Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Especially Persistent Results5 . Google + DNS resets NOT working


  • This topic is locked This topic is locked
17 replies to this topic

#1 1Desperado

1Desperado

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 30 June 2010 - 04:22 PM

I tried everything from using different scanners and combing the registry to resetting the router, changing DNS settings around, etc.
I experience a noticeable drop in the performance and DNS is always set to whatever DNS is put through the virus script - even if I change it
to automatic. Flushing DNS, etc did not do anything to change things. A few hidden processes were killed along the way but no success....very frustrating, please help!

Attached is the report from Rootkit Unhooker.

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:36 PM

Posted 04 July 2010 - 11:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 1Desperado

1Desperado
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 05 July 2010 - 12:29 AM

Hi, thanks for the response. I haven't had any luck resolving my issue.

My DNS settings are changed after every restart - I keep manually changing them to automatic.
Also, my traffic is hijacked to random sites from time to time; sometimes google5.results, etc flashes sometimes not.
There seems to be a drop in performance too.
Attached are the requested logs - thanks for your assistance!

The content of the DDS file (attach.txt + ark.txt attached):




DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 21:59:05.37 on Sun 07/04/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.174 [GMT -7:00]


============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\office\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254376964780
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 93.188.162.63,93.188.161.203
TCP: {1F8E3600-0DCB-4F83-9E9A-2D338CE93AC4} = 93.188.162.63,93.188.161.203
TCP: {E1216889-FE78-43D8-A0FB-0D110DECC11E} = 93.188.162.63,93.188.161.203
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ymo0v6uz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymo0v6uz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ymo0v6uz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader9\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2009-9-30 155392]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [2009-11-2 8576]
S3 Normandy;Normandy SR2; [x]

=============== Created Last 30 ================

2010-07-03 16:09:42 75021 ----a-w- c:\documents and settings\administrator\.recently-used.xbel
2010-07-02 01:36:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-01 22:41:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-01 22:39:53 874 ----a-w- c:\windows\wininit.ini
2010-06-30 20:46:14 64512 ----a-w- c:\windows\system32\ernel32.dll
2010-06-30 16:50:20 98816 ----a-w- c:\windows\sed.exe
2010-06-30 16:50:20 77312 ----a-w- c:\windows\MBR.exe
2010-06-30 16:50:20 256512 ----a-w- c:\windows\PEV.exe
2010-06-30 16:50:20 161792 ----a-w- c:\windows\SWREG.exe
2010-06-30 05:51:56 0 d-----w- c:\program files\CCleaner
2010-06-30 03:55:43 0 d-----w- C:\spoolerlogs
2010-06-30 03:48:25 0 d-----w- c:\program files\Spybot
2010-06-30 03:48:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-30 02:01:48 112 ----a-w- c:\docume~1\alluse~1\applic~1\32J721J.dat
2010-06-30 01:27:24 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-06-30 01:27:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-30 01:27:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 01:27:05 0 d-----w- c:\program files\Anti-Malware
2010-06-30 01:27:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-29 21:36:37 120 ----a-w- c:\windows\Icawidelujoli.dat
2010-06-29 21:36:37 0 ----a-w- c:\windows\Dmixece.bin
2010-06-29 21:31:45 64512 ----a-w- c:\docume~1\admini~1\applic~1\f10fb248.exe
2010-06-29 21:31:19 0 d-----w- c:\program files\GoldWave
2010-06-26 05:28:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-06-20 17:21:26 0 d-----w- c:\docume~1\admini~1\applic~1\LimeWire
2010-06-20 17:20:42 0 d-----w- c:\program files\LimeWire
2010-06-20 01:38:52 0 d-----w- c:\windows\system32\appmgmt
2010-06-16 21:51:25 0 d-----w- c:\program files\Photo Story 3 for Windows
2010-06-16 21:45:36 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-06-16 21:44:09 0 d-----w- c:\windows\RegisteredPackages

==================== Find3M ====================

2010-06-30 16:24:47 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

============= FINISH: 21:59:57.89 ===============

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 05 July 2010 - 11:38 AM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

==========

excl.gif P2P Warning excl.gif

Your log indicates that you have Bitcomet and Limewire installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall XXXXX, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

It appears you have run Combofix unsupervised.....this is ill advised!!

excl.gif This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! excl.gif

I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt

Please also do this...
  • Press the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Copy and past the following into the box
CODE
C:\Qoobox\ComboFix-quarantined-files.txt
  • Click ok
  • Copy and paste the report into this topic for me to review

==========

Right click and delete any copies of Combofix you might have...

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Reset TCP/IP Properties

First:

* Go to Start -> Control Panel -> Double click on Network Connections.
* Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.

* Select the General tab.
* Double click on Internet Protocol (TCP/IP).

Under General tab:

- Select "Obtain an IP address automatically".
- Select "Obtain DNS server address automatically".

* Click OK twice to save the settings.
* Reboot if you had to change any setting.

Next:

* Go to start > Run copy/paste the contents of the code box excluding "code" in the run box and click OK.

CODE
cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt&del log.txt

A command window opens. Wait until a log.txt file opens.

* Please copy/paste the log file in your reply.


===========

With your next post please provide:

* Prior Combofix.txt
* Qoobox log
* New Combofix.txt
* Internet Connection log
* How is your computer running

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 1Desperado

1Desperado
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 05 July 2010 - 05:41 PM

Hi ~t,

attached (and pasted) is the requested info:

* Prior Combofix.txt (hasn't been found - there are combofix log files 2,3,4 in the qoobox folder though)
* Qoobox log (attached)
* New Combofix.txt (attached)
* Internet Connection log (pasted)
* How is your computer running - it's running fine so far - the first time WITHOUT DNS settings being changed after restart! so I'm happy about that. thank you! the traffic doesn't seem to be hijacked so far.



