Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp theme missing... classic only


  • This topic is locked This topic is locked
38 replies to this topic

#1 joey v

joey v

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 04 July 2010 - 07:25 PM

I was an idiot and acquired a pretty nasty virus a week ago. I thought i had gotten rid of it.

Now I'm thinking maybe not... my XP theme is missing, and only classic exists. Also, I can't seem to hear sound out of any videos/audio that I play (although I can still hear the windows alerts).

My friend said the "classic" theme is weaker than the xp theme, so I probably still have some remnants of the virus.

Here's my hijackthis log. Suggestions?

QUOTE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:13 PM, on 7/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Street-Ads Browser Enhancer ofmnt - {E78FE8AD-96B6-415C-B971-115C53CAE396} - C:\WINDOWS\system32\ofmnt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [skb] rundll32 "sfmnt.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\jfmnt.exe
O4 - HKLM\..\Run: [Flage] rundll32.exe "C:\WINDOWS\avazuzesesuzu.dll",Startup
O4 - HKCU\..\Run: [Jgozebufebo] rundll32.exe "C:\WINDOWS\c40MSte.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BDARemote.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189986695591
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static1.meetupstatic.com/applet/Mee...ader_200909.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C24D209-BDD7-4DD7-9762-96CB956D807C}: NameServer = 93.188.163.16,93.188.161.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.16,93.188.161.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.16,93.188.161.200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Indexing Service cisvcWmiApSrv (cisvcWmiApSrv) - Unknown owner - .exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Event Log EventlogCryptSvc (EventlogCryptSvc) - Unknown owner - .exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Display Driver Service NVSvcCryptSvc (NVSvcCryptSvc) - Unknown owner - .exe (file missing)
O23 - Service: Plug and Play PlugPlayWmi (PlugPlayWmi) - Unknown owner - .exe (file missing)
O23 - Service: IPSEC Services PolicyAgentWmdmPmSN (PolicyAgentWmdmPmSN) - Unknown owner - .exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Uninterruptible Power Supply UPSSysmonLog (UPSSysmonLog) - Unknown owner - .exe (file missing)

--
End of file - 10041 bytes

Edited by Budapest, 04 July 2010 - 07:26 PM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:58 PM

Posted 04 July 2010 - 09:11 PM

Hi

welcome.gif

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    netsvcs
    set /c
    %SYSTEMDRIVE%\*.*
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 July 2010 - 01:27 PM

Thanks! :)

first

QUOTE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2010 1:59:13 PM
mbam-log-2010-07-05 (13-59-13).txt

Scan type: Quick scan
Objects scanned: 134228
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 9
Folders Infected: 4
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_MSI (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows MSI (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.16,93.188.161.200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2c24d209-bdd7-4dd7-9762-96cb956d807c}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.16,93.188.161.200 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AntiSpywareXP2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\data (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\qyxiz.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\Application Data\exicoqodeb.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.AntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\joey v\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


Edited by joey v, 05 July 2010 - 01:34 PM.


#4 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 July 2010 - 01:36 PM

second

QUOTE
OTL logfile created on: 7/5/2010 2:13:10 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\joey v\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.09 Gb Total Space | 4.60 Gb Free Space | 22.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 212.79 Gb Total Space | 181.05 Gb Free Space | 85.08% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 183.30 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 69.37 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive H: | 10.06 Gb Total Space | 4.90 Gb Free Space | 48.72% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 12.73 Gb Total Space | 12.67 Gb Free Space | 99.50% Space Free | Partition Type: NTFS

Computer Name: JOEYV
Current User Name: joey v
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
PRC - [2010/06/13 00:32:33 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/16 14:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
PRC - [2009/08/25 08:22:14 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/25 08:21:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/02/17 18:00:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/06/26 13:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe


========== Modules (SafeList) ==========

MOD - [2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
MOD - [2010/02/26 08:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/13 20:12:08 | 000,186,368 | ---- | M] () -- C:\WINDOWS\avazuzesesuzu.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/06/28 12:43:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/06/28 12:43:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPSSysmonLog)
SRV - File not found [Auto | Stopped] -- -- (PolicyAgentWmdmPmSN)
SRV - File not found [Auto | Stopped] -- -- (PlugPlayWmi)
SRV - File not found [Auto | Stopped] -- -- (NVSvcCryptSvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (EventlogCryptSvc)
SRV - File not found [Auto | Stopped] -- -- (cisvcWmiApSrv)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/25 08:21:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/28 18:37:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/02/17 18:00:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (All) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\Winrx85.sys -- (Winrx85)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/06/25 19:12:19 | 000,823,808 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nwcszi.sys -- (nwcszi)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/25 08:22:13 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/25 08:22:13 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 14:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 14:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/18 00:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/08/31 18:33:22 | 000,479,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/31 15:14:40 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/06/28 12:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/08 17:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/07 19:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/14 09:45:40 | 000,030,808 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore2.sys -- (hotcore2)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/18 23:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2006/09/05 05:04:38 | 001,419,968 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)
DRV - [2006/07/02 01:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/09/30 00:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 00:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2002/03/26 23:56:18 | 000,899,980 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2001/08/23 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2001/08/23 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/23 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mc522.mail.yahoo.com/mc/welcome?.rand=bh636ugh6qv8a"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {FA83944D-FF74-4CCD-B853-DC9346074074}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/30 14:39:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FA83944D-FF74-4CCD-B853-DC9346074074}: C:\Documents and Settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074} [2010/06/25 17:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/13 00:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 00:32:46 | 000,000,000 | ---D | M]

