM 374,041 CTEDSP2W.DAT.vir
02/20/2008 08:44 PM 348,425 CTEDSPHW.DAT.vir
02/20/2008 08:44 PM 294,775 CTEDSPKW.DAT.vir
02/20/2008 08:44 PM 294,775 CTEDSPLW.DAT.vir
02/20/2008 08:44 PM 330,665 CTEDSPPW.DAT.vir
02/20/2008 08:44 PM 270,927 CTEDSPTW.DAT.vir
02/20/2008 08:44 PM 270,927 CTEDSPUW.DAT.vir
02/20/2008 08:44 PM 374,041 CTEDSPW.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0060W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0061W.DAT.vir
02/20/2008 08:44 PM 289,409 CTP0070W.DAT.vir
02/20/2008 08:44 PM 289,409 CTP0073W.DAT.vir
02/20/2008 08:44 PM 276,738 CTP0090W.DAT.vir
02/20/2008 08:44 PM 275,169 CTP0091W.DAT.vir
02/20/2008 08:44 PM 276,738 CTP0092W.DAT.vir
02/20/2008 08:44 PM 274,587 CTP0095W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0100W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0101W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0102W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0103W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0105W.DAT.vir
02/20/2008 08:44 PM 232,158 CTP0150W.DAT.vir
02/20/2008 08:44 PM 275,427 CTP0161W.DAT.vir
02/20/2008 08:44 PM 276,738 CTP0162W.DAT.vir
02/20/2008 08:44 PM 235,259 CTP0170W.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017AW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017BW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017CW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017DW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017EW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017FW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017GW.DAT.vir
02/20/2008 08:44 PM 235,142 CTP017HW.DAT.vir
02/20/2008 08:44 PM 275,169 CTP0191W.DAT.vir
02/20/2008 08:44 PM 276,738 CTP0192W.DAT.vir
02/20/2008 08:44 PM 236,189 CTP0221W.DAT.vir
02/20/2008 08:44 PM 236,189 CTP0222W.DAT.vir
02/20/2008 08:44 PM 277,159 CTP0230W.DAT.vir
02/20/2008 08:44 PM 275,816 CTP0231W.DAT.vir
02/20/2008 08:44 PM 277,159 CTP0232W.DAT.vir
02/20/2008 08:44 PM 275,517 CTP0238W.DAT.vir
02/20/2008 08:44 PM 319,070 CTP0240W.DAT.vir
02/20/2008 08:44 PM 319,730 CTP0242W.DAT.vir
02/20/2008 08:44 PM 318,800 CTP0243W.DAT.vir
02/20/2008 08:44 PM 319,730 CTP0244W.DAT.vir
02/20/2008 08:44 PM 318,254 CTP0245W.DAT.vir
02/20/2008 08:44 PM 319,730 CTP0246W.DAT.vir
02/20/2008 08:44 PM 318,341 CTP0249W.DAT.vir
02/20/2008 08:44 PM 318,254 CTP0280W.DAT.vir
02/20/2008 08:44 PM 318,254 CTP0320W.DAT.vir
02/20/2008 08:44 PM 323,640 CTP0350W.DAT.vir
02/20/2008 08:44 PM 321,529 CTP0352W.DAT.vir
02/20/2008 08:44 PM 322,194 CTP0355W.DAT.vir
02/20/2008 08:44 PM 321,552 CTP0358W.DAT.vir
02/20/2008 08:44 PM 320,622 CTP0359W.DAT.vir
02/20/2008 08:44 PM 320,076 CTP0360W.DAT.vir
02/20/2008 08:44 PM 320,076 CTP0380W.DAT.vir
02/20/2008 08:44 PM 319,757 CTP0400W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0460W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0462W.DAT.vir
06/04/2009 12:36 AM 276,282 CTP0463W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0464W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0465W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0466W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0468W.DAT.vir
06/04/2009 12:36 AM 275,836 CTP0469W.DAT.vir
06/04/2009 12:36 AM 275,508 CTP046AW.DAT.vir
06/04/2009 12:36 AM 275,508 CTP046BW.DAT.vir
06/04/2009 12:36 AM 275,508 CTP046CW.DAT.vir
02/20/2008 08:45 PM 232,116 CTP0530L.DAT.vir
02/20/2008 08:44 PM 321,377 CTP0530W.DAT.vir
02/20/2008 08:46 PM 232,116 CTP0531L.DAT.vir
02/20/2008 08:45 PM 321,377 CTP0531W.DAT.vir
06/04/2009 12:36 AM 276,094 CTP0550W.DAT.vir
06/04/2009 12:36 AM 275,766 CTP055AW.DAT.vir
02/20/2008 08:44 PM 319,757 CTP0600W.DAT.vir
02/20/2008 08:44 PM 319,757 CTP0610W.DAT.vir
02/20/2008 08:44 PM 319,757 CTP0669W.DAT.vir
06/04/2009 12:36 AM 357,983 CTP0678W.DAT.vir
06/04/2009 12:36 AM 357,983 CTP0679W.DAT.vir
06/04/2009 12:36 AM 277,688 CTP0730W.DAT.vir
06/04/2009 12:36 AM 277,688 CTP073AW.DAT.vir
06/04/2009 12:36 AM 275,257 CTP0760W.DAT.vir
02/20/2008 08:46 PM 278,572 CTP0772W.DAT.vir
02/20/2008 08:46 PM 278,572 CTP0773W.DAT.vir
02/20/2008 08:46 PM 278,572 CTP0776W.DAT.vir
02/20/2008 08:46 PM 278,572 CTP0779W.DAT.vir
02/20/2008 08:44 PM 233,684 CTP1140W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4620W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4670W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4760W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4780W.DAT.vir
02/20/2008 08:44 PM 232,158 CTP4790W.DAT.vir
02/20/2008 08:44 PM 267,599 CTP4820W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4830W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4831W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4832W.DAT.vir
02/20/2008 08:44 PM 232,158 CTP4840W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4850W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4870W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4871W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4872W.DAT.vir
02/20/2008 08:44 PM 233,024 CTP4875W.DAT.vir
02/20/2008 08:44 PM 232,158 CTP4890W.DAT.vir
02/20/2008 08:44 PM 232,158 CTP4891W.DAT.vir
02/20/2008 08:44 PM 232,158 CTP4893W.DAT.vir
02/20/2008 08:44 PM 235,142 CTPDXW.DAT.vir
02/20/2008 08:44 PM 233,684 CTPM002W.DAT.vir
06/04/2009 12:33 AM 2,091 cts20x.dat.vir
06/23/2005 06:58 AM 7,352 CTXFICBM.RFX.vir
07/28/2006 10:31 AM 41,624 CTXFICM.RFX.vir
07/28/2006 10:31 AM 41,788 CTXFIEM.RFX.vir
07/28/2006 10:31 AM 41,320 CTXFIGM.RFX.vir
116 File(s) 30,195,289 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\drivers