Internet Connection Log:



Windows IP Configuration



Host Name . . . . . . . . . . . . : acer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : vf.shawcable.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : vf.shawcable.net

Description . . . . . . . . . . . : INPROCOMM IPN2220 Wireless LAN Card

Physical Address. . . . . . . . . : 00-0E-9B-8D-B9-B2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.67.169

213.109.73.170

1.1.1.1

Lease Obtained. . . . . . . . . . : Monday, July 05, 2010 3:15:40 PM

Lease Expires . . . . . . . . . . : Tuesday, July 06, 2010 3:15:40 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.67.169

Name: google.com
Addresses: 72.14.204.103, 72.14.204.104, 72.14.204.147, 72.14.204.99



Pinging google.com [72.14.204.99] with 32 bytes of data:



Reply from 72.14.204.99: bytes=32 time=79ms TTL=54

Reply from 72.14.204.99: bytes=32 time=84ms TTL=54



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 84ms, Average = 81ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e 9b 8d b9 b2 ...... INPROCOMM IPN2220 Wireless LAN Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 30
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 30
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 30
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None


Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 05 July 2010 - 10:00 PM

Hi,

Please copy and paste all logs. Do not attach them unless I instruct you to do so.

Your router is still hijacked.

Let's fix that!

==========

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    QUOTE
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
      • The option Obtain an IP address automatically should be checked.
      • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
      • The option Obtain an IP address automatically should be checked.
      • The option Obtain DNS server address automatically should be checked.
    • Click OK twice.
    • If you should change any setting reboot the computer.

    ==========

    Please run the following command on both the computers and post the logs.

    Go to start > Run copy/paste the following line in the run box and click OK.

    cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

    A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

    ==========

    excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

    4. Combofix might upload a few suspicious files. Please allow this!!

    QUOTE
    http://www.bleepingcomputer.com/forums/top...ml#entry1828972

    Collect::
    c:\windows\Icawidelujoli.dat
    c:\windows\Dmixece.bin

    FCopy::
    c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\system32\user32.dll
    c:\windows\ServicePackFiles\i386\user32.dll | c:\windows\$NtServicePackUninstall$\user32.dll
    c:\windows\ServicePackFiles\i386\ws2_32.dll | c:\windows\system32\ws2_32.dll
    c:\windows\ServicePackFiles\i386\ws2_32.dll | c:\windows\$NtServicePackUninstall$\ws2_32.dll
    c:\windows\ServicePackFiles\i386\ws2help.dll | c:\windows\system32\ws2help.dll
    c:\windows\ServicePackFiles\i386\ws2help.dll | c:\windows\$NtServicePackUninstall$\ws2help.dll


    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ==========

    I don't see an Anti Virus Program running on your machine
    • Download and install an antivirus program, and make sure that you keep it updated


      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

      Three good antivirus programs free for non-commercial home use are AVG, Avast! and Antivir
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Please download, install and run the program now. Copy and paste the logfile results in your next post.

    ==========

    Please rerun MBAM.

    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
      • Update Malwarebytes' Anti-Malware <--- Important!!
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

    ==========

    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
    4. Click on to download the ESET Smart Installer. Save it to your desktop.
    5. Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push

  • ===========


    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.


      Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All

    4. Copy and Paste the following code into the textbox. Do not include the word "Code"


      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    5. Push
    6. A report will open. Copy and Paste that report in your next reply.
    7. Two reports will open, copy and paste them in a reply here:
      • OTListIt.txt <-- Will be opened
      • Extra.txt <-- Will be minimized

    ==========

    With your next post please provide:

    * Internet connection log
    * Combofix.txt
    * New AV log.txt
    * MBAM log
    * ESET log
    * OTL.txt
    * Extra.txt

    Kind regards,
    ~t

    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #7 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 06 July 2010 - 01:18 AM

    Hmm...that's interesting about my router being still hijacked. I ran the whole diagnostic routine on a network that is not mine as I use a few different
    networks to connect throughout the day. I do not have access, privileges nor any business of being anywhere close to this current router. How do you
    know it's hijacked though? (is it possible my computer virus infiltrated it?); do I have to repeat the routine on all the networks I used / have access to?

    Also, I'd like to copy/paste logs straight into here; however, I get some message about the length of the post being too long - what am I doing wrong?

    Thanks!

    Edited by 1Desperado, 06 July 2010 - 01:19 AM.


    #8 thcbytes

    thcbytes

    • Malware Response Team
    • 14,790 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:36 PM

    Posted 06 July 2010 - 07:13 AM

    Hello, smile.gif

    The infection has changed your router settings. Fix the router as I have described and that problem is solved.

    From your Internet connection log
    QUOTE
    DNS Servers . . . . . . . . . . . : 213.109.67.169

    Russia!!

    ==========

    Break up the logs over several posts. Make absolutely certain the logs are complete though.