[2008/09/02 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joey v\Application Data\Mozilla\Extensions
[2008/09/02 10:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joey v\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/26 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\extensions
[2010/06/05 10:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/02 10:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 00:32:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/13 00:32:29 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/13 00:32:29 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/13 00:32:36 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/13 00:32:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/06/13 00:32:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/06/13 00:32:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/06/13 00:32:39 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/06/13 00:32:39 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/13 00:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/06/13 00:32:39 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/12/07 20:58:39 | 000,290,657 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10009 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (moigh Object) - {E78FE8AD-96B6-415C-B971-115C53CAE396} - C:\WINDOWS\system32\ofmnt.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Flage] C:\WINDOWS\avazuzesesuzu.DLL ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe File not found
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\jfmnt.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [skb] C:\WINDOWS\System32\sfmnt.dll ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Jgozebufebo] C:\WINDOWS\c40MSte.DLL ()
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O4 - Startup: C:\Documents and Settings\joey v\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1189986695591 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/Mee...ader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\SYSdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\joey v\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\joey v\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/16 18:35:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24884012-dfa3-11de-8ab8-001e8ca42256}\Shell - "" = AutoRun
O33 - MountPoints2\{24884012-dfa3-11de-8ab8-001e8ca42256}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24884012-dfa3-11de-8ab8-001e8ca42256}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: msgdisp - (C:\WINDOWS\system32\c650ftp.dll) - C:\WINDOWS\System32\c650ftp.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: Winrx85.sys - C:\WINDOWS\System32\Drivers\Winrx85.sys File not found
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: Winrx85.sys - C:\WINDOWS\System32\Drivers\Winrx85.sys File not found
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 14:06:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
[2010/07/05 13:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Malwarebytes
[2010/07/05 13:52:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 13:52:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/07/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/04 19:08:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\joey v\Recent
[2010/07/04 19:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/04 19:04:38 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\joey v\Desktop\ccsetup233.exe
[2010/07/01 10:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kcqncwxrq
[2010/07/01 04:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 22:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
[2010/06/28 18:23:08 | 036,317,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\joey v\Desktop\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/26 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\utjfaiymq
[2010/06/26 09:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/25 22:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/25 22:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/25 19:13:31 | 036,317,320 | ---- | C] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 17:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074}
[2010/06/25 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Street-Ads
[2010/06/25 17:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2010/06/25 17:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\mmshexxhg
[2010/06/25 17:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\NCH Swift Sound
[2010/06/25 17:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 17:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/25 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\NCH Software
[2010/06/25 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/06/25 17:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/06/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Facebook
[2010/06/12 23:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\hwuqniou
[2010/06/07 10:06:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV952968.TMP
[2002/04/10 21:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\joey v\*.tmp files -> C:\Documents and Settings\joey v\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
[2010/07/05 14:04:26 | 000,012,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 14:03:17 | 000,021,041 | ---- | M] () -- C:\errr.JPG
[2010/07/05 14:02:02 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/05 14:01:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/05 14:01:26 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\ZTCLPU.job
[2010/07/05 14:01:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 14:01:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 14:00:03 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\joey v\NTUSER.DAT
[2010/07/05 13:52:31 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 13:47:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ocevohazozahuyu.bin
[2010/07/05 13:46:34 | 061,657,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 21:11:59 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dbuko.dat
[2010/07/04 19:05:20 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\CCleaner.lnk
[2010/07/04 19:04:39 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\joey v\Desktop\ccsetup233.exe
[2010/07/04 19:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/07/04 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/07/04 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/07/04 19:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/07/04 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/07/04 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/07/04 18:50:01 | 010,411,615 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\apocalyptica path [www.keepvid.com].mp4
[2010/07/04 18:46:35 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Settings.cfg
[2010/07/04 14:01:25 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/07/03 00:41:47 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\joey v\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 00:01:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/07/03 00:01:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/07/03 00:01:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/07/03 00:01:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/07/03 00:01:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/07/03 00:01:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/07/01 10:39:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 10:10:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/07/01 09:10:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/07/01 09:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/07/01 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/07/01 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/07/01 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/07/01 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/07/01 09:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/07/01 07:07:50 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\0s2glD.dat
[2010/07/01 04:15:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/07/01 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/07/01 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/07/01 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/07/01 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/07/01 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/07/01 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/07/01 03:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/07/01 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/07/01 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/07/01 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/07/01 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/07/01 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/07/01 02:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/07/01 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/07/01 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/07/01 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/07/01 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/07/01 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/07/01 01:17:12 | 000,043,032 | ---- | M] () -- C:\newwheels3.jpg
[2010/07/01 01:17:11 | 000,035,809 | ---- | M] () -- C:\newwheels2.jpg
[2010/07/01 01:17:11 | 000,031,945 | ---- | M] () -- C:\newwheels1.jpg
[2010/07/01 01:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/07/01 01:05:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/07/01 01:05:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/07/01 01:05:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/07/01 01:05:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/07/01 01:05:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/07/01 00:28:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/07/01 00:26:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/07/01 00:24:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/07/01 00:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/07/01 00:03:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/06/30 23:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/06/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/06/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/06/30 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/06/30 22:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/06/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/06/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/06/30 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/06/30 21:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/06/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/06/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/06/30 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/06/30 20:22:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/06/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/06/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/06/30 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/06/30 19:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/30 18:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/30 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/06/30 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/06/30 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/06/30 17:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/30 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/06/30 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/06/30 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/06/30 16:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/30 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/06/30 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/06/30 16:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/06/30 15:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/30 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/06/30 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/06/30 15:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/06/30 14:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/30 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/06/30 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/06/30 14:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/06/30 13:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/30 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/06/30 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/06/30 13:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/06/30 12:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/30 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/06/30 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/06/30 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/06/30 11:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/30 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/06/30 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/06/30 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/06/30 08:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/30 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/06/30 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/06/30 08:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/06/30 07:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/30 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/06/30 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/06/30 07:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/06/30 06:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/30 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/06/30 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/06/30 06:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/06/30 05:15:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/30 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/06/30 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/06/30 05:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/06/30 02:07:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/06/30 00:05:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/29 22:04:39 | 000,046,705 | ---- | M] () -- C:\wheels.JPG
[2010/06/29 20:18:36 | 000,012,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/06/29 20:11:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\joey v\ntuser.ini
[2010/06/28 17:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/06/26 17:48:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 19:56:06 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/25 19:54:19 | 000,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/25 19:13:34 | 036,317,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\joey v\Desktop\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 19:13:34 | 036,317,320 | ---- | M] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 19:12:19 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwcszi.sys
[2010/06/25 17:14:47 | 000,052,224 | RHS- | M] () -- C:\WINDOWS\System32\noise9.dll
[2010/06/25 17:14:45 | 000,162,816 | ---- | M] () -- C:\WINDOWS\Kcecua.exe
[2010/06/25 17:10:41 | 015,876,046 | ---- | M] () -- C:\18hz.wav
[2010/06/25 17:10:24 | 000,000,797 | ---- | M] () -- C:\18hz.tdf
[2010/06/25 17:08:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadSevenDays.job
[2010/06/25 17:08:39 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2010/06/25 17:08:12 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NCH Tone Generator.lnk
[2010/06/19 09:49:50 | 000,059,228 | ---- | M] () -- C:\singing.JPG
[2010/06/18 08:54:54 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\ofmnt.dll
[2010/06/18 08:54:38 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\sfmnt.dll
[2010/06/18 08:48:56 | 000,040,617 | ---- | M] () -- C:\WINDOWS\System32\jfmnt.exe
[2010/06/11 17:06:37 | 000,026,088 | ---- | M] () -- C:\cicpimple.JPG
[2010/06/08 18:08:28 | 000,953,012 | ---- | M] () -- C:\IMGP5591.JPG
[2010/06/08 18:08:16 | 000,892,018 | ---- | M] () -- C:\IMGP5590.JPG
[2010/06/08 18:08:02 | 000,909,901 | ---- | M] () -- C:\IMGP5589.JPG
[2010/06/07 22:11:31 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\master (version 1).xls
[2010/06/07 19:39:26 | 000,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 08:35:55 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/06/07 08:35:55 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/06/07 08:35:55 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/06/07 08:18:08 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/07 08:18:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/05 23:21:22 | 060,019,244 | ---- | M] () -- C:\ASdfsa.wav
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\joey v\*.tmp files -> C:\Documents and Settings\joey v\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 14:03:17 | 000,021,041 | ---- | C] () -- C:\errr.JPG
[2010/07/05 13:52:31 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 19:05:20 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\joey v\Desktop\CCleaner.lnk
[2010/07/04 18:48:01 | 010,411,615 | ---- | C] () -- C:\Documents and Settings\joey v\Desktop\apocalyptica path [www.keepvid.com].mp4
[2010/07/01 08:46:06 | 000,043,032 | ---- | C] () -- C:\newwheels3.jpg
[2010/07/01 08:46:01 | 000,035,809 | ---- | C] () -- C:\newwheels2.jpg
[2010/07/01 08:45:55 | 000,031,945 | ---- | C] () -- C:\newwheels1.jpg
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/07/01 03:04:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/07/01 00:02:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/06/30 19:59:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/06/30 04:09:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/06/30 04:09:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/06/30 04:09:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/06/30 04:09:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/06/30 04:09:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/06/30 04:09:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/06/30 04:09:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/06/30 02:07:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/06/29 22:04:38 | 000,046,705 | ---- | C] () -- C:\wheels.JPG
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/06/29 21:11:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/06/29 21:11:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0s2glD.dat
[2010/06/29 20:28:24 | 000,036,352 | ---- | C] () -- C:\WINDOWS\Fonts\EPppmk.com
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/06/29 20:28:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/26 17:48:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 19:56:06 | 000,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/25 17:17:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dbuko.dat
[2010/06/25 17:17:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ocevohazozahuyu.bin
[2010/06/25 17:15:29 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwcszi.sys
[2010/06/25 17:14:50 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/25 17:14:49 | 000,162,816 | ---- | C] () -- C:\WINDOWS\Kcecua.exe
[2010/06/25 17:14:47 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\noise9.dll
[2010/06/25 17:14:47 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\ZTCLPU.job
[2010/06/25 17:10:41 | 015,876,046 | ---- | C] () -- C:\18hz.wav
[2010/06/25 17:10:24 | 000,000,797 | ---- | C] () -- C:\18hz.tdf
[2010/06/25 17:08:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/06/25 17:08:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadSevenDays.job
[2010/06/25 17:08:39 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2010/06/25 17:08:12 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NCH Tone Generator.lnk
[2010/06/19 09:49:50 | 000,059,228 | ---- | C] () -- C:\singing.JPG
[2010/06/18 08:54:54 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\ofmnt.dll
[2010/06/18 08:54:38 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\sfmnt.dll
[2010/06/18 08:48:56 | 000,040,617 | ---- | C] () -- C:\WINDOWS\System32\jfmnt.exe
[2010/06/11 17:06:37 | 000,026,088 | ---- | C] () -- C:\cicpimple.JPG
[2010/06/08 19:12:31 | 000,953,012 | ---- | C] () -- C:\IMGP5591.JPG
[2010/06/08 19:12:31 | 000,909,901 | ---- | C] () -- C:\IMGP5589.JPG
[2010/06/08 19:12:31 | 000,892,018 | ---- | C] () -- C:\IMGP5590.JPG
[2010/06/07 10:06:46 | 000,017,254 | ---- | C] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/06/07 08:18:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/06 23:18:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\gklupx.dat
[2010/06/06 23:18:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/05 23:21:20 | 060,019,244 | ---- | C] () -- C:\ASdfsa.wav
[2010/03/07 12:09:09 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/19 15:42:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/02/14 13:03:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/12/12 13:15:45 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/11/28 14:21:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/28 13:50:41 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/28 13:50:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/28 13:50:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/28 13:50:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/27 18:47:45 | 000,000,454 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/27 16:18:42 | 000,012,165 | ---- | C] () -- C:\WINDOWS\texobytavu.sys
[2008/10/27 14:40:10 | 000,013,908 | ---- | C] () -- C:\WINDOWS\putuvex.sys
[2008/09/30 22:03:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2008/09/01 20:55:16 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/07/11 12:06:44 | 000,000,418 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/05 12:01:26 | 000,000,461 | ---- | C] () -- C:\WINDOWS\log.ini
[2008/06/17 16:22:03 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/04/21 20:17:07 | 000,000,051 | ---- | C] () -- C:\WINDOWS\rocksoft.ini
[2008/02/24 21:55:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/02/24 21:31:36 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9553p6now.sys
[2008/01/23 20:44:22 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/01/16 21:51:21 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/11/06 21:11:03 | 000,006,442 | ---- | C] () -- C:\WINDOWS\GCSPRO.INI
[2007/10/22 18:55:29 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/21 16:51:49 | 000,001,024 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/21 16:51:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2007/10/21 16:51:47 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2007/10/21 16:51:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2007/10/21 16:51:47 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2007/10/21 16:51:41 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2007/10/17 23:35:34 | 000,000,220 | ---- | C] () -- C:\WINDOWS\BLSnapshot.ini
[2007/10/07 09:37:52 | 000,001,602 | ---- | C] () -- C:\WINDOWS\GIFCON.INI
[2007/10/04 16:54:34 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/09/29 16:27:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2007/09/28 22:09:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2007/09/28 16:21:38 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/09/17 20:36:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2007/09/17 12:32:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/17 11:45:07 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/16 22:31:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/09/16 22:31:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2007/09/16 21:07:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Windckl9.dll
[2007/09/16 19:46:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\c6501rm.dll
[2007/09/16 19:46:03 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini
[2007/09/16 19:44:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/09/16 19:44:21 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/16 19:40:21 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/09/16 19:40:20 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/09/16 19:40:11 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/09/16 19:40:11 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/16 19:33:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/16 18:56:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/12 00:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/12 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/12 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/12 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/12 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/12 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/07/03 22:08:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/07/03 21:59:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/04/05 11:40:02 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/03/26 15:18:28 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/01/20 08:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[2001/08/23 08:00:00 | 000,186,368 | ---- | C] () -- C:\WINDOWS\avazuzesesuzu.dll
[2001/08/23 08:00:00 | 000,060,416 | ---- | C] () -- C:\WINDOWS\c40MSte.dll

========== Custom Scans ==========


< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\joey v\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOEYV
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\joey v
KDS_LANGUAGE=13
LOGONSERVER=\\JOEYV
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Common Files\ArcSoft\Bin;c:\program files\rockwell software\rscommon;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\program files\quicktime\qtsystem\;F:\matlab\bin;F:\matlab\bin\win32;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOEYV~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOEYV~1\LOCALS~1\Temp
USERDOMAIN=JOEYV
USERNAME=joey v
USERPROFILE=C:\Documents and Settings\joey v
windir=C:\WINDOWS