06/08/2010 03:03 AM <DIR> .
06/08/2010 03:03 AM <DIR> ..
02/13/2010 11:35 PM 96,512 atapi.sys.vir
04/13/2008 01:40 PM 96,512 atapi.sys.vir_
08/23/2001 07:00 AM 12,160 fsvga.sys.vir
3 File(s) 205,184 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

06/06/2010 01:50 AM <DIR> .
06/06/2010 01:50 AM <DIR> ..
05/03/2010 08:35 PM 1,872 AddRemove-Malwarebytes' Anti-Malware_is1.reg.dat
12/20/2009 02:02 AM 2,690 AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1.reg.dat
05/03/2010 08:35 PM 148 HKCU-Run-Jpereseheguc.reg.dat
03/11/2010 01:55 PM 153 HKLM-Run-Ejaludajugabor.reg.dat
01/20/2010 05:38 AM 159 SharedTaskScheduler-{9C860CBD-3DDD-4C6B-9C34-7B738C8EBAA9}.reg.dat
06/06/2010 01:46 AM 9,536 tcpip.reg
6 File(s) 14,558 bytes

Total Files Listed:
211 File(s) 46,881,883 bytes
92 Dir(s) 34,278,436,864 bytes free






ComboFix 10-06-05.01 - Joel 06/06/2010 1:40.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1654 [GMT -5:00]
Running from: c:\documents and settings\Joel\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\fsvga.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-04 10:36 . 2010-06-04 10:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-04 10:30 . 2010-06-04 10:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-04 10:30 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-02 07:47 . 2010-06-02 07:47 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-22 00:48 . 2010-05-22 00:48 -------- d-----w- c:\program files\Koei
2010-05-17 07:08 . 2010-05-17 07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 02:47 . 2010-05-15 02:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-05-15 02:46 . 2010-05-15 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2010-05-15 02:46 . 2010-05-15 02:46 -------- d-----w- c:\program files\Amazon
2010-05-14 23:02 . 2009-12-09 21:47 2006784 ----a-w- c:\windows\system32\drivers\WRFilt.sys
2010-05-14 23:02 . 2009-10-21 03:27 1374 ----a-w- c:\windows\WRDef.reg
2010-05-14 23:02 . 2009-09-02 02:50 53248 ----a-w- c:\windows\WRDef.exe
2010-05-14 23:02 . 2007-07-16 20:50 782336 ----a-w- c:\windows\OALInst.exe
2010-05-13 21:55 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Joel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-13 21:55 . 2010-05-13 21:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-13 21:53 . 2010-05-13 21:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 04:15 . 2010-05-03 14:27 -------- d-----w- c:\program files\StarCraft II Beta
2010-06-06 02:55 . 2010-03-06 07:25 -------- d-----w- c:\program files\Steam
2010-06-05 05:58 . 2008-09-04 04:59 -------- d-----w- c:\program files\Driver Cleaner
2010-06-04 10:34 . 2009-08-25 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-04 10:34 . 2009-08-25 20:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 10:30 . 2009-08-25 20:41 -------- d-----w- c:\program files\Lavasoft
2010-06-04 05:22 . 2008-10-20 03:04 -------- d-----w- c:\documents and settings\Joel\Application Data\IGN_DLM
2010-06-03 00:34 . 2006-04-19 18:25 -------- d-----w- c:\program files\World of Warcraft
2010-05-22 00:48 . 2006-04-19 07:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 20:11 . 2010-01-26 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-05-14 23:05 . 2007-08-23 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-05-14 23:02 . 2008-10-05 00:02 -------- d-----w- c:\program files\Creative
2010-05-14 03:04 . 2009-11-13 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-13 21:57 . 2006-04-19 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-12 04:07 . 2009-04-12 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-04 01:20 . 2010-03-12 02:49 120 ----a-w- c:\windows\Vdagijohap.dat