    Thanks,
    ~ t
    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #9 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 06 July 2010 - 06:31 PM

    Internet log and MBAM logs:



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : acer

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : vf.shawcable.net



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . : vf.shawcable.net

    Description . . . . . . . . . . . : INPROCOMM IPN2220 Wireless LAN Card

    Physical Address. . . . . . . . . : 00-0E-9B-8D-B9-B2

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.10

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 64.59.144.18

    64.59.144.19

    Lease Obtained. . . . . . . . . . : Tuesday, July 06, 2010 11:28:55 AM

    Lease Expires . . . . . . . . . . : Wednesday, July 07, 2010 11:28:55 AM



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

    Physical Address. . . . . . . . . : 00-0A-E4-13-E6-EF

    Server: pd1nsc3.st.vc.shawcable.net
    Address: 64.59.144.18

    Name: mwbyte.vo.llnwd.net
    Address: 69.164.22.253
    Aliases: mbam-cdn.malwarebytes.org



    Pinging mwbyte.vo.llnwd.net [69.164.22.253] with 32 bytes of data:



    Reply from 69.164.22.253: bytes=32 time=42ms TTL=59

    Reply from 69.164.22.253: bytes=32 time=16ms TTL=59



    Ping statistics for 69.164.22.253:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 16ms, Maximum = 42ms, Average = 29ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 0e 9b 8d b9 b2 ...... INPROCOMM IPN2220 Wireless LAN Card - Packet Scheduler Miniport
    0x3 ...00 0a e4 13 e6 ef ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 30
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 30
    192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 30
    192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 30
    224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 30
    255.255.255.255 255.255.255.255 192.168.1.10 3 1
    255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None


    =======================MBAM log:=====================================

    Attached is log from the 2nd run as on the first run, my log reporting was disabled - this was the only item in the 1st run:
    Malware.Trace (Registry Key), HKEY_CURRENT_USER\Software\QNB2EB90WX


    the second run:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4284

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    7/6/2010 12:06:57 PM
    mbam-log-2010-07-06 (12-06-57).txt

    Scan type: Quick scan
    Objects scanned: 130150
    Time elapsed: 5 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    #10 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 06 July 2010 - 06:34 PM

    ComboFix 10-07-04.04 - Administrator 07/06/2010 11:35:35.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.131 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    file zipped: c:\windows\Dmixece.bin
    file zipped: c:\windows\Icawidelujoli.dat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Dmixece.bin
    c:\windows\Icawidelujoli.dat

    .
    --------------- FCopy ---------------

    c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll
    c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\$NtServicePackUninstall$\user32.dll
    c:\windows\ServicePackFiles\i386\ws2_32.dll --> c:\windows\system32\ws2_32.dll
    c:\windows\ServicePackFiles\i386\ws2_32.dll --> c:\windows\$NtServicePackUninstall$\ws2_32.dll
    c:\windows\ServicePackFiles\i386\ws2help.dll --> c:\windows\system32\ws2help.dll
    c:\windows\ServicePackFiles\i386\ws2help.dll --> c:\windows\$NtServicePackUninstall$\ws2help.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
    .

    2010-07-05 21:48 . 2010-07-05 21:59 -------- d-----w- C:\thcbytes
    2010-07-02 01:36 . 2010-07-02 01:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-01 22:41 . 2010-07-01 22:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-06-30 05:51 . 2010-06-30 05:51 -------- d-----w- c:\program files\CCleaner
    2010-06-30 03:55 . 2010-06-30 03:55 -------- d-----w- C:\spoolerlogs
    2010-06-30 03:48 . 2010-06-30 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-06-30 03:48 . 2010-06-30 05:42 -------- d-----w- c:\program files\Spybot
    2010-06-30 01:27 . 2010-06-30 01:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-06-30 01:27 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-30 01:27 . 2010-06-30 01:27 -------- d-----w- c:\program files\Anti-Malware
    2010-06-30 01:27 . 2010-06-30 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-30 01:27 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-29 21:31 . 2010-06-29 21:59 -------- d-----w- c:\program files\GoldWave
    2010-06-26 05:28 . 2010-06-26 05:28 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
    2010-06-26 05:28 . 2010-06-26 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2010-06-23 17:03 . 2010-06-23 17:03 439816 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\setup3.10\setup.exe
    2010-06-16 21:51 . 2010-06-16 21:51 -------- d-----w- c:\program files\Photo Story 3 for Windows
    2010-06-16 21:45 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-06 16:20 . 2009-10-01 05:17 -------- d-----w- c:\program files\Firefox
    2010-07-05 07:33 . 2009-11-02 16:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
    2010-07-05 02:44 . 2009-11-26 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
    2010-07-04 22:17 . 2009-10-02 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
    2010-06-30 16:24 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2010-06-30 06:41 . 2010-04-26 01:16 -------- d-----w- c:\program files\Spring 1944
    2010-06-30 02:07 . 2010-06-30 02:01 112 ----a-w- c:\documents and settings\All Users\Application Data\32J721J.dat
    2010-06-29 23:59 . 2010-01-13 21:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
    2010-06-29 03:53 . 2010-04-08 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitComet
    2010-06-27 02:47 . 2010-06-20 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
    2010-06-26 21:47 . 2009-10-01 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-23 22:01 . 2010-02-24 07:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
    2010-06-20 01:38 . 2010-03-15 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2010-06-16 21:56 . 2009-10-01 07:07 26000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-13 05:36 . 2009-10-21 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
    2010-05-26 01:43 . 2010-05-26 01:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Kernel Ost to Pst (Evaluation Version)
    2010-05-25 23:05 . 2010-05-25 22:37 -------- d-----w- c:\program files\SIPClient
    2010-05-25 22:37 . 2009-11-16 03:20 -------- d-----w- c:\program files\SIPHello
    2010-05-24 05:07 . 2010-05-24 05:07 -------- d-----w- c:\program files\Microsoft Silverlight
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-06-30_17.32.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2001-08-23 12:00 . 2004-08-04 07:56 19968 c:\windows\system32\dllcache\ws2help.dll
    + 2001-08-23 12:00 . 2004-08-04 07:56 82944 c:\windows\system32\dllcache\ws2_32.dll
    + 2009-10-01 06:45 . 2004-08-04 07:56 19968 c:\windows\$NtServicePackUninstall$\ws2help.dll
    + 2009-10-01 06:45 . 2004-08-04 07:56 82944 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    + 2001-08-23 12:00 . 2004-08-04 07:56 577024 c:\windows\system32\dllcache\user32.dll
    + 2009-10-01 06:45 . 2004-08-04 07:56 577024 c:\windows\$NtServicePackUninstall$\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Irmon"=2 (0x2)
    "ACDaemon"=2 (0x2)
    "wscsvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18776:TCP"= 18776:TCP:BitComet 18776 TCP
    "18776:UDP"= 18776:UDP:BitComet 18776 UDP