< %SYSTEMDRIVE%\*.* >
[2010/06/25 17:10:24 | 000,000,797 | ---- | M] () -- C:\18hz.tdf
[2010/06/25 17:10:41 | 015,876,046 | ---- | M] () -- C:\18hz.wav
[2010/06/25 19:13:34 | 036,317,320 | ---- | M] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/05 23:21:22 | 060,019,244 | ---- | M] () -- C:\ASdfsa.wav
[2007/09/16 18:35:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/22 22:21:32 | 007,752,864 | ---- | M] () -- C:\bmwvid.mpg
[2010/03/04 01:12:09 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2010/06/11 17:06:37 | 000,026,088 | ---- | M] () -- C:\cicpimple.JPG
[2007/09/16 18:35:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/29 13:09:55 | 000,039,173 | ---- | M] () -- C:\daf.JPG
[2010/06/12 07:46:41 | 000,000,065 | ---- | M] () -- C:\doggies.txt
[2010/05/21 08:28:53 | 003,670,099 | ---- | M] () -- C:\Drop The World #2.mp3
[2010/05/20 23:24:23 | 003,670,935 | ---- | M] () -- C:\Drop The World.mp3
[2010/07/05 14:03:17 | 000,021,041 | ---- | M] () -- C:\errr.JPG
[2010/07/04 18:49:25 | 000,010,998 | ---- | M] () -- C:\hijackthis20100704.log
[2010/05/30 19:21:53 | 000,124,149 | ---- | M] () -- C:\hike01.JPG
[2010/05/30 19:22:35 | 000,052,362 | ---- | M] () -- C:\hike02.JPG
[2010/05/30 19:23:51 | 000,049,100 | ---- | M] () -- C:\hike03.JPG
[2010/06/08 18:08:02 | 000,909,901 | ---- | M] () -- C:\IMGP5589.JPG
[2010/06/08 18:08:16 | 000,892,018 | ---- | M] () -- C:\IMGP5590.JPG
[2010/06/08 18:08:28 | 000,953,012 | ---- | M] () -- C:\IMGP5591.JPG
[2007/09/16 18:35:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/20 23:14:27 | 009,182,650 | ---- | M] () -- C:\lilwayne.wav
[2010/07/05 13:59:31 | 000,005,681 | ---- | M] () -- C:\mbam-log-2010-07-05 (13-59-13).txt
[2010/05/19 20:10:12 | 000,033,162 | ---- | M] () -- C:\mo1.JPG
[2010/05/19 20:11:49 | 000,096,158 | ---- | M] () -- C:\mo2.JPG
[2010/05/19 20:26:07 | 000,161,183 | ---- | M] () -- C:\mo3.JPG
[2007/09/16 18:35:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/01 01:17:11 | 000,031,945 | ---- | M] () -- C:\newwheels1.jpg
[2010/07/01 01:17:11 | 000,035,809 | ---- | M] () -- C:\newwheels2.jpg
[2010/07/01 01:17:12 | 000,043,032 | ---- | M] () -- C:\newwheels3.jpg
[2007/09/16 21:17:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/01 18:00:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/21 08:28:34 | 004,313,756 | ---- | M] () -- C:\OMG (feat. Will.mp3
[2010/07/05 14:01:09 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys
[2010/05/29 13:10:50 | 000,018,350 | ---- | M] () -- C:\puggles2.JPG
[2010/05/30 19:15:28 | 000,015,824 | ---- | M] () -- C:\sexyback.JPG
[2010/05/30 19:17:47 | 000,015,580 | ---- | M] () -- C:\sexyback2.JPG
[2010/05/30 19:19:50 | 000,029,727 | ---- | M] () -- C:\sexycar.JPG
[2010/06/19 09:49:50 | 000,059,228 | ---- | M] () -- C:\singing.JPG
[2010/05/14 19:12:40 | 004,971,520 | -HS- | M] () -- C:\Thumbs.db
[2010/05/21 08:28:42 | 003,209,090 | ---- | M] () -- C:\Unknown.mp3
[2010/06/29 22:04:39 | 000,046,705 | ---- | M] () -- C:\wheels.JPG
[2010/05/27 18:57:23 | 000,002,644 | ---- | M] () -- C:\wialog.txt


< MD5 for: AGP440.SYS >
[2007/09/16 21:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/01 17:58:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/09/16 21:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/01 17:58:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/09/16 21:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/01 17:58:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/09/16 21:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/01 17:58:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvata.sys
[2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\nvata.sys
[2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\nvata.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/09/16 11:27:42 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/16 11:27:42 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/16 11:27:42 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2010/06/25 17:14:47 | 000,052,224 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\noise9.dll
[2010/06/18 08:54:54 | 000,310,784 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ofmnt.dll
[2010/06/18 08:54:38 | 000,327,680 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\sfmnt.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/07/05 14:01:26 | 000,000,312 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\ZTCLPU.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\ac60AirForceImage.bmp:AFP_AfpInfo
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >



#5 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 05 July 2010 - 01:39 PM

third

[quote]OTL Extras logfile created on: 7/5/2010 2:13:10 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\joey v\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.09 Gb Total Space | 4.60 Gb Free Space | 22.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 212.79 Gb Total Space | 181.05 Gb Free Space | 85.08% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 183.30 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 69.37 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive H: | 10.06 Gb Total Space | 4.90 Gb Free Space | 48.72% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 12.73 Gb Total Space | 12.67 Gb Free Space | 99.50% Space Free | Partition Type: NTFS

Computer Name: JOEYV
Current User Name: joey v
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AceBackup] -- "C:\Program Files\AceBIT\AceBackup 3\AceBackup.exe" -as "%1" (AceBIT)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"L:\Program Files\nesticle\NESTCL95.EXE" = L:\Program Files\nesticle\NESTCL95.EXE:*:Disabled:NESTCL95 -- File not found
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Kazaa Lite\KazaaLite.kpp" = C:\Program Files\Kazaa Lite\KazaaLite.kpp:*:Enabled:Kazaa Lite -- File not found
"C:\Program Files\ScanSoft\PaperPort\NAVBrowser.exe" = C:\Program Files\ScanSoft\PaperPort\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\MIRC\mirc.exe" = C:\MIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe" = C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Catalyst Media Center
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2FC02AE3-3BDB-4AAD-85CE-0568724F64B3}" = ComparatorPro
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5E7F4D2E-4111-4007-8E19-3A5A10B7C52D}" = TMPGEnc 4.0 XPress Trial Version
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}" = AceBackup 3
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8 Professional Trial
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 AFR
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD78DE74-95DB-429D-A66F-6306BCEDA640}" = Arena 10.0 (CPR 7)
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C44CB060-2AD1-11D6-BC84-00D0B7E10CD1}" = Veo Advanced Connect
"{C489B6E0-56CB-4B0F-B2E6-FF4C3D9FAE4F}" = TMPGEnc Plus 2.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{ED3DE33F-B1C5-47BE-97B5-159F8C344092}" = ArcSoft ShowBiz DVD 2
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = Catalyst Media Center DVD Authoring Module
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"ACDSee" = ACDSee
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"AceHTML Freeware" = AceHTML Freeware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"AoA DVD Ripper_is1" = AoA DVD Ripper
"ATI Display Driver" = ATI Display Driver
"Audio Converter" = Audio Converter
"AVG8Uninstall" = AVG Free 8.5
"AVS Video Converter 4.1_is1" = AVS Video Converter 4.1.1.291
"BitLord" = BitLord 1.1
"BJTutor_is1" = Blackjack Tutor version 1.0.25
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CutePDF Writer Installation" = CutePDF Writer 2.7
"dog2" = dog2 Screen Saver
"Generic 6501 Sound" = C-Media 6501 Sound
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microssoft Internation

Edited by joey v, 05 July 2010 - 01:50 PM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:58 PM

Posted 05 July 2010 - 06:14 PM

Hi, joey v smile.gif

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 12:31 PM

ComboFix 10-07-05.03 - joey v 07/06/2010 9:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -4:00]
Running from: c:\documents and settings\joey v\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\joey v\Application Data\Street-Ads
c:\documents and settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074}
c:\documents and settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074}\chrome.manifest
c:\documents and settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074}\chrome\content\_cfg.js
c:\documents and settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074}\chrome\content\overlay.xul
c:\documents and settings\joey v\Local Settings\Application Data\{FA83944D-FF74-4CCD-B853-DC9346074074}\install.rdf
c:\program files\$NtUninstallWTF1012$
C:\Thumbs.db
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\ahudanawum._sy
c:\windows\c40MSte.dll
c:\windows\febufe.exe
c:\windows\Fonts\EPppmk.com
c:\windows\imyfawyva.scr
c:\windows\Kcecua.exe
c:\windows\regedit.com
c:\windows\renusosa._sy
c:\windows\settings.reg
c:\windows\suxoracuwu.exe
c:\windows\system32\3394475236.dat
c:\windows\system32\Data
c:\windows\system32\ofmnt.dll
c:\windows\system32\sfmnt.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\wunosat.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-05 21:09 . 2010-07-06 12:52 -------- d-----w- C:\$AVG8.VAULT$
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\documents and settings\joey v\Application Data\Malwarebytes
2010-07-05 17:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\program files\Malwarebytes
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 17:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 23:05 . 2010-07-04 23:05 -------- d-----w- c:\program files\CCleaner
2010-07-01 14:39 . 2010-07-03 08:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kcqncwxrq
2010-06-30 06:07 . 2010-06-30 06:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-30 02:00 . 2010-06-30 02:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-30 02:00 . 2010-06-30 02:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-06-26 21:48 . 2010-06-30 08:00 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\utjfaiymq
2010-06-26 21:48 . 2010-06-26 21:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-26 13:24 . 2010-06-29 04:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 23:56 . 2010-06-25 23:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-06-25 23:13 . 2010-06-25 23:13 36317320 ----a-w- C:\7.0.0.543e-sdsetup-Revenue(207).exe
2010-06-25 21:17 . 2010-07-05 17:47 0 ----a-w- c:\windows\Ocevohazozahuyu.bin
2010-06-25 21:17 . 2010-07-05 01:11 120 ----a-w- c:\windows\Dbuko.dat
2010-06-25 21:15 . 2010-06-25 23:12 823808 ----a-w- c:\windows\system32\drivers\nwcszi.sys
2010-06-25 21:15 . 2010-06-28 14:06 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\mmshexxhg
2010-06-25 21:14 . 2010-06-25 21:14 52224 --sha-r- c:\windows\system32\noise9.dll
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\joey v\Application Data\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\joey v\Application Data\NCH Software
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\program files\NCH Software
2010-06-19 13:50 . 2010-06-19 13:50 50354 ----a-w- c:\documents and settings\joey v\Application Data\Facebook\uninstall.exe
2010-06-19 13:50 . 2010-06-19 13:50 -------- d-----w- c:\documents and settings\joey v\Application Data\Facebook
2010-06-18 12:48 . 2010-06-18 12:48 40617 ----a-w- c:\windows\system32\jfmnt.exe
2010-06-13 03:32 . 2010-06-15 08:00 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\hwuqniou
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\joey v\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-07 14:06 . 2010-06-07 14:08 -------- d-----w- c:\windows\NV952968.TMP
2010-06-07 03:18 . 2010-07-01 14:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:56 . 2010-03-07 16:07 -------- d-----w- c:\program files\Spyware Doctor
2010-07-06 13:52 . 2008-11-10 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-06 12:52 . 2007-10-19 04:32 -------- d-----w- c:\program files\QuickTime
2010-07-05 21:00 . 2008-10-28 01:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-05 20:36 . 2007-12-13 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 14:00 . 2007-10-22 02:50 -------- d-----w- c:\documents and settings\joey v\Application Data\SiteClasses
2010-07-01 11:07 . 2010-06-30 01:11 112 ----a-w- c:\documents and settings\All Users\Application Data\0s2glD.dat
2010-06-18 23:46 . 2008-10-28 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-12 00:46 . 2008-11-28 18:20 -------- d-----w- c:\program files\SUPER
2010-06-09 06:55 . 2010-05-25 21:21 -------- d-----w- c:\documents and settings\joey v\Application Data\uTorrent
2010-06-07 03:18 . 2010-06-07 03:18 12 ----a-w- c:\documents and settings\LocalService\Application Data\gklupx.dat
2010-05-25 21:21 . 2010-05-25 21:21 -------- d-----w- c:\program files\uTorrent
2010-05-23 18:01 . 2007-10-22 02:50 -------- d-----w- c:\documents and settings\joey v\Application Data\Sites
2010-05-12 21:59 . 2007-09-17 01:23 79064 -c--a-w- c:\documents and settings\joey v\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 21:47 . 2010-05-10 21:47 -------- d-----w- c:\program files\Pure Networks
2010-05-10 21:47 . 2010-05-10 21:13 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-05-10 21:46 . 2010-05-10 21:46 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-05-10 21:27 . 2010-05-10 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-05-10 21:20 . 2010-05-10 21:12 -------- d-----w- c:\program files\Linksys
2010-05-10 21:13 . 2010-05-10 21:13 -------- d-----w- c:\program files\WebEx
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\joey v\Application Data\Office Genuine Advantage
2008-10-27 22:29 . 2008-10-27 22:29 13400 -c--a-w- c:\program files\Common Files\inadogi.scr
2008-10-27 20:18 . 2008-10-27 20:18 17276 -c--a-w- c:\program files\Common Files\jekiqe.dl
2008-10-27 20:18 . 2008-10-27 20:18 16028 -c--a-w- c:\program files\Common Files\utidy.dat
2008-10-27 20:18 . 2008-10-27 20:18 19129 -c--a-w- c:\program files\Common Files\uhuninito.dl
2008-10-27 20:18 . 2008-10-27 20:18 13649 -c--a-w- c:\program files\Common Files\cafupodoci.pif
2008-10-27 18:42 . 2008-10-27 18:42 14509 -c--a-w- c:\program files\Common Files\igevoluvyr.com
2008-10-27 18:42 . 2008-10-27 18:42 12503 -c--a-w- c:\program files\Common Files\kyfik._dl
2008-10-27 18:42 . 2008-10-27 18:42 10792 -c--a-w- c:\program files\Common Files\hyzeqy._sy
2008-10-27 18:40 . 2008-10-27 18:40 16759 -c--a-w- c:\program files\Common Files\vyza.com
2006-05-03 09:06 . 2008-11-28 18:20 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-28 18:20 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-28 18:20 216064 -csh--r- c:\windows\system32\nbDX.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ATI\Catalyst Media Center\CMCService .exe
c:\program files\Comcast\Desktop Doctor\bin\sprtcmd .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Pure Networks\Network Magic\nmapp .exe
c:\program files\QuickTime\qttask             .exe
c:\program files\Spyware Doctor\pctsTray .exe
c:\windows\Philips\SPC230NC\Monitor .exe
c:\windows\system32\rundll32 .exe
</pre>