2010-05-04 00:09 . 2009-12-23 08:15 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-03 14:31 . 2009-08-20 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-03 14:31 . 2006-04-19 18:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-03 05:39 . 2010-03-12 02:49 0 ----a-w- c:\windows\Xnulakecofezip.bin
2010-05-03 05:37 . 2010-05-03 05:37 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qvjsge.dat
2010-04-29 20:39 . 2009-12-19 02:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-12-19 02:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 16:54 . 2010-04-14 16:54 -------- d-----w- c:\documents and settings\Joel\Application Data\Avira
2010-03-26 19:41 . 2010-03-26 19:41 16 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-24 20:29 . 2008-10-05 00:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-24 20:29 . 2005-12-08 17:12 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-12 02:45 . 2010-03-12 02:45 20 ----a-w- c:\documents and settings\NetworkService\Application Data\glchvt.dat
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"CTAPR2"="c:\program files\Creative\SB WoW Wireless Headset\WoWAudioCP\CTAPR2.exe" [2009-11-11 65642]
"XFMC"="c:\downloads\Drivers\Creative\XFiMode_1.7_Build_22\XFiMode.exe" [2007-12-15 569344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2008-02-21 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
javaethc REG_SZ c:\windows\system32\AppShare.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\redlightcenter\\redlightcenter\\Redlightcenter.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15343\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15392\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15449\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15580\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15623\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9027:TCP"= 9027:TCP:BitComet 9027 TCP
"9027:UDP"= 9027:UDP:BitComet 9027 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3784:UDP"= 3784:UDP:Ventrilo
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1119:TCP"= 1119:TCP:Blizzard Downloader
"1120:TCP"= 1120:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"6115:TCP"= 6115:TCP:Blizzard Downloader
"6116:TCP"= 6116:TCP:Blizzard Downloader
"6117:TCP"= 6117:TCP:Blizzard Downloader
"6118:TCP"= 6118:TCP:Blizzard Downloader
"6119:TCP"= 6119:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/25/2009 3:43 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352320]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [8/23/2006 12:10 PM 31744]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 72728]
S0 ppcwod;ppcwod; [x]
S0 sptdNomore;sptdNomore;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S0 wzlwh;wzlwh; [x]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\VCdRom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/23/2009 3:15 AM 135336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/24/2010 3:30 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 72728]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [7/8/2006 6:37 AM 19020]
S3 UsbFltr;%SvcDisplayName%;c:\windows\system32\drivers\copperhd.sys [7/27/2006 4:00 PM 11596]
S3 WRFilt;WRFilt;c:\windows\system32\drivers\WRFilt.sys [5/14/2010 6:02 PM 2006784]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.blizzard.com/en-us/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: {E9F5B9DC-94CD-4531-B750-AEF4B636192A} = 151.164.14.201,151.164.1.8
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 01:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2B6EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9e14bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9e21a21
SendHandler -> NDIS.sys @ 0xb9dff87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-06 01:51:57
ComboFix-quarantined-files.txt 2010-06-06 06:51
ComboFix2.txt 2010-06-05 06:55
ComboFix3.txt 2010-05-04 01:36
ComboFix4.txt 2010-03-26 20:39
ComboFix5.txt 2010-06-06 06:32