    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [9/30/2009 10:36 PM 155392]
    S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [11/2/2009 1:39 PM 8576]
    S3 Normandy;Normandy SR2; [x]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\Office\OFFICE11\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymo0v6uz.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymo0v6uz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymo0v6uz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\Adobe\Reader9\Reader\browser\nppdf32.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-06 11:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-07-06 11:42:02
    ComboFix-quarantined-files.txt 2010-07-06 18:41
    ComboFix2.txt 2010-06-30 20:34
    ComboFix3.txt 2010-06-30 20:21
    ComboFix4.txt 2010-06-30 17:36

    Pre-Run: 32,926,420,992 bytes free
    Post-Run: 32,915,132,416 bytes free

    - - End Of File - - AB98BDF215E29A9633C3C8C3DD52A5DD
    Upload was successful


    #11 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 06 July 2010 - 06:35 PM

    ESET Scan:

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentsvc.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\f10fb248.exe.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\Imizea.exe.vir a variant of Win32/Kryptik.FEP trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ws2help.dll.vir Win32/Patched.FC trojan deleted (after the next restart) - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ws2_32.dll.vir Win32/Patched.FC trojan deleted (after the next restart) - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\17i317.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\17oCE7.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\3179aA79.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\31yW3u79.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\3eIQGMYW.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\5555i.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\5eIQ5.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\5u555.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\79k1y9c.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\7wSK7yW.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\9317uOC79.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\9yW7uOC79.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\a5555.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\A79eIQ.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\aA3k793.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\aAAA7k3.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\aAAAAAA.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\CEI55.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\eIQ793oC9.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\I5qG5.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\I9q17cE.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\k9yWSKU.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\m5555.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\S5e55.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\U793a7.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\W9u17i3.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\w9u17iQ.dll.vir a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000008.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000013.exe a variant of Win32/Kryptik.FEP trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000014.exe a variant of Win32/Kryptik.FEP trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000018.dll a variant of Win32/Cimag.CK trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000277.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000285.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0000295.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0001296.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0002295.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP0\A0002302.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002328.exe a variant of Win32/Kryptik.FEP trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002329.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002330.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002331.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002332.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002333.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002334.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002335.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002336.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002337.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002338.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002443.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002618.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002623.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP1\A0002628.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP2\A0002693.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP2\A0002710.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP2\A0002715.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP2\A0002720.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP2\A0002731.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP3\A0002742.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP3\A0002766.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP3\A0002787.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP3\A0002795.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP3\A0002818.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002836.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002852.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002883.exe a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002884.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002885.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002886.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002887.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002888.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002889.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002890.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002891.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002892.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002893.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002894.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002895.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002896.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002897.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0002898.dll a variant of Win32/Kryptik.FGR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0003006.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan deleted - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0003017.dll Win32/Patched.FC trojan deleted - quarantined
    C:\System Volume Information\_restore{BCBA4EB9-21A5-4D17-9E35-DBAD0B6840A2}\RP4\A0003018.dll Win32/Patched.FC trojan deleted - quarantined


    #12 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 06 July 2010 - 06:37 PM