------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [N/A]

c:\documents and settings\joey v\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-11 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-2 81997]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 12:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx85.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ResChanger 2005"=c:\program files\ResChanger 2005\ResChanger2005.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"AIM"=c:\program files\AIM95\aim.exe -cnetwait.odl
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
"Jgozebufebo"=rundll32.exe "c:\windows\c40MSte.dll",Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"P17Helper"=Rundll32 P17.dll,P17Helper
"UpdReg"=c:\windows\UpdReg.EXE
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"OneTouch Monitor"=c:\progra~1\VISION~1\ONETOU~2.EXE
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask .exe" -atboottime
"EKIJ5000StatusMonitor"=c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"SPC230NC_Monitor"=c:\windows\Philips\SPC230NC\Monitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ATIModeChange"=Ati2mdxx.exe
"skb"=rundll32 "sfmnt.dll",,Run
"MChk"=c:\windows\system32\jfmnt.exe
"Flage"=rundll32.exe "c:\windows\avazuzesesuzu.dll",Startup
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\Aceftp3free.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [6/17/2008 4:22 PM 30808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/7/2010 12:07 PM 217032]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/28/2008 3:52 PM 335240]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 10:05 AM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/7/2010 12:09 PM 112592]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/7/2010 12:07 PM 366840]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [12/12/2008 1:15 PM 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [12/12/2008 1:15 PM 461056]
S0 nwcszi;nwcszi;c:\windows\system32\drivers\nwcszi.sys [6/25/2010 5:15 PM 823808]
S0 Winrx85;Winrx85;c:\windows\system32\Drivers\Winrx85.sys --> c:\windows\system32\Drivers\Winrx85.sys [?]
S2 cisvcWmiApSrv;Indexing Service cisvcWmiApSrv; srv --> srv [?]
S2 EventlogCryptSvc;Event Log EventlogCryptSvc; srv --> srv [?]
S2 NVSvcCryptSvc;NVIDIA Display Driver Service NVSvcCryptSvc; srv --> srv [?]
S2 PlugPlayWmi;Plug and Play PlugPlayWmi; srv --> srv [?]
S2 PolicyAgentWmdmPmSN;IPSEC Services PolicyAgentWmdmPmSN; srv --> srv [?]
S2 UPSSysmonLog;Uninterruptible Power Supply UPSSysmonLog; srv --> srv [?]
S3 PciCon;PciCon;\??\i:\pcicon.sys --> i:\PciCon.sys [?]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/18/2007 12:11 AM 56448]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [10/17/2007 11:34 PM 899980]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2008-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-12-05 c:\windows\Tasks\BACKUP.job
- c:\program files\AceBIT\AceBackup 3\AceBackup.exe [2009-12-05 00:08]

2010-07-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-06-25 c:\windows\Tasks\wavepadSevenDays.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-25 21:08]

2010-06-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-25 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
FF - ProfilePath - c:\documents and settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc522.mail.yahoo.com/mc/welcome?.rand=bh636ugh6qv8a
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\joey v\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-AutorunsDisabled - WinCtrl32.dll
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 09:56
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cisvcWmiApSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventlogCryptSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvcCryptSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlayWmi]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentWmdmPmSN]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPSSysmonLog]
"ImagePath"=" srv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\WININET.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(212)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\System32\wshtcpip.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2010-07-06 10:04:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 14:04

Pre-Run: 4,692,811,776 bytes free
Post-Run: 4,736,389,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - 563C87F0270D7A48BD73D34C5E044861

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:58 PM

Posted 06 July 2010 - 01:09 PM

  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
CODE
Suspect::
c:\windows\c40MSte.dll
C:\WINDOWS\system32\jfmnt.exe
C:\WINDOWS\system32\sfmnt.dll
c:\windows\avazuzesesuzu.dll

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ATI\Catalyst Media Center\CMCService .exe
c:\program files\Comcast\Desktop Doctor\bin\sprtcmd .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Pure Networks\Network Magic\nmapp .exe
c:\program files\QuickTime\qttask             .exe
c:\program files\Spyware Doctor\pctsTray .exe
c:\windows\Philips\SPC230NC\Monitor .exe
c:\windows\system32\rundll32 .exe

Driver::
Winrx85
cisvcWmiApSrv
EventlogCryptSvc
NVSvcCryptSvc
PlugPlayWmi
PolicyAgentWmdmPmSN
UPSSysmonLog
PciCon

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"=-
"ResChanger 2005"=-
"ctfmon.exe"=-
"AIM"=-
"Yahoo! Pager"=-
"PPWebCap"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"RegistryMechanic"=-
"SpybotSD TeaTimer"=-
"Universal Installer"=-
"Jgozebufebo"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=-
"nwiz"=-
"NvMediaCenter"=-
"CTSysVol"=-
"P17Helper"=-
"UpdReg"=-
"C6501Sound"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
"NeroCheck"=-
"OneTouch Monitor"=-
"KernelFaultCheck"=-
"QuickTime Task"=-
"EKIJ5000StatusMonitor"=-
"AVG8_TRAY"=-
"SPC230NC_Monitor"=-
"Adobe Reader Speed Launcher"=-
"ArcSoft Connection Service"=-
"ATIModeChange"=-
"skb"=-
"MChk"=-
"Flage"=-
"ISTray"=-
"UserFaultCheck"=-




Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

If the submitting these files is unsuccessful, Combofix will create a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Indicate a link to this address and let me know when ready.

Run OTL as follows:
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    /md5start
    tcpip.sys
    /md5stop
    %systemroot%\Tasks\*.job


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 07:47 PM

Combofix_100706.txt

QUOTE
ComboFix 10-07-06.02 - joey v 07/06/2010 20:16:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1192 [GMT -4:00]
Running from: c:\documents and settings\joey v\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\joey v\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\system32\jfmnt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CISVCWMIAPSRV
-------\Legacy_EVENTLOGCRYPTSVC
-------\Legacy_NVSVCCRYPTSVC
-------\Legacy_PCICON
-------\Legacy_PLUGPLAYWMI
-------\Legacy_POLICYAGENTWMDMPMSN
-------\Legacy_UPSSYSMONLOG
-------\Legacy_WINRX85
-------\Service_cisvcWmiApSrv
-------\Service_EventlogCryptSvc
-------\Service_NVSvcCryptSvc
-------\Service_PciCon
-------\Service_PlugPlayWmi
-------\Service_PolicyAgentWmdmPmSN
-------\Service_UPSSysmonLog
-------\Service_Winrx85