Pre-Run: 34,785,259,520 bytes free
Post-Run: 34,770,169,856 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7362D4D4EC5F551D8E1BDF305CAA8221

Attached Files

  • Attached File  ark2.log   13.73KB   8 downloads

Edited by zeron2, 09 June 2010 - 10:36 PM.


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 10 June 2010 - 06:10 AM

Very well done. thumbup2.gif

Yes. The behavior you describe is not unexpected.

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (ioloSystemService)
    SRV - File not found [Disabled | Stopped] -- -- (ioloFileInfoList)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1123561945-1614895754-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [16 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
==========

excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

QUOTE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =

Driver::
ppcwod
wzlwh


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

===========

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

===========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
==========

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  • Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    CODE
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  • Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  • Open your c:\folder right-click on fixme.bat and select Run as Administrator. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.

==========

With your next post please provide:

* OTL fix log
* Combofix.txt
* MBAM log
* ESET log
* Mbr log
* What problems remain?
* How is your computer running now?

Kind regards,
~t

Edited by thcbytes, 10 June 2010 - 06:11 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 zeron2

zeron2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 10 June 2010 - 04:32 PM

I have done what you asked in the order you have advised. It seems my comp is running fine so far, this website wasnt going slow when entering text this time. My windows auto update was trying to install updates, but I have not allowed it to do so yet because I felt this would have to be done first before any other updates.

Is it possible after this is all done, to know the severity of my situation, and what were the symptoms I really had?

Thank you for your help thus far.


here are the logs:





All processes killed
========== OTL ==========
Service ioloSystemService stopped successfully!
Service ioloSystemService deleted successfully!
Service ioloFileInfoList stopped successfully!
Service ioloFileInfoList deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1123561945-1614895754-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1123561945-1614895754-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
C:\WINDOWS\005415_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\SET58.tmp deleted successfully.
C:\WINDOWS\System32\SET5A.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml1.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml2.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml3.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml4.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml5.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml6.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml6B.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml7.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml8.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml9.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xmlA.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xmlB.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xmlC.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xmlD.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xmlE.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xmlF.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297467 bytes
->Flash cache emptied: 1533 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Joel
->Temp folder emptied: 11238335 bytes
->Temporary Internet Files folder emptied: 47626308 bytes
->Java cache emptied: 19007 bytes
->Flash cache emptied: 28374 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 7123 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 199716711 bytes
->Flash cache emptied: 23340 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83043099 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 210834 bytes
RecycleBin emptied: 214903654 bytes

Total Files Cleaned = 531.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06102010_130320

Files\Folders moved on Reboot...
C:\Documents and Settings\Joel\Local Settings\Temporary Internet Files\Content.IE5\CC6OOIOK\iframe[1].htm moved successfully.
C:\Documents and Settings\Joel\Local Settings\Temporary Internet Files\Content.IE5\CC6OOIOK\index[5].htm moved successfully.

Registry entries deleted on Reboot...