    OTL logfile created on: 7/6/2010 2:15:42 PM - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    447.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 38.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 30.60 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ACER
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/07/06 10:08:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2009/08/24 13:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
    PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/08/06 13:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office\OFFICE11\WINWORD.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/07/06 10:08:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
    SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (PCIIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Normandy)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
    DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
    DRV - [2010/06/30 09:24:47 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2006/02/23 23:03:42 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KProcWatch.sys -- (KProcWatch)
    DRV - [2004/11/04 18:29:38 | 000,155,392 | ---- | M] (Inprocomm, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i2220ntx.sys -- (IPN2220)
    DRV - [2004/08/09 18:48:10 | 000,160,640 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
    DRV - [2004/08/04 01:01:10 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2004/08/04 01:01:08 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2004/08/04 01:01:08 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
    DRV - [2004/08/03 23:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
    DRV - [2004/08/03 23:20:08 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2004/08/03 23:15:54 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2004/08/03 23:15:22 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\System32\drivers\mup.sys -- (Mup)
    DRV - [2004/08/03 23:15:18 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\windows\System32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2004/08/03 23:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2004/08/03 23:14:46 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
    DRV - [2004/08/03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2004/08/03 23:14:32 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\ndis.sys -- (NDIS)
    DRV - [2004/08/03 23:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2004/08/03 23:14:28 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2004/08/03 23:14:24 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2004/08/03 23:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\windows\System32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2004/08/03 23:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\afd.sys -- (AFD)
    DRV - [2004/08/03 23:14:12 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\windows\System32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2004/08/03 23:10:10 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\ohci1394.sys -- (ohci1394)
    DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
    DRV - [2004/08/03 23:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2004/08/03 23:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
    DRV - [2004/08/03 23:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2004/08/03 23:08:06 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\modem.sys -- (Modem)
    DRV - [2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2004/08/03 23:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2004/08/03 23:07:48 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\pcmcia.sys -- (Pcmcia)
    DRV - [2004/08/03 23:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\pci.sys -- (PCI)
    DRV - [2004/08/03 23:07:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
    DRV - [2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
    DRV - [2004/08/03 23:07:40 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
    DRV - [2004/08/03 23:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\ACPI.sys -- (ACPI)
    DRV - [2004/08/03 23:07:18 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2004/08/03 23:07:18 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\windows\System32\drivers\dmio.sys -- (dmio)
    DRV - [2004/08/03 23:07:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2004/08/03 23:06:26 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\System32\DRIVERS\sr.sys -- (sr)
    DRV - [2004/08/03 23:05:08 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2004/08/03 23:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2004/08/03 23:04:58 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2004/08/03 23:04:52 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2004/08/03 23:04:46 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2004/08/03 23:04:20 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
    DRV - [2004/08/03 23:04:14 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2004/08/03 23:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2004/08/03 23:03:14 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2004/08/03 23:01:20 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2004/08/03 23:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
    DRV - [2004/08/03 23:00:58 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2004/08/03 23:00:54 | 000,087,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda)
    DRV - [2004/08/03 23:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
    DRV - [2004/08/03 23:00:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2004/08/03 23:00:44 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\npfs.sys -- (Npfs)
    DRV - [2004/08/03 23:00:42 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\msfs.sys -- (Msfs)
    DRV - [2004/08/03 23:00:32 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\windows\System32\drivers\udfs.sys -- (Udfs)
    DRV - [2004/08/03 23:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2004/08/03 23:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2004/08/03 23:00:14 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
    DRV - [2004/08/03 23:00:08 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
    DRV - [2004/08/03 22:59:58 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP)
    DRV - [2004/08/03 22:59:58 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge)
    DRV - [2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\disk.sys -- (Disk)
    DRV - [2004/08/03 22:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\sfloppy.sys -- (Sfloppy)
    DRV - [2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2004/08/03 22:59:48 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2004/08/03 22:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
    DRV - [2004/08/03 22:59:28 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\fdc.sys -- (Fdc)
    DRV - [2004/08/03 22:59:28 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2004/08/03 22:59:18 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
    DRV - [2004/08/03 22:59:08 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
    DRV - [2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2004/08/03 22:58:42 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
    DRV - [2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2004/08/03 22:58:34 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
    DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2004/08/03 22:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2004/08/03 22:58:32 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2004/08/03 22:58:30 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
    DRV - [2004/08/03 22:58:30 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
    DRV - [2004/08/03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
    DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/05/07 10:44:54 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2004/03/17 15:22:58 | 000,117,248 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
    DRV - [2003/07/29 15:43:44 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2003/07/25 11:22:52 | 001,196,460 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2003/07/02 04:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2003/07/01 12:29:10 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2003/07/01 12:28:46 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
    DRV - [2001/10/18 12:00:00 | 000,006,144 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\viaidexp.sys -- (ViaIde)
    DRV - [2001/08/23 05:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
    DRV - [2001/08/23 05:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2001/08/23 05:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\fips.sys -- (Fips)
    DRV - [2001/08/23 05:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2001/08/23 05:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2001/08/23 05:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2001/08/23 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2001/08/23 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\cdaudio.sys -- (Cdaudio)
    DRV - [2001/08/23 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2001/08/23 05:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2001/08/23 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2001/08/23 05:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2001/08/23 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\ACPIEC.sys -- (ACPIEC)
    DRV - [2001/08/23 05:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2001/08/23 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2001/08/23 05:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\windows\System32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2001/08/23 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\dmload.sys -- (dmload)
    DRV - [2001/08/23 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2001/08/23 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2001/08/23 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\beep.sys -- (Beep)
    DRV - [2001/08/23 05:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\null.sys -- (Null)
    DRV - [2001/08/17 15:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2001/08/17 14:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
    DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
    DRV - [2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\isapnp.sys -- (isapnp)
    DRV - [2001/08/17 06:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
    DRV - [2001/08/17 06:58:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\compbatt.sys -- (Compbatt)
    DRV - [2001/08/17 06:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)
    DRV - [2001/08/17 05:13:08 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/13 18:06:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Firefox\components [2009/12/01 13:26:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Firefox\plugins [2009/12/01 13:27:02 | 000,000,000 | ---D | M]

    [2010/06/20 10:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/09/30 22:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2010/06/20 10:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/06/29 23:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymo0v6uz.default\extensions
    [2010/04/06 13:04:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymo0v6uz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/01/13 14:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ymo0v6uz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

    O1 HOSTS File: ([2010/07/06 11:39:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1254376964780 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/30 22:03:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\windows\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - Services: "Irmon"
    MsConfig - Services: "ACDaemon"
    MsConfig - Services: "wscsvc"
    MsConfig - Services: "JavaQuickStarterService"
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 1