((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-07 00:10 . 2010-07-07 00:12 -------- d-----w- C:\32788R22FWJFW
2010-07-06 17:43 . 2010-07-06 17:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-05 21:09 . 2010-07-06 12:52 -------- d-----w- C:\$AVG8.VAULT$
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\documents and settings\joey v\Application Data\Malwarebytes
2010-07-05 17:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\program files\Malwarebytes
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 17:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 23:05 . 2010-07-04 23:05 -------- d-----w- c:\program files\CCleaner
2010-07-01 14:39 . 2010-07-03 08:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kcqncwxrq
2010-06-30 06:07 . 2010-06-30 06:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-30 02:00 . 2010-06-30 02:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-30 02:00 . 2010-06-30 02:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-06-26 21:48 . 2010-06-30 08:00 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\utjfaiymq
2010-06-26 21:48 . 2010-06-26 21:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-26 13:24 . 2010-06-29 04:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 23:56 . 2010-06-25 23:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-06-25 23:13 . 2010-06-25 23:13 36317320 ----a-w- C:\7.0.0.543e-sdsetup-Revenue(207).exe
2010-06-25 21:17 . 2010-07-05 17:47 0 ----a-w- c:\windows\Ocevohazozahuyu.bin
2010-06-25 21:17 . 2010-07-05 01:11 120 ----a-w- c:\windows\Dbuko.dat
2010-06-25 21:15 . 2010-06-25 23:12 823808 ----a-w- c:\windows\system32\drivers\nwcszi.sys
2010-06-25 21:15 . 2010-06-28 14:06 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\mmshexxhg
2010-06-25 21:14 . 2010-06-25 21:14 52224 --sha-r- c:\windows\system32\noise9.dll
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\joey v\Application Data\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\joey v\Application Data\NCH Software
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\program files\NCH Software
2010-06-19 13:50 . 2010-06-19 13:50 50354 ----a-w- c:\documents and settings\joey v\Application Data\Facebook\uninstall.exe
2010-06-19 13:50 . 2010-06-19 13:50 -------- d-----w- c:\documents and settings\joey v\Application Data\Facebook
2010-06-18 12:48 . 2010-06-18 12:48 40617 ----a-w- c:\windows\system32\jfmnt.exe
2010-06-13 03:32 . 2010-06-15 08:00 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\hwuqniou
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\joey v\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-07 14:06 . 2010-06-07 14:08 -------- d-----w- c:\windows\NV952968.TMP
2010-06-07 03:18 . 2010-07-01 14:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 00:29 . 2008-11-10 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-07 00:29 . 2010-03-07 16:07 -------- d-----w- c:\program files\Spyware Doctor
2010-07-07 00:16 . 2007-10-19 04:32 -------- d-----w- c:\program files\QuickTime
2010-07-06 15:25 . 2010-03-07 16:07 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-06 15:25 . 2010-03-07 16:07 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-05 21:00 . 2008-10-28 01:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-05 20:36 . 2007-12-13 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 14:00 . 2007-10-22 02:50 -------- d-----w- c:\documents and settings\joey v\Application Data\SiteClasses
2010-07-01 11:07 . 2010-06-30 01:11 112 ----a-w- c:\documents and settings\All Users\Application Data\0s2glD.dat
2010-06-18 23:46 . 2008-10-28 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-12 00:46 . 2008-11-28 18:20 -------- d-----w- c:\program files\SUPER
2010-06-09 06:55 . 2010-05-25 21:21 -------- d-----w- c:\documents and settings\joey v\Application Data\uTorrent
2010-06-07 03:18 . 2010-06-07 03:18 12 ----a-w- c:\documents and settings\LocalService\Application Data\gklupx.dat
2010-06-06 01:52 . 2010-06-06 01:52 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\gklupx.dat
2010-05-25 21:21 . 2010-05-25 21:21 -------- d-----w- c:\program files\uTorrent
2010-05-23 18:01 . 2007-10-22 02:50 -------- d-----w- c:\documents and settings\joey v\Application Data\Sites
2010-05-12 21:59 . 2007-09-17 01:23 79064 -c--a-w- c:\documents and settings\joey v\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 21:47 . 2010-05-10 21:47 -------- d-----w- c:\program files\Pure Networks
2010-05-10 21:47 . 2010-05-10 21:13 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-05-10 21:46 . 2010-05-10 21:46 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-05-10 21:27 . 2010-05-10 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-05-10 21:20 . 2010-05-10 21:12 -------- d-----w- c:\program files\Linksys
2010-05-10 21:13 . 2010-05-10 21:13 -------- d-----w- c:\program files\WebEx
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\joey v\Application Data\Office Genuine Advantage
2008-10-27 22:29 . 2008-10-27 22:29 13400 -c--a-w- c:\program files\Common Files\inadogi.scr
2008-10-27 20:18 . 2008-10-27 20:18 17276 -c--a-w- c:\program files\Common Files\jekiqe.dl
2008-10-27 20:18 . 2008-10-27 20:18 16028 -c--a-w- c:\program files\Common Files\utidy.dat
2008-10-27 20:18 . 2008-10-27 20:18 19129 -c--a-w- c:\program files\Common Files\uhuninito.dl
2008-10-27 20:18 . 2008-10-27 20:18 13649 -c--a-w- c:\program files\Common Files\cafupodoci.pif
2008-10-27 18:42 . 2008-10-27 18:42 14509 -c--a-w- c:\program files\Common Files\igevoluvyr.com
2008-10-27 18:42 . 2008-10-27 18:42 12503 -c--a-w- c:\program files\Common Files\kyfik._dl
2008-10-27 18:42 . 2008-10-27 18:42 10792 -c--a-w- c:\program files\Common Files\hyzeqy._sy
2008-10-27 18:40 . 2008-10-27 18:40 16759 -c--a-w- c:\program files\Common Files\vyza.com
2006-05-03 09:06 . 2008-11-28 18:20 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-28 18:20 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-28 18:20 216064 -csh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-07-06 1287120]

c:\documents and settings\joey v\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-11 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 12:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\Aceftp3free.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [6/17/2008 4:22 PM 30808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/7/2010 12:07 PM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/28/2008 3:52 PM 335240]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/7/2010 12:09 PM 112592]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/7/2010 12:07 PM 366840]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [12/12/2008 1:15 PM 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [12/12/2008 1:15 PM 461056]
S0 nwcszi;nwcszi;c:\windows\system32\drivers\nwcszi.sys [6/25/2010 5:15 PM 823808]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/18/2007 12:11 AM 56448]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [10/17/2007 11:34 PM 899980]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 10:05 AM 297752]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2008-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-12-05 c:\windows\Tasks\BACKUP.job
- c:\program files\AceBIT\AceBackup 3\AceBackup.exe [2009-12-05 00:08]

2010-07-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-06-25 c:\windows\Tasks\wavepadSevenDays.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-25 21:08]

2010-06-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-25 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
FF - ProfilePath - c:\documents and settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc522.mail.yahoo.com/mc/welcome?.rand=bh636ugh6qv8a
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\joey v\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Winrx85.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 20:29
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1076)
c:\windows\system32\WININET.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\wsock32.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\System32\wshtcpip.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-06 20:36:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 00:36
ComboFix2.txt 2010-07-06 14:04

Pre-Run: 4,613,988,352 bytes free
Post-Run: 4,657,102,848 bytes free

- - End Of File - - BD0CA417FDB9F639331D93771917A58F


OTL_100706.txt

QUOTE
OTL logfile created on: 7/6/2010 8:39:12 PM - Run 3
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\joey v\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.09 Gb Total Space | 4.38 Gb Free Space | 21.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 212.79 Gb Total Space | 181.05 Gb Free Space | 85.08% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 183.30 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 69.37 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive H: | 10.06 Gb Total Space | 4.90 Gb Free Space | 48.72% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 12.73 Gb Total Space | 12.67 Gb Free Space | 99.50% Space Free | Partition Type: NTFS

Computer Name: JOEYV
Current User Name: joey v
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
PRC - [2010/06/13 00:32:33 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/08/25 08:22:14 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/02/17 18:00:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe


========== Modules (SafeList) ==========

MOD - [2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/25 08:21:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/28 18:37:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/02/17 18:00:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/07/06 11:25:29 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/06/25 19:12:19 | 000,823,808 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nwcszi.sys -- (nwcszi)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/25 08:22:13 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/25 08:22:13 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 14:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 14:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/18 00:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/08/31 18:33:22 | 000,479,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/31 15:14:40 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/06/28 12:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/08 17:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/07 19:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/14 09:45:40 | 000,030,808 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore2.sys -- (hotcore2)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/18 23:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2006/09/05 05:04:38 | 001,419,968 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)
DRV - [2006/07/02 01:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/09/30 00:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 00:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2002/03/26 23:56:18 | 000,899,980 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2001/08/23 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2001/08/23 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/23 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mc522.mail.yahoo.com/mc/welcome?.rand=bh636ugh6qv8a"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/30 14:39:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/13 00:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 00:32:46 | 000,000,000 | ---D | M]