---------

ComboFix 10-06-09.04 - Joel 06/10/2010 14:04:22.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1540 [GMT -5:00]
Running from: c:\documents and settings\Joel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joel\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PPCWOD
-------\Legacy_WZLWH
-------\Service_ppcwod
-------\Service_wzlwh


((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 18:03 . 2010-06-10 18:03 -------- d-----w- C:\_OTL
2010-06-08 04:07 . 2010-06-08 04:07 -------- d-----w- c:\program files\ESET
2010-06-04 10:36 . 2010-06-04 10:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 07:47 . 2010-06-02 07:47 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-22 00:48 . 2010-05-22 00:48 -------- d-----w- c:\program files\Koei
2010-05-17 07:08 . 2010-05-17 07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 02:47 . 2010-05-15 02:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-05-15 02:46 . 2010-05-15 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2010-05-15 02:46 . 2010-05-15 02:46 -------- d-----w- c:\program files\Amazon
2010-05-14 23:02 . 2009-12-09 21:47 2006784 ----a-w- c:\windows\system32\drivers\WRFilt.sys
2010-05-14 23:02 . 2009-10-21 03:27 1374 ----a-w- c:\windows\WRDef.reg
2010-05-14 23:02 . 2009-09-02 02:50 53248 ----a-w- c:\windows\WRDef.exe
2010-05-14 23:02 . 2007-07-16 20:50 782336 ----a-w- c:\windows\OALInst.exe
2010-05-13 21:53 . 2010-05-13 21:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 06:00 . 2006-04-19 18:25 -------- d-----w- c:\program files\World of Warcraft
2010-06-10 00:16 . 2001-08-17 13:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2010-06-09 07:20 . 2010-03-06 07:25 -------- d-----w- c:\program files\Steam
2010-06-08 04:57 . 2010-05-03 14:27 -------- d-----w- c:\program files\StarCraft II Beta
2010-06-07 02:30 . 2009-08-25 20:41 -------- d-----w- c:\program files\Lavasoft
2010-06-07 02:26 . 2008-08-23 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 05:58 . 2008-09-04 04:59 -------- d-----w- c:\program files\Driver Cleaner
2010-06-04 05:22 . 2008-10-20 03:04 -------- d-----w- c:\documents and settings\Joel\Application Data\IGN_DLM
2010-05-22 00:48 . 2006-04-19 07:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 20:11 . 2010-01-26 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-05-14 23:05 . 2007-08-23 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-05-14 23:02 . 2008-10-05 00:02 -------- d-----w- c:\program files\Creative
2010-05-14 03:04 . 2009-11-13 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-13 21:57 . 2006-04-19 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-12 04:07 . 2009-04-12 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-04 01:20 . 2010-03-12 02:49 120 ----a-w- c:\windows\Vdagijohap.dat
2010-05-04 00:09 . 2009-12-23 08:15 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-03 14:31 . 2009-08-20 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-03 14:31 . 2006-04-19 18:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-03 05:39 . 2010-03-12 02:49 0 ----a-w- c:\windows\Xnulakecofezip.bin
2010-05-03 05:37 . 2010-05-03 05:37 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qvjsge.dat
2010-04-29 20:39 . 2009-12-19 02:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-12-19 02:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 16:54 . 2010-04-14 16:54 -------- d-----w- c:\documents and settings\Joel\Application Data\Avira
2010-03-26 19:41 . 2010-03-26 19:41 16 ----a-w- c:\documents and settings\NetworkService\Application Data\jasltw.dat
2010-03-24 20:29 . 2008-10-05 00:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-24 20:29 . 2005-12-08 17:12 444952 ----a-w- c:\windows\system32\wrap_oal.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-06-05_06.53.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-17 13:57 . 2001-08-17 18:57 12160 c:\windows\system32\dllcache\fsvga.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"CTAPR2"="c:\program files\Creative\SB WoW Wireless Headset\WoWAudioCP\CTAPR2.exe" [2009-11-11 65642]
"XFMC"="c:\downloads\Drivers\Creative\XFiMode_1.7_Build_22\XFiMode.exe" [2007-12-15 569344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2008-02-21 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 15:28 282792 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
javaethc REG_SZ c:\windows\system32\AppShare.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\redlightcenter\\redlightcenter\\Redlightcenter.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15343\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15392\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15449\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15580\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15623\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15655\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9027:TCP"= 9027:TCP:BitComet 9027 TCP
"9027:UDP"= 9027:UDP:BitComet 9027 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3784:UDP"= 3784:UDP:Ventrilo
"6112:TCP"= 6112:TCP:Blizzard Downloader
"1119:TCP"= 1119:TCP:Blizzard Downloader
"1120:TCP"= 1120:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"6115:TCP"= 6115:TCP:Blizzard Downloader
"6116:TCP"= 6116:TCP:Blizzard Downloader
"6117:TCP"= 6117:TCP:Blizzard Downloader
"6118:TCP"= 6118:TCP:Blizzard Downloader
"6119:TCP"= 6119:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [8/23/2006 12:10 PM 31744]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 72728]
R3 WRFilt;WRFilt;c:\windows\system32\drivers\WRFilt.sys [5/14/2010 6:02 PM 2006784]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptdNomore;sptdNomore;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\VCdRom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/23/2009 3:15 AM 135336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/24/2010 3:30 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 72728]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [7/8/2006 6:37 AM 19020]
S3 UsbFltr;%SvcDisplayName%;c:\windows\system32\drivers\copperhd.sys [7/27/2006 4:00 PM 11596]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.blizzard.com/en-us/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: {E9F5B9DC-94CD-4531-B750-AEF4B636192A} = 151.164.14.201,151.164.1.8
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 14:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
.
**************************************************************************
.
Completion time: 2010-06-10 14:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 19:22
ComboFix2.txt 2010-06-05 06:55
ComboFix3.txt 2010-05-04 01:36
ComboFix4.txt 2010-03-26 20:39
ComboFix5.txt 2010-06-06 06:32