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/06 12:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/07/06 11:46:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/06 11:42:41 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2010/07/06 11:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Logs
    [2010/07/06 10:08:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/05 14:48:25 | 000,000,000 | ---D | C] -- C:\thcbytes
    [2010/07/05 00:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AnaBday
    [2010/07/03 11:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\pix
    [2010/06/30 09:50:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2010/06/30 09:50:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2010/06/30 09:50:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2010/06/30 09:50:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2010/06/30 09:50:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2010/06/30 09:49:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/30 09:22:20 | 001,015,120 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2010/06/29 22:55:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2010/06/29 22:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/06/29 20:55:43 | 000,000,000 | ---D | C] -- C:\spoolerlogs
    [2010/06/29 20:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
    [2010/06/29 20:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/06/29 18:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/06/29 18:27:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
    [2010/06/29 18:27:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2010/06/29 18:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/06/29 18:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Malware
    [2010/06/29 14:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/06/29 14:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/06/29 14:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
    [2010/06/28 11:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LunchMP3
    [2010/06/25 22:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
    [2010/06/20 10:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
    [2010/06/20 10:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
    [2010/06/20 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
    [2010/06/19 22:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pptOverflow
    [2010/06/19 18:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PPT
    [2010/06/19 18:38:52 | 000,000,000 | ---D | C] -- C:\windows\System32\appmgmt
    [2010/06/16 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows
    [2010/06/16 14:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/06/16 14:44:09 | 000,000,000 | ---D | C] -- C:\windows\RegisteredPackages
    [2010/06/12 22:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Luba
    [2010/06/08 11:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\tata
    [2010/06/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\whole_bckup_look_for_duplicates
    [3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/07/06 12:16:13 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2010/07/06 12:12:21 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
    [2010/07/06 11:42:04 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
    [2010/07/06 11:40:06 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
    [2010/07/06 11:39:57 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2010/07/06 10:55:53 | 000,141,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\topic328262.html
    [2010/07/06 10:10:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$ktavy_CV_Terasen_.doc
    [2010/07/06 10:08:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/06 09:19:57 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
    [2010/07/06 01:27:52 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/07/06 01:27:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/07/05 23:52:20 | 000,039,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ZM1.jpg
    [2010/07/05 23:51:11 | 000,012,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ZMd.jpg
    [2010/07/05 22:57:18 | 005,353,228 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2010/07/05 14:47:32 | 003,726,382 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe.exe
    [2010/07/05 00:52:19 | 000,082,233 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
    [2010/07/04 23:24:41 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV___.doc
    [2010/07/03 13:13:37 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\theMenu.doc
    [2010/07/03 12:13:57 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/03 11:25:28 | 023,442,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WeddingPPT.wmv
    [2010/07/03 11:11:56 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
    [2010/07/01 18:36:22 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
    [2010/07/01 18:17:28 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\contacts.xls
    [2010/07/01 16:13:33 | 000,000,119 | ---- | M] () -- C:\windows\win.ini
    [2010/07/01 15:41:30 | 000,000,552 | ---- | M] () -- C:\windows\System32\d3d8caps.dat
    [2010/07/01 15:39:56 | 000,000,874 | ---- | M] () -- C:\windows\wininit.ini
    [2010/06/30 13:52:19 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
    [2010/06/30 09:29:00 | 001,015,120 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2010/06/29 22:07:56 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Terasen_.doc
    [2010/06/29 22:01:54 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_InvestmentBanking.doc
    [2010/06/29 20:48:31 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/06/29 19:07:04 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\32J721J.dat
    [2010/06/29 18:27:10 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/06/29 11:05:11 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_SNC_Lavalin.doc
    [2010/06/28 12:32:54 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_ElasticPath.doc
    [2010/06/28 12:20:35 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_ACL.doc
    [2010/06/28 09:50:49 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Panabode_SalesMktingMgr.doc
    [2010/06/27 13:56:34 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Dinos.doc
    [2010/06/27 13:19:28 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_MinOfEnvironmentON_ProgOfficer.doc
    [2010/06/24 09:52:54 | 001,400,366 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\IMG_2951.JPG
    [2010/06/21 22:55:37 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_GlobalMarketingDir.doc
    [2010/06/21 18:51:27 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_AMEX_BizDev.doc
    [2010/06/21 18:40:48 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_ThomasCook.doc
    [2010/06/21 13:41:08 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_PM.doc
    [2010/06/21 13:23:23 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_.doc
    [2010/06/21 12:46:58 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_OpsMgr_Legal.doc
    [2010/06/21 11:27:03 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_DirofDev_DrPeter.doc
    [2010/06/20 14:51:55 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.9.lnk
    [2010/06/19 15:47:57 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MK_MLCorp_EarnInAgreement (20100719).doc
    [2010/06/16 14:56:34 | 000,026,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/06/16 14:46:29 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/06/16 14:45:31 | 000,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
    [2010/06/16 14:45:31 | 000,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
    [2010/06/16 14:44:50 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
    [2010/06/13 21:01:51 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ReferencesMK_June2010.doc
    [2010/06/10 15:39:12 | 000,026,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Libart.pdf
    [2010/06/10 15:37:54 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Libart.doc
    [2010/06/09 21:49:31 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_PwC.doc
    [2010/06/08 22:17:07 | 000,040,808 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Holeys_IntlBusDevMgr.pdf
    [3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/06 12:11:50 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
    [2010/07/06 11:29:26 | 000,003,349 | ---- | C] () -- C:\Documents and Settings\Administrator\log.txt
    [2010/07/06 10:55:51 | 000,141,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\topic328262.html
    [2010/07/06 10:10:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$ktavy_CV_Terasen_.doc
    [2010/07/05 23:52:19 | 000,039,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ZM1.jpg
    [2010/07/05 23:51:09 | 000,012,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ZMd.jpg
    [2010/07/05 14:47:05 | 003,726,382 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe.exe
    [2010/07/05 00:52:19 | 000,082,233 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
    [2010/07/04 23:24:40 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV___.doc
    [2010/07/03 12:09:44 | 045,111,366 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\100_0212.MOV
    [2010/07/03 12:07:51 | 031,716,265 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\100_0213.MOV
    [2010/07/03 11:51:40 | 000,081,751 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Stara Lubovna castle.jpg
    [2010/07/01 18:36:22 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
    [2010/07/01 18:17:28 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\contacts.xls
    [2010/07/01 15:41:30 | 000,000,552 | ---- | C] () -- C:\windows\System32\d3d8caps.dat
    [2010/07/01 15:39:53 | 000,000,874 | ---- | C] () -- C:\windows\wininit.ini
    [2010/06/30 13:52:18 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
    [2010/06/30 09:50:20 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2010/06/30 09:50:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2010/06/30 09:50:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2010/06/30 09:50:20 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
    [2010/06/30 09:50:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2010/06/29 22:07:56 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Terasen_.doc
    [2010/06/29 20:48:31 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/06/29 19:01:48 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\32J721J.dat
    [2010/06/29 18:27:10 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/06/29 15:20:36 | 023,442,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WeddingPPT.wmv
    [2010/06/29 11:04:14 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_SNC_Lavalin.doc
    [2010/06/28 17:36:40 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\theMenu.doc
    [2010/06/28 12:32:53 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_ElasticPath.doc
    [2010/06/28 12:20:15 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_ACL.doc
    [2010/06/28 09:49:02 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Panabode_SalesMktingMgr.doc
    [2010/06/27 13:56:34 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Dinos.doc
    [2010/06/27 13:19:27 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_MinOfEnvironmentON_ProgOfficer.doc
    [2010/06/24 09:52:50 | 001,400,366 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\IMG_2951.JPG
    [2010/06/21 22:48:06 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_GlobalMarketingDir.doc
    [2010/06/21 18:51:26 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_AMEX_BizDev.doc
    [2010/06/21 18:39:34 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_ThomasCook.doc
    [2010/06/21 13:59:28 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_InvestmentBanking.doc
    [2010/06/21 13:41:07 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_TO_PM.doc
    [2010/06/21 12:36:17 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_OpsMgr_Legal.doc
    [2010/06/21 11:27:03 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_DirofDev_DrPeter.doc
    [2010/06/20 14:51:55 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.9.lnk
    [2010/06/19 13:34:59 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MK_MLCorp_EarnInAgreement (20100719).doc
    [2010/06/18 20:22:50 | 007,755,904 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\PrecisionNutritionStrategies.pdf
    [2010/06/13 20:59:04 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ReferencesMK_June2010.doc
    [2010/06/10 15:35:12 | 000,026,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Libart.pdf
    [2010/06/10 15:33:42 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Libart.doc
    [2010/06/09 21:49:16 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_PwC.doc
    [2010/06/08 22:17:07 | 000,040,808 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_Holeys_IntlBusDevMgr.pdf
    [2010/06/08 21:03:09 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Kiktavy_CV_.doc
    [2010/04/29 22:46:57 | 000,000,719 | R--- | C] () -- C:\windows\System32\InstExec.ini
    [2009/11/02 13:39:37 | 000,008,576 | ---- | C] () -- C:\windows\System32\drivers\KProcWatch.sys
    [2009/10/01 08:32:30 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2009/09/30 23:55:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll
    [2009/09/30 22:47:28 | 000,077,824 | ---- | C] () -- C:\windows\System32\SynTPCoI.dll
    [2009/09/30 22:30:31 | 000,036,864 | ---- | C] () -- C:\windows\System32\UnAudioNT.dll
    [2003/07/29 16:03:48 | 000,073,728 | ---- | C] () -- C:\windows\System32\btsendto_ie.dll
    [2003/07/29 16:02:50 | 000,065,536 | ---- | C] () -- C:\windows\System32\btsendto_wab.dll
    [2003/07/29 15:56:42 | 000,065,536 | ---- | C] () -- C:\windows\System32\btprn2k.dll
    [2003/07/01 12:29:10 | 000,022,183 | ---- | C] () -- C:\windows\System32\drivers\btserial.sys
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
    [2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\windows\System32\BTNeighborhood.dll.manifest
    [2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\windows\System32\btcss.dll.manifest
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
    [2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\windows\System32\drivers\secdrv.sys