[2008/09/02 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joey v\Application Data\Mozilla\Extensions
[2008/09/02 10:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joey v\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/06 14:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\extensions
[2010/06/05 10:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/02 10:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 00:32:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/13 00:32:29 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/13 00:32:29 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/13 00:32:36 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/13 00:32:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/06/13 00:32:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/06/13 00:32:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/06/13 00:32:39 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/06/13 00:32:39 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/13 00:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/06/13 00:32:39 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/06 20:27:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\joey v\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1189986695591 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/Mee...ader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\SYSdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\joey v\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\joey v\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/16 18:35:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 20:10:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/06 13:43:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/06 09:37:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/06 09:32:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/06 09:32:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/06 09:32:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/06 09:32:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 09:32:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/06 09:21:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/05 17:09:23 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2010/07/05 14:06:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
[2010/07/05 13:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Malwarebytes
[2010/07/05 13:52:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 13:52:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/07/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/04 19:08:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\joey v\Recent
[2010/07/04 19:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/04 19:04:38 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\joey v\Desktop\ccsetup233.exe
[2010/07/01 10:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kcqncwxrq
[2010/07/01 04:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 22:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
[2010/06/26 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\utjfaiymq
[2010/06/26 09:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/25 22:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/25 22:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/25 19:13:31 | 036,317,320 | ---- | C] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 17:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\mmshexxhg
[2010/06/25 17:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\NCH Swift Sound
[2010/06/25 17:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 17:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/25 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\NCH Software
[2010/06/25 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/06/25 17:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/06/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Facebook
[2010/06/12 23:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\hwuqniou
[2010/06/07 10:06:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV952968.TMP
[2002/04/10 21:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\joey v\*.tmp files -> C:\Documents and Settings\joey v\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/06 20:36:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 20:30:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 20:29:06 | 000,012,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/06 20:27:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/06 20:26:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/06 20:26:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 20:25:17 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\joey v\NTUSER.DAT
[2010/07/06 20:10:12 | 003,727,937 | R--- | M] () -- C:\Documents and Settings\joey v\Desktop\ComboFix.exe
[2010/07/06 14:00:30 | 000,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/06 14:00:30 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/07/06 11:25:30 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/06 11:25:29 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/06 09:56:52 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/06 09:56:52 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/06 09:56:51 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/06 08:53:01 | 061,677,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/05 23:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\joey v\ntuser.ini
[2010/07/05 17:24:11 | 000,000,508 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/05 16:02:12 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\joey v\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/05 16:01:03 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/07/05 15:30:48 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Settings.cfg
[2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
[2010/07/05 14:03:17 | 000,021,041 | ---- | M] () -- C:\errr.JPG
[2010/07/05 13:52:31 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 13:47:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ocevohazozahuyu.bin
[2010/07/04 21:11:59 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dbuko.dat
[2010/07/04 19:05:20 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\CCleaner.lnk
[2010/07/04 19:04:39 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\joey v\Desktop\ccsetup233.exe
[2010/07/04 18:50:01 | 010,411,615 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\apocalyptica path [www.keepvid.com].mp4
[2010/07/04 14:01:25 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/07/01 10:39:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 07:07:50 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\0s2glD.dat
[2010/07/01 01:17:12 | 000,043,032 | ---- | M] () -- C:\newwheels3.jpg
[2010/07/01 01:17:11 | 000,035,809 | ---- | M] () -- C:\newwheels2.jpg
[2010/07/01 01:17:11 | 000,031,945 | ---- | M] () -- C:\newwheels1.jpg
[2010/06/30 00:05:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/29 22:04:39 | 000,046,705 | ---- | M] () -- C:\wheels.JPG
[2010/06/29 20:18:36 | 000,012,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/06/28 17:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/06/26 17:48:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 19:13:34 | 036,317,320 | ---- | M] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 19:12:19 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwcszi.sys
[2010/06/25 17:14:47 | 000,052,224 | RHS- | M] () -- C:\WINDOWS\System32\noise9.dll
[2010/06/25 17:10:41 | 015,876,046 | ---- | M] () -- C:\18hz.wav
[2010/06/25 17:10:24 | 000,000,797 | ---- | M] () -- C:\18hz.tdf
[2010/06/25 17:08:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadSevenDays.job
[2010/06/19 09:49:50 | 000,059,228 | ---- | M] () -- C:\singing.JPG
[2010/06/18 08:48:56 | 000,040,617 | ---- | M] () -- C:\WINDOWS\System32\jfmnt.exe
[2010/06/11 17:06:37 | 000,026,088 | ---- | M] () -- C:\cicpimple.JPG
[2010/06/08 18:08:28 | 000,953,012 | ---- | M] () -- C:\IMGP5591.JPG
[2010/06/08 18:08:16 | 000,892,018 | ---- | M] () -- C:\IMGP5590.JPG
[2010/06/08 18:08:02 | 000,909,901 | ---- | M] () -- C:\IMGP5589.JPG
[2010/06/07 22:11:31 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\master (version 1).xls
[2010/06/07 19:39:26 | 000,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 08:35:55 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/06/07 08:35:55 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/06/07 08:35:55 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/06/07 08:18:08 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/07 08:18:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\joey v\*.tmp files -> C:\Documents and Settings\joey v\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 09:37:49 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/07/06 09:37:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/06 09:32:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/06 09:32:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/06 09:32:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/06 09:32:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/06 09:32:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/06 09:18:48 | 003,727,937 | R--- | C] () -- C:\Documents and Settings\joey v\Desktop\ComboFix.exe
[2010/07/05 14:03:17 | 000,021,041 | ---- | C] () -- C:\errr.JPG
[2010/07/05 13:52:31 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 19:05:20 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\joey v\Desktop\CCleaner.lnk
[2010/07/04 18:48:01 | 010,411,615 | ---- | C] () -- C:\Documents and Settings\joey v\Desktop\apocalyptica path [www.keepvid.com].mp4
[2010/07/01 08:46:06 | 000,043,032 | ---- | C] () -- C:\newwheels3.jpg
[2010/07/01 08:46:01 | 000,035,809 | ---- | C] () -- C:\newwheels2.jpg
[2010/07/01 08:45:55 | 000,031,945 | ---- | C] () -- C:\newwheels1.jpg
[2010/06/29 22:04:38 | 000,046,705 | ---- | C] () -- C:\wheels.JPG
[2010/06/29 21:11:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0s2glD.dat
[2010/06/26 17:48:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 17:17:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dbuko.dat
[2010/06/25 17:17:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ocevohazozahuyu.bin
[2010/06/25 17:15:29 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwcszi.sys
[2010/06/25 17:14:47 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\noise9.dll
[2010/06/25 17:10:41 | 015,876,046 | ---- | C] () -- C:\18hz.wav
[2010/06/25 17:10:24 | 000,000,797 | ---- | C] () -- C:\18hz.tdf
[2010/06/25 17:08:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/06/25 17:08:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadSevenDays.job
[2010/06/19 09:49:50 | 000,059,228 | ---- | C] () -- C:\singing.JPG
[2010/06/18 08:48:56 | 000,040,617 | ---- | C] () -- C:\WINDOWS\System32\jfmnt.exe
[2010/06/11 17:06:37 | 000,026,088 | ---- | C] () -- C:\cicpimple.JPG
[2010/06/08 19:12:31 | 000,953,012 | ---- | C] () -- C:\IMGP5591.JPG
[2010/06/08 19:12:31 | 000,909,901 | ---- | C] () -- C:\IMGP5589.JPG
[2010/06/08 19:12:31 | 000,892,018 | ---- | C] () -- C:\IMGP5590.JPG
[2010/06/07 10:06:46 | 000,017,254 | ---- | C] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/06/07 08:18:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/06 23:18:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\gklupx.dat
[2010/06/06 23:18:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/07 12:09:09 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/19 15:42:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/02/14 13:03:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/12/12 13:15:45 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/11/28 14:21:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/28 13:50:41 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/28 13:50:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/28 13:50:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/28 13:50:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/27 18:47:45 | 000,000,508 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/27 16:18:42 | 000,012,165 | ---- | C] () -- C:\WINDOWS\texobytavu.sys
[2008/10/27 14:40:10 | 000,013,908 | ---- | C] () -- C:\WINDOWS\putuvex.sys
[2008/09/30 22:03:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2008/09/01 20:55:16 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/07/11 12:06:44 | 000,000,418 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/05 12:01:26 | 000,000,461 | ---- | C] () -- C:\WINDOWS\log.ini
[2008/06/17 16:22:03 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/04/21 20:17:07 | 000,000,051 | ---- | C] () -- C:\WINDOWS\rocksoft.ini
[2008/02/24 21:55:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/02/24 21:31:36 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9553p6now.sys
[2008/01/23 20:44:22 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/01/16 21:51:21 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/11/06 21:11:03 | 000,006,442 | ---- | C] () -- C:\WINDOWS\GCSPRO.INI
[2007/10/22 18:55:29 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/21 16:51:49 | 000,001,024 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/21 16:51:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2007/10/21 16:51:47 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2007/10/21 16:51:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2007/10/21 16:51:47 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2007/10/21 16:51:41 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2007/10/17 23:35:34 | 000,000,220 | ---- | C] () -- C:\WINDOWS\BLSnapshot.ini
[2007/10/07 09:37:52 | 000,001,602 | ---- | C] () -- C:\WINDOWS\GIFCON.INI
[2007/10/04 16:54:34 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/09/29 16:27:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2007/09/28 22:09:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2007/09/28 16:21:38 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/09/17 20:36:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2007/09/17 12:32:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/17 11:45:07 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/16 22:31:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/09/16 22:31:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2007/09/16 21:07:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Windckl9.dll
[2007/09/16 19:46:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\c6501rm.dll
[2007/09/16 19:46:03 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini
[2007/09/16 19:44:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/09/16 19:44:21 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/16 19:40:21 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/09/16 19:40:20 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/09/16 19:40:11 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/09/16 19:40:11 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/16 19:33:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/16 18:56:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/12 00:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/12 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/12 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/12 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/12 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/12 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/07/03 22:08:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/07/03 21:59:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/04/05 11:40:02 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/03/26 15:18:28 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/01/20 08:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll

========== Custom Scans ==========



< MD5 for: TCPIP.SYS >
[2006/04/20 07:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9425B72F40257B45D45D24773273DAD0 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9425B72F40257B45D45D24773273DAD0 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004/08/04 02:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=ACCF5A9A1FFAA490F33DBA1C632B95E1 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< %systemroot%\Tasks\*.job >
[2008/04/17 10:28:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/12/05 15:33:56 | 000,000,580 | ---- | M] () -- C:\WINDOWS\Tasks\BACKUP.job
[2010/07/06 20:26:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/06/25 17:08:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadSevenDays.job
[2010/06/28 17:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\ac60AirForceImage.bmp:AFP_AfpInfo
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


#10 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 07:53 PM

I think I'm getting closer!!!, For the last several startups I had been getting 2 errors right away; "generic process for win32 services error." I believed these to be remnants of the virii removed from the first attempt.

This is the first startup I haven't gotten em!!! thumbup.gif

and my taskbar hasn't changed yet..... but my regular windows are now classic-version w/ an xp themed startup bar mellow.gif

I found through a couple other sites that I could turn "themes" back on via run->services.msc->themes->start

is there an easy way what exactly is turning these off periodically?

Another question, I haven't had a popup/redirect lately. Is it safe to assume the disabling of themes is the only side effect I'm still experiencing, or is it too soon to say?

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:58 PM

Posted 06 July 2010 - 09:26 PM

Most of the infection is gone. There are still files I would like to take a look at. Were you able to upload the zipped file?

Go to Start > Run, copy and paste the following command and click OK.

CMD /C NET Start >"%Userprofile%\desktop\log.txt"

Include the quotation marks. A log.txt should be produced on the desktop. Post its contents in your next reply.
  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
CODE
Suspect::
C:\WINDOWS\Dbuko.dat
C:\WINDOWS\Ocevohazozahuyu.bin
C:\WINDOWS\texobytavu.sys
C:\WINDOWS\putuvex.sys
C:\WINDOWS\Windckl9.dll

File::
C:\WINDOWS\AutoRun.INI

FCopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys|c:\windows\system32\drivers\tcpip.sys




Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
If the submitting these files is unsuccessful, Combofix will create a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Indicate a link to this address and let me know when ready.

Run OTL as follows:
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    /md5start
    tcpip.sys
    /md5stop
    %systemroot%\Resources\themes\*.*


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 10:42 PM

reply 1

QUOTE
These Windows services are started:

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##
ActivClient Middleware Service
Application Layer Gateway Service
ArcSoft Connect Daemon
Ati HotKey Poller
Background Intelligent Transfer Service
Browser Defender Update Service
Cisco Systems, Inc. VPN Service
COM+ Event System
CyberLink Background Capture Service (CBCS)
CyberLink Media Library Service
DCOM Server Process Launcher
DNS Client
Event Log
IPSEC Services
Kodak AiO Device Service
NVIDIA Display Driver Service
Plug and Play
Print Spooler
Protected Storage
Pure Networks Platform Service
Remote Procedure Call (RPC)
Remote Registry
Security Accounts Manager
Smart Card
SSDP Discovery Service
SupportSoft Sprocket Service (ddoctorv2)
Syntek STK1160 Service
System Event Notification
TCP/IP NetBIOS Helper
Terminal Services
Ulead Burning Helper
WebClient
Windows Driver Foundation - User-mode Driver Framework
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Time

The command completed successfully.