Pre-Run: 34,584,748,032 bytes free
Post-Run: 34,539,986,944 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D8C44B93F7CFDB51D6524F1A02F1A3FC


----------


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4187

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/10/2010 3:08:33 PM
mbam-log-2010-06-10 (15-08-33).txt

Scan type: Quick scan
Objects scanned: 132503
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



----------


ESETScan Log


C:\System Volume Information\_restore{D4298415-7918-4F12-A096-411C1213E032}\RP1\A0000053.sys Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{D4298415-7918-4F12-A096-411C1213E032}\RP1\A0000325.sys Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{D4298415-7918-4F12-A096-411C1213E032}\RP2\A0002356.sys Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{D4298415-7918-4F12-A096-411C1213E032}\RP2\A0003379.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined




----------



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 10 June 2010 - 08:46 PM

Hello,

Congratulations! You now appear clean!

**********

You had an infection with a TDL3 rootkit. Nasty little rootkit for sure!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

  • The following will implement some very important cleanup procedures as well as reset System Restore points.

**********
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    :Commands
    [CLEARALLRESTOREPOINTS]
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .


**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.

  1. Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  2. Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  3. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.


    Windows XP


    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  4. Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.

  5. Consider Firefox as your primary browser. Its safer, fast and secure!

  6. Install WOT. Never inadvertently surf to a dangerous website again.

  7. Consider running your browser Sandboxed with Sandboxie. You decide what actually get's into your OS!!

  8. Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  9. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.

**********

Good luck & safe surfing,
Kind Regards,
~ t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 zeron2

zeron2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 10 June 2010 - 10:35 PM

Thank you very much for your assistance. You're fast responses are very much appreciated. I am taking and applying your advise on preventive options. The question I have is, to install NoScript is not very clear. It says to drag and drop into my address bar, but it doesn't seem work. How do I actually install this?

My computer seems to be running fine, no issues as of yet.

Again thank you very much.

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 11 June 2010 - 07:09 AM

Your welcome. thumbup2.gif

What is you preferred browser? FF or IE? Based on this I will guide you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 zeron2

zeron2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 11 June 2010 - 03:11 PM

It is IE, really.


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 11 June 2010 - 03:45 PM

Alright. Firefox is much more secure and NoScript is a FF add-on. It is not compatible with IE.

For IE this comes the closest. thumbup2.gif
http://www.ie7pro.com/

Enjoy,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 zeron2

zeron2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 11 June 2010 - 08:35 PM

Again,

Thank you very much for all your help!



#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 11 June 2010 - 09:24 PM

You bet.

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users