    ========== Custom Scans ==========


    < %ALLUSERSPROFILE%\Application Data\*. >
    [2009/10/04 15:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/01/12 14:30:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
    [2010/06/25 22:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
    [2010/06/29 18:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/12/04 14:09:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2009/12/01 13:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
    [2009/10/01 21:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2010/06/30 13:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/06/16 14:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/06/19 18:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/11/21 11:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >
    [2010/01/12 14:30:19 | 002,380,538 | ---- | M] (ArcSoft Inc. ) -- C:\Documents and Settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
    [2009/11/10 15:39:00 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

    < %APPDATA%\*. >
    [2009/11/06 20:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
    [2010/01/12 14:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
    [2010/06/28 20:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitComet
    [2010/06/23 15:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
    [2009/12/04 14:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeFLVConverter
    [2009/09/30 22:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
    [2010/07/05 00:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
    [2009/09/30 22:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
    [2010/05/25 18:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kernel Ost to Pst (Evaluation Version)
    [2010/06/26 19:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
    [2009/09/30 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2010/06/29 18:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/04/18 18:37:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
    [2010/03/03 17:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Millennia
    [2009/09/30 22:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2010/02/06 23:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
    [2010/06/29 16:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
    [2010/03/02 22:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
    [2010/07/06 14:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
    [2010/04/09 22:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\skypePM
    [2009/10/13 18:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
    [2010/06/12 22:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
    [2010/07/04 19:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
    [2009/10/19 20:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
    [2010/04/02 12:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinWay
    [2009/11/21 12:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!