#13 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 11:23 PM

reply 2

QUOTE
ComboFix 10-07-06.02 - joey v 07/06/2010 23:56:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1278 [GMT -4:00]
Running from: c:\documents and settings\joey v\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\joey v\Desktop\CFScript2.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\AutoRun.INI"

file zipped: c:\windows\Dbuko.dat
file zipped: c:\windows\Ocevohazozahuyu.bin
file zipped: c:\windows\putuvex.sys
file zipped: c:\windows\texobytavu.sys
file zipped: c:\windows\Windckl9.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AutoRun.INI

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-06 17:43 . 2010-07-06 17:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-05 21:09 . 2010-07-06 12:52 -------- d-----w- C:\$AVG8.VAULT$
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\documents and settings\joey v\Application Data\Malwarebytes
2010-07-05 17:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\program files\Malwarebytes
2010-07-05 17:52 . 2010-07-05 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 17:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 23:05 . 2010-07-04 23:05 -------- d-----w- c:\program files\CCleaner
2010-07-01 14:39 . 2010-07-03 08:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kcqncwxrq
2010-06-30 06:07 . 2010-06-30 06:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-30 02:00 . 2010-06-30 02:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-30 02:00 . 2010-06-30 02:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-06-26 21:48 . 2010-06-30 08:00 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\utjfaiymq
2010-06-26 21:48 . 2010-06-26 21:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-26 13:24 . 2010-06-29 04:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-25 23:56 . 2010-06-25 23:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-06-25 23:13 . 2010-06-25 23:13 36317320 ----a-w- C:\7.0.0.543e-sdsetup-Revenue(207).exe
2010-06-25 21:17 . 2010-07-05 17:47 0 ----a-w- c:\windows\Ocevohazozahuyu.bin
2010-06-25 21:17 . 2010-07-05 01:11 120 ----a-w- c:\windows\Dbuko.dat
2010-06-25 21:15 . 2010-06-25 23:12 823808 ----a-w- c:\windows\system32\drivers\nwcszi.sys
2010-06-25 21:15 . 2010-06-28 14:06 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\mmshexxhg
2010-06-25 21:14 . 2010-06-25 21:14 52224 --sha-r- c:\windows\system32\noise9.dll
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\joey v\Application Data\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\joey v\Application Data\NCH Software
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-06-25 21:08 . 2010-06-25 21:08 -------- d-----w- c:\program files\NCH Software
2010-06-19 13:50 . 2010-06-19 13:50 50354 ----a-w- c:\documents and settings\joey v\Application Data\Facebook\uninstall.exe
2010-06-19 13:50 . 2010-06-19 13:50 -------- d-----w- c:\documents and settings\joey v\Application Data\Facebook
2010-06-18 12:48 . 2010-06-18 12:48 40617 ----a-w- c:\windows\system32\jfmnt.exe
2010-06-13 03:32 . 2010-06-15 08:00 -------- d-----w- c:\documents and settings\joey v\Local Settings\Application Data\hwuqniou
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\joey v\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-07 14:06 . 2010-06-07 14:08 -------- d-----w- c:\windows\NV952968.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 00:39 . 2008-11-10 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-07 00:38 . 2010-03-07 16:07 -------- d-----w- c:\program files\Spyware Doctor
2010-07-07 00:16 . 2007-10-19 04:32 -------- d-----w- c:\program files\QuickTime
2010-07-06 15:25 . 2010-03-07 16:07 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-06 15:25 . 2010-03-07 16:07 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-05 21:00 . 2008-10-28 01:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-05 20:36 . 2007-12-13 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 14:00 . 2007-10-22 02:50 -------- d-----w- c:\documents and settings\joey v\Application Data\SiteClasses
2010-07-01 14:39 . 2010-06-07 03:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-01 11:07 . 2010-06-30 01:11 112 ----a-w- c:\documents and settings\All Users\Application Data\0s2glD.dat
2010-06-18 23:46 . 2008-10-28 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-12 00:46 . 2008-11-28 18:20 -------- d-----w- c:\program files\SUPER
2010-06-09 06:55 . 2010-05-25 21:21 -------- d-----w- c:\documents and settings\joey v\Application Data\uTorrent
2010-06-07 03:18 . 2010-06-07 03:18 12 ----a-w- c:\documents and settings\LocalService\Application Data\gklupx.dat
2010-06-06 01:52 . 2010-06-06 01:52 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\gklupx.dat
2010-05-25 21:21 . 2010-05-25 21:21 -------- d-----w- c:\program files\uTorrent
2010-05-23 18:01 . 2007-10-22 02:50 -------- d-----w- c:\documents and settings\joey v\Application Data\Sites
2010-05-12 21:59 . 2007-09-17 01:23 79064 -c--a-w- c:\documents and settings\joey v\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 21:47 . 2010-05-10 21:47 -------- d-----w- c:\program files\Pure Networks
2010-05-10 21:47 . 2010-05-10 21:13 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-05-10 21:46 . 2010-05-10 21:46 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-05-10 21:27 . 2010-05-10 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-05-10 21:20 . 2010-05-10 21:12 -------- d-----w- c:\program files\Linksys
2010-05-10 21:13 . 2010-05-10 21:13 -------- d-----w- c:\program files\WebEx
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\joey v\Application Data\Office Genuine Advantage
2008-10-27 22:29 . 2008-10-27 22:29 13400 -c--a-w- c:\program files\Common Files\inadogi.scr
2008-10-27 20:18 . 2008-10-27 20:18 17276 -c--a-w- c:\program files\Common Files\jekiqe.dl
2008-10-27 20:18 . 2008-10-27 20:18 16028 -c--a-w- c:\program files\Common Files\utidy.dat
2008-10-27 20:18 . 2008-10-27 20:18 19129 -c--a-w- c:\program files\Common Files\uhuninito.dl
2008-10-27 20:18 . 2008-10-27 20:18 13649 -c--a-w- c:\program files\Common Files\cafupodoci.pif
2008-10-27 18:42 . 2008-10-27 18:42 14509 -c--a-w- c:\program files\Common Files\igevoluvyr.com
2008-10-27 18:42 . 2008-10-27 18:42 12503 -c--a-w- c:\program files\Common Files\kyfik._dl
2008-10-27 18:42 . 2008-10-27 18:42 10792 -c--a-w- c:\program files\Common Files\hyzeqy._sy
2008-10-27 18:40 . 2008-10-27 18:40 16759 -c--a-w- c:\program files\Common Files\vyza.com
2006-05-03 09:06 . 2008-11-28 18:20 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-28 18:20 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-28 18:20 216064 -csh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-06_13.54.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-04-29 19:34 71060 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-07-06 13:56 71060 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-07-06 13:56 441124 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-04-29 19:34 441124 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-12-12 17:15 . 2007-12-10 20:55 323584 c:\windows\Philips\SPC230NC\Monitor.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

c:\documents and settings\joey v\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-11 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 12:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\Aceftp3free.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [6/17/2008 4:22 PM 30808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/7/2010 12:07 PM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/28/2008 3:52 PM 335240]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/7/2010 12:09 PM 112592]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [12/12/2008 1:15 PM 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [12/12/2008 1:15 PM 461056]
S0 nwcszi;nwcszi;c:\windows\system32\drivers\nwcszi.sys [6/25/2010 5:15 PM 823808]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/18/2007 12:11 AM 56448]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/7/2010 12:07 PM 366840]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [10/17/2007 11:34 PM 899980]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 10:05 AM 297752]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2008-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2009-12-05 c:\windows\Tasks\BACKUP.job
- c:\program files\AceBIT\AceBackup 3\AceBackup.exe [2009-12-05 00:08]

2010-07-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-06-25 c:\windows\Tasks\wavepadSevenDays.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-25 21:08]

2010-06-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-25 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab
FF - ProfilePath - c:\documents and settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc522.mail.yahoo.com/mc/welcome?.rand=bh636ugh6qv8a
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\joey v\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 00:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\wbem\wbemcomn.dll

- - - - - - - > 'lsass.exe'(1076)
c:\windows\system32\WININET.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-07-07 00:09:21
ComboFix-quarantined-files.txt 2010-07-07 04:09
ComboFix2.txt 2010-07-07 00:36
ComboFix3.txt 2010-07-06 14:04

Pre-Run: 4,694,306,816 bytes free
Post-Run: 4,674,465,792 bytes free

- - End Of File - - 4B0F724B9C3ADA59E0AE2AF15BFD3E47
Upload was successful


#14 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 11:29 PM

reply 3

QUOTE
file submitted (sorry... thought those instructions were only if combofix failed to fix)


#15 joey v

joey v
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 July 2010 - 11:41 PM

reply 4

QUOTE
OTL logfile created on: 7/7/2010 12:30:23 AM - Run 5
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\joey v\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.09 Gb Total Space | 4.38 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 212.79 Gb Total Space | 181.05 Gb Free Space | 85.08% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 183.30 Gb Free Space | 49.19% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 69.37 Gb Free Space | 14.89% Space Free | Partition Type: NTFS
Drive H: | 10.06 Gb Total Space | 4.90 Gb Free Space | 48.72% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 12.73 Gb Total Space | 12.67 Gb Free Space | 99.50% Space Free | Partition Type: NTFS

Computer Name: JOEYV
Current User Name: joey v
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
PRC - [2010/06/13 00:32:33 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/08/25 08:22:14 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/02/17 18:00:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe


========== Modules (SafeList) ==========

MOD - [2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/25 08:21:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/28 18:37:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/28 17:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/02/17 18:00:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/07/06 11:25:29 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/06/25 19:12:19 | 000,823,808 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\nwcszi.sys -- (nwcszi)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/25 08:22:13 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/25 08:22:13 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 14:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 14:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/18 00:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/08/31 18:33:22 | 000,479,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/31 15:14:40 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/06/28 12:43:00 | 006,807,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/08 17:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/07 19:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/14 09:45:40 | 000,030,808 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore2.sys -- (hotcore2)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/18 23:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2006/09/05 05:04:38 | 001,419,968 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)
DRV - [2006/07/02 01:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/09/30 00:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 00:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2002/03/26 23:56:18 | 000,899,980 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2001/08/23 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2001/08/23 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/23 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mc522.mail.yahoo.com/mc/welcome?.rand=bh636ugh6qv8a"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/30 14:39:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/13 00:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 00:32:46 | 000,000,000 | ---D | M]