    < %APPDATA%\*.exe /s >
    [2010/06/20 10:21:48 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    [2010/06/20 10:21:49 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe
    [2010/06/20 10:21:49 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    [2010/06/20 10:21:49 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    [2010/06/20 10:21:49 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    [2010/06/20 10:21:49 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    [2010/06/20 10:21:49 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    [2010/06/20 10:21:51 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    [2010/06/20 10:21:51 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    [2010/06/23 10:03:35 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Real\Update\setup3.10\setup.exe

    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2001/08/23 05:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2001/08/23 05:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
    [2001/08/23 05:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
    [2001/08/23 05:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2001/08/23 05:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    < MD5 for: USERINIT.EXE >
    [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
    [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
    [2001/08/23 05:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009/09/30 14:51:03 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/09/30 14:51:03 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/09/30 14:51:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

    < %systemroot%\system32\drivers\*.sys /90 >
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    [2010/06/30 09:24:47 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
    < End of report >


    #13 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 06 July 2010 - 06:39 PM

    OTL Extras logfile created on: 7/6/2010 2:15:42 PM - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    447.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 38.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 30.60 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ACER
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "18776:TCP" = 18776:TCP:*:Enabled:BitComet 18776 TCP
    "18776:UDP" = 18776:UDP:*:Enabled:BitComet 18776 UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
    "C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4820DD99-52D1-42BB-927E-B6B6DF231AF5}" = acer Wireless LAN
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C19F391-A225-4F32-8681-EDB8AFE6E436}" = ML-1200 Series
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D782EC1-98B7-4EE3-979D-66CAD9DF9D31}" = StudioTax 2009
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
    "{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}" = WinWay Resume Deluxe
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "BitComet" = BitComet 1.20
    "BlockOut II_is1" = BlockOut 2.4
    "CCleaner" = CCleaner
    "ESET Online Scanner" = ESET Online Scanner v3
    "Free FLV Converter_is1" = Free FLV Converter V 6.7.4
    "Free Video Dub_is1" = Free Video Dub version 1.4
    "Free YouTube Download_is1" = Free YouTube Download 2.3
    "GoldWave v5.57" = GoldWave v5.57
    "Hidden Finder_is1" = Hidden Finder 1.5.6
    "LegacyChart7_is1" = Legacy Charting 7.0
    "LimeWire" = LimeWire 5.5.9
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
    "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
    "RealPlayer 12.0" = RealPlayer
    "S3" = UniChrome Pro IGP Display Driver and Utilities
    "SIPClient" = SIPClient 0.9.64 B080506
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "The KMPlayer" = The KMPlayer (remove only)
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
    "VLC media player" = VLC media player 1.0.3
    "VTConfig3D" = S3 S3Config3D
    "VTDisplay" = S3 S3Display
    "VTGamma2" = S3 S3Gamma2
    "VTInfo2" = S3 S3Info2
    "VTOverlay" = S3 S3Overlay
    "VTRefreshLock" = S3 S3RefreshLock
    "VTTrayPlus" = S3 S3TrayPlus
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "WinGimp-2.0_is1" = GIMP 2.6.7
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "X-Lite 1.5_is1" = X-Lite 3.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2010 4:53:11 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

    Error - 7/2/2010 12:13:57 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module unknown, version 0.0.0.0, fault address 0x76d66141.

    Error - 7/2/2010 12:53:43 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module unknown, version 0.0.0.0, fault address 0x76d66141.

    Error - 7/2/2010 12:53:50 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

    Error - 7/3/2010 11:41:08 AM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module iphlpapi.dll, version 5.1.2600.2180, fault address 0x00006141.

    Error - 7/3/2010 11:41:17 AM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

    Error - 7/5/2010 12:49:24 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module unknown, version 0.0.0.0, fault address 0x76d66141.

    Error - 7/5/2010 4:11:31 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module , version 0.0.0.0, fault address 0x00000000.

    Error - 7/5/2010 4:11:49 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

    Error - 7/5/2010 5:38:19 PM | Computer Name = ACER | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module unknown, version 0.0.0.0, fault address 0x76d66141.

    [ System Events ]
    Error - 7/1/2010 5:39:28 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AmdK8 Fips

    Error - 7/1/2010 10:01:54 PM | Computer Name = ACER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 7/2/2010 12:22:53 PM | Computer Name = ACER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 7/2/2010 12:24:10 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AmdK8 Fips

    Error - 7/2/2010 12:52:22 PM | Computer Name = ACER | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 7/3/2010 11:40:09 AM | Computer Name = ACER | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 000E9B8DB9B2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 7/4/2010 3:35:14 PM | Computer Name = ACER | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 000E9B8DB9B2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 7/5/2010 5:37:52 PM | Computer Name = ACER | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.3 for the Network Card with network
    address 000E9B8DB9B2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 7/6/2010 1:58:28 AM | Computer Name = ACER | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.101 for the Network Card with network
    address 000E9B8DB9B2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 7/6/2010 12:20:04 PM | Computer Name = ACER | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.101 for the Network Card with network
    address 000E9B8DB9B2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >


    #14 thcbytes

    thcbytes

    • Malware Response Team
    • 14,790 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:09:36 PM

    Posted 06 July 2010 - 09:50 PM

    Looks great thumbup.gif

    Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 20 (JDK or JRE)".
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
    • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

    ==========

    How is your computer running? Any further troubles?

    Kind regards,
    ~ t
    Proud member - Unified Network of Instructors and Trained Eliminators
    Posted Image

    I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

    http://donatelife.net/register-now/

    #15 1Desperado

    1Desperado
    • Topic Starter

    • Members
    • 32 posts
    • OFFLINE
    •  
    • Local time:09:36 PM

    Posted 07 July 2010 - 10:47 AM

    Hi ~t!,

    thanks SO much for your guidance! I really appreciate it.
    Overall, things are good with the computer so far - however, when I was trying to install AVG yesterday, I got a "blue death of screen" - never
    happened on this computer before. So I restarted the install, everything went through BUT when finished the icon was in the tray and everything
    but all the menus, etc had just question marks and there wasn't anything I could do with it so I removed it. Then I tried ESET. That basically killed
    the performance of my computer - first scan did only 33% of the computer within 1h15min and everything overall was slow that I had to take it out.
    I didn't try antivir yet...Any suggestions though?

    p.s. don't just ask for the organ donations, ask for the blood - been saved by it, and it's easy to give.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users