[2008/09/02 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joey v\Application Data\Mozilla\Extensions
[2008/09/02 10:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\joey v\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/06 20:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\extensions
[2010/06/05 10:37:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\joey v\Application Data\Mozilla\Firefox\Profiles\8inzsn5b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/02 10:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 00:32:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/13 00:32:29 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/13 00:32:29 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/13 00:32:36 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/13 00:32:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/06/13 00:32:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/06/13 00:32:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/06/13 00:32:39 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/06/13 00:32:39 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/13 00:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/06/13 00:32:39 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/07 00:05:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\joey v\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1189986695591 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/Mee...ader_200909.cab (MeetUploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\SYSdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\joey v\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\joey v\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/16 18:35:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 13:43:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/06 09:37:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/06 09:32:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/06 09:32:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/06 09:32:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/06 09:32:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 09:32:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/06 09:21:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/05 17:09:23 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2010/07/05 14:06:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
[2010/07/05 13:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Malwarebytes
[2010/07/05 13:52:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 13:52:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/07/05 13:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/04 19:08:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\joey v\Recent
[2010/07/04 19:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/04 19:04:38 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\joey v\Desktop\ccsetup233.exe
[2010/07/01 10:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kcqncwxrq
[2010/07/01 04:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 22:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
[2010/06/26 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\utjfaiymq
[2010/06/26 09:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/25 22:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/25 22:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/25 19:13:31 | 036,317,320 | ---- | C] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 17:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\mmshexxhg
[2010/06/25 17:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\NCH Swift Sound
[2010/06/25 17:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 17:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/25 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\NCH Software
[2010/06/25 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/06/25 17:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/06/19 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Application Data\Facebook
[2010/06/12 23:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joey v\Local Settings\Application Data\hwuqniou
[2010/06/07 10:06:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV952968.TMP
[2002/04/10 21:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\joey v\*.tmp files -> C:\Documents and Settings\joey v\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 00:09:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 00:06:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/07 00:05:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/06 20:29:06 | 000,012,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/06 20:26:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/06 20:26:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 20:25:17 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\joey v\NTUSER.DAT
[2010/07/06 20:10:12 | 003,727,937 | R--- | M] () -- C:\Documents and Settings\joey v\Desktop\ComboFix.exe
[2010/07/06 14:00:30 | 000,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/06 14:00:30 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/07/06 11:25:30 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/06 11:25:29 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/06 09:56:52 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/06 09:56:52 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/06 09:56:51 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/06 08:53:01 | 061,677,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/05 23:03:51 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\joey v\ntuser.ini
[2010/07/05 17:24:11 | 000,000,508 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/05 16:02:12 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\joey v\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/05 16:01:03 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/07/05 15:30:48 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Settings.cfg
[2010/07/05 14:06:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joey v\Desktop\OTL.exe
[2010/07/05 14:03:17 | 000,021,041 | ---- | M] () -- C:\errr.JPG
[2010/07/05 13:52:31 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/05 13:47:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ocevohazozahuyu.bin
[2010/07/04 21:11:59 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dbuko.dat
[2010/07/04 19:05:20 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\CCleaner.lnk
[2010/07/04 19:04:39 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\joey v\Desktop\ccsetup233.exe
[2010/07/04 18:50:01 | 010,411,615 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\apocalyptica path [www.keepvid.com].mp4
[2010/07/04 14:01:25 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/07/01 10:39:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 07:07:50 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\0s2glD.dat
[2010/07/01 01:17:12 | 000,043,032 | ---- | M] () -- C:\newwheels3.jpg
[2010/07/01 01:17:11 | 000,035,809 | ---- | M] () -- C:\newwheels2.jpg
[2010/07/01 01:17:11 | 000,031,945 | ---- | M] () -- C:\newwheels1.jpg
[2010/06/30 00:05:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/29 22:04:39 | 000,046,705 | ---- | M] () -- C:\wheels.JPG
[2010/06/29 20:18:36 | 000,012,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/06/28 17:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/06/26 17:48:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 19:13:34 | 036,317,320 | ---- | M] (PC Tools ) -- C:\7.0.0.543e-sdsetup-Revenue(207).exe
[2010/06/25 19:12:19 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwcszi.sys
[2010/06/25 17:14:47 | 000,052,224 | RHS- | M] () -- C:\WINDOWS\System32\noise9.dll
[2010/06/25 17:10:41 | 015,876,046 | ---- | M] () -- C:\18hz.wav
[2010/06/25 17:10:24 | 000,000,797 | ---- | M] () -- C:\18hz.tdf
[2010/06/25 17:08:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadSevenDays.job
[2010/06/19 09:49:50 | 000,059,228 | ---- | M] () -- C:\singing.JPG
[2010/06/18 08:48:56 | 000,040,617 | ---- | M] () -- C:\WINDOWS\System32\jfmnt.exe
[2010/06/11 17:06:37 | 000,026,088 | ---- | M] () -- C:\cicpimple.JPG
[2010/06/08 18:08:28 | 000,953,012 | ---- | M] () -- C:\IMGP5591.JPG
[2010/06/08 18:08:16 | 000,892,018 | ---- | M] () -- C:\IMGP5590.JPG
[2010/06/08 18:08:02 | 000,909,901 | ---- | M] () -- C:\IMGP5589.JPG
[2010/06/07 22:11:31 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\joey v\Desktop\master (version 1).xls
[2010/06/07 19:39:26 | 000,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 08:35:55 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/06/07 08:35:55 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/06/07 08:35:55 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/06/07 08:18:08 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/07 08:18:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\joey v\*.tmp files -> C:\Documents and Settings\joey v\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 09:37:49 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/07/06 09:37:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/06 09:32:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/06 09:32:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/06 09:32:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/06 09:32:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/06 09:32:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/06 09:18:48 | 003,727,937 | R--- | C] () -- C:\Documents and Settings\joey v\Desktop\ComboFix.exe
[2010/07/05 14:03:17 | 000,021,041 | ---- | C] () -- C:\errr.JPG
[2010/07/05 13:52:31 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 19:05:20 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\joey v\Desktop\CCleaner.lnk
[2010/07/04 18:48:01 | 010,411,615 | ---- | C] () -- C:\Documents and Settings\joey v\Desktop\apocalyptica path [www.keepvid.com].mp4
[2010/07/01 08:46:06 | 000,043,032 | ---- | C] () -- C:\newwheels3.jpg
[2010/07/01 08:46:01 | 000,035,809 | ---- | C] () -- C:\newwheels2.jpg
[2010/07/01 08:45:55 | 000,031,945 | ---- | C] () -- C:\newwheels1.jpg
[2010/06/29 22:04:38 | 000,046,705 | ---- | C] () -- C:\wheels.JPG
[2010/06/29 21:11:58 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0s2glD.dat
[2010/06/26 17:48:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/25 17:17:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dbuko.dat
[2010/06/25 17:17:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ocevohazozahuyu.bin
[2010/06/25 17:15:29 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwcszi.sys
[2010/06/25 17:14:47 | 000,052,224 | RHS- | C] () -- C:\WINDOWS\System32\noise9.dll
[2010/06/25 17:10:41 | 015,876,046 | ---- | C] () -- C:\18hz.wav
[2010/06/25 17:10:24 | 000,000,797 | ---- | C] () -- C:\18hz.tdf
[2010/06/25 17:08:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/06/25 17:08:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadSevenDays.job
[2010/06/19 09:49:50 | 000,059,228 | ---- | C] () -- C:\singing.JPG
[2010/06/18 08:48:56 | 000,040,617 | ---- | C] () -- C:\WINDOWS\System32\jfmnt.exe
[2010/06/11 17:06:37 | 000,026,088 | ---- | C] () -- C:\cicpimple.JPG
[2010/06/08 19:12:31 | 000,953,012 | ---- | C] () -- C:\IMGP5591.JPG
[2010/06/08 19:12:31 | 000,909,901 | ---- | C] () -- C:\IMGP5589.JPG
[2010/06/08 19:12:31 | 000,892,018 | ---- | C] () -- C:\IMGP5590.JPG
[2010/06/07 10:06:46 | 000,017,254 | ---- | C] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/06/07 08:18:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\joey v\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/03/07 12:09:09 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/19 15:42:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/02/14 13:03:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/12/12 13:15:45 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/11/28 14:21:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/28 13:50:41 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/28 13:50:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/28 13:50:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/28 13:50:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/27 18:47:45 | 000,000,508 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/27 16:18:42 | 000,012,165 | ---- | C] () -- C:\WINDOWS\texobytavu.sys
[2008/10/27 14:40:10 | 000,013,908 | ---- | C] () -- C:\WINDOWS\putuvex.sys
[2008/09/01 20:55:16 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/07/11 12:06:44 | 000,000,418 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/05 12:01:26 | 000,000,461 | ---- | C] () -- C:\WINDOWS\log.ini
[2008/06/17 16:22:03 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/04/21 20:17:07 | 000,000,051 | ---- | C] () -- C:\WINDOWS\rocksoft.ini
[2008/02/24 21:55:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/02/24 21:31:36 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9553p6now.sys
[2008/01/23 20:44:22 | 000,000,570 | ---- | C] () -- C:\WINDOWS\DTOOLS.INI
[2008/01/16 21:51:21 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/11/06 21:11:03 | 000,006,442 | ---- | C] () -- C:\WINDOWS\GCSPRO.INI
[2007/10/22 18:55:29 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/21 16:51:49 | 000,001,024 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/21 16:51:49 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2007/10/21 16:51:47 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2007/10/21 16:51:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2007/10/21 16:51:47 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2007/10/21 16:51:41 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2007/10/17 23:35:34 | 000,000,220 | ---- | C] () -- C:\WINDOWS\BLSnapshot.ini
[2007/10/07 09:37:52 | 000,001,602 | ---- | C] () -- C:\WINDOWS\GIFCON.INI
[2007/10/04 16:54:34 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/09/29 16:27:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2007/09/28 22:09:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2007/09/28 16:21:38 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/09/17 20:36:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2007/09/17 12:32:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/17 11:45:07 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/16 22:31:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/09/16 22:31:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2007/09/16 21:07:01 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Windckl9.dll
[2007/09/16 19:46:05 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\c6501rm.dll
[2007/09/16 19:46:03 | 000,004,712 | R--- | C] () -- C:\WINDOWS\C6501.ini
[2007/09/16 19:44:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/09/16 19:44:21 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/16 19:40:21 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/09/16 19:40:20 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/09/16 19:40:11 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/09/16 19:40:11 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/16 19:33:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/16 18:56:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/12 00:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/12 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/12 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/12 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/12 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/12 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/07/03 22:08:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/07/03 21:59:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002/04/05 11:40:02 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/03/26 15:18:28 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/01/20 08:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll

========== Custom Scans ==========



< MD5 for: TCPIP.SYS >
[2006/04/20 07:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004/08/04 02:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=ACCF5A9A1FFAA490F33DBA1C632B95E1 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< %systemroot%\Resources\themes\*.* >
[2008/09/01 19:03:54 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Resources\Themes\iVista.theme
[2008/09/01 18:54:54 | 000,005,766 | ---- | M] () -- C:\WINDOWS\Resources\Themes\joeytem.Theme
[2001/08/23 08:00:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\Resources\Themes\Luna.theme
[2001/08/23 08:00:00 | 000,003,025 | ---- | M] () -- C:\WINDOWS\Resources\Themes\Windows Classic.theme
[2006/10/24 06:01:48 | 000,001,179 | ---- | M] () -- C:\WINDOWS\Resources\Themes\Zune.Theme
[2008/09/01 19:45:11 | 000,001,186 | ---- | M] () -- C:\WINDOWS\Resources\Themes\zune2.Theme

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\ac60AirForceImage.bmp:AFP_AfpInfo
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users