Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Security Suite Infection + IE Redirects


  • This topic is locked This topic is locked
35 replies to this topic

#1 glowstickgorilla

glowstickgorilla

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 July 2010 - 02:59 PM

Hello my computer has been infected with some nasty malware suites that I have been able to remove using malwarebytes however the unwanted programs will reinstall themselves to correct the issue I've done the following

1. Run Malwarebytes to remove unwanted malware
2. Run Trend Micro Officescan client for viruses
3. Activated Windows Firewall
4. Run Hijackthis and saved Log

Your help is appreciated I am still experiencing browser redirects, I believe my PC is still dirty

Attached Files


Edited by Budapest, 15 July 2010 - 05:58 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 21 July 2010 - 09:21 AM

Hello, my PC was exposed to alot of malware/viruses/trojans - I have used MBAM, SuperantiSpyware, Trend Office Scan to remove much of the problem however I am still experiencing redirects

Also - My PC is running super sluggish, I believe much of the memory is tied up in operation - Please help me remove the unneccesary tasks because this is as much a problem as the malware infection - can you help me with this? I believe a HiJackThis scan + log can help - I just don't know what tasks and startup items I can safely remove and the best way to do this

Thank You to any soul who finds it within themself to help! thumbup2.gif

**edit Hey I need to also add that I successfully ran combofix on 7-16 - I'm sorry!! I know it says everywhere on bleepingcomputers not to do this unless directed... I'm not sure where the log is saved to

***editx2 - I found the log and attached it

****+1 - I attached Hijackthis log

Merged topics moving result to log forum. Initial post appears to have had the logs edited in after moderator opened topic but before the topic was actually moved. ~ OB

Attached Files


Edited by Orange Blossom, 21 July 2010 - 02:41 PM.


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:35 PM

Posted 22 July 2010 - 05:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 22 July 2010 - 04:24 PM

Thank you Casey - All of those scans were completed yesterday 7-21-10

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 23 July 2010 - 08:33 AM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

QUOTE
http://www.bleepingcomputer.com/forums/t/332010/malware-security-suite-infection-ie-redirects/

Suspect::[89]
c:\windows\system32\fcec.sys

File::
c:\windows\Ipifozadutodig.bin
c:\windows\Vqotijaxes.dat

Folder::
c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\ngyeciaqr
c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\uuofxoyks
c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\rypttylyt


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


==========


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.


    Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All

  4. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  5. Push
  6. A report will open. Copy and Paste that report in your next reply.
  7. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

With your next post please provide:

* Combofix.txt
* OTL.txt
* Extra.txt
* RKU log
* What problems persist?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 26 July 2010 - 05:52 AM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 26 July 2010 - 08:44 AM

Hi thcbytes I am going to perform the steps you asked right now - Thanks! I will reply again when completed

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 26 July 2010 - 02:40 PM

thumbup2.gif
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 27 July 2010 - 09:08 AM

ComboFix 10-07-24.06 - jmclark 07/26/2010 8:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.503 [GMT -6:00]
Running from: c:\documents and settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10\ComboFix.exe
Command switches used :: c:\documents and settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {69F6EF9C-D81D-4C99-B30F-6CA1F06F9456}

FILE ::
"c:\windows\Ipifozadutodig.bin"
"c:\windows\Vqotijaxes.dat"

file zipped: c:\windows\SYSTEM32\fcec.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\ngyeciaqr
c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\rypttylyt
c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\uuofxoyks
c:\windows\Ipifozadutodig.bin
c:\windows\Vqotijaxes.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-20 14:04 . 2010-07-20 14:04 63488 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-20 14:04 . 2010-07-20 14:04 52224 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-20 14:04 . 2010-07-20 14:04 117760 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-20 14:00 . 2010-07-20 14:00 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\SUPERAntiSpyware.com
2010-07-20 14:00 . 2010-07-20 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-20 14:00 . 2010-07-20 14:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-16 15:43 . 2010-07-16 15:43 -------- d-----w- c:\windows\system32\log
2010-07-16 15:43 . 2009-04-04 02:47 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-07-16 15:43 . 2009-04-04 02:47 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-07-16 15:43 . 2009-04-04 02:47 151568 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-16 15:42 . 2009-02-23 19:32 78352 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-07-16 15:23 . 2010-07-16 15:23 -------- d-----w- c:\program files\ESET
2010-07-16 14:44 . 2010-07-16 14:44 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\Safe mirror
2010-07-16 14:29 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-16 14:21 . 2010-07-16 14:21 0 ----a-w- c:\windows\system32\cd.dat
2010-07-15 17:49 . 2010-07-15 17:49 388096 ----a-r- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-15 14:52 . 2010-07-16 14:44 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-12 21:06 . 2010-07-12 21:06 503808 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d665e46-n\msvcp71.dll
2010-07-12 21:06 . 2010-07-12 21:06 499712 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d665e46-n\jmc.dll
2010-07-12 21:06 . 2010-07-12 21:06 348160 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5d665e46-n\msvcr71.dll
2010-07-12 21:06 . 2010-07-12 21:06 61440 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45aabb94-n\decora-sse.dll
2010-07-12 21:06 . 2010-07-12 21:06 12800 ----a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45aabb94-n\decora-d3d.dll
2010-07-12 21:05 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 09:02 . 2010-07-10 21:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\sbgydmswl
2010-07-10 03:29 . 2010-07-10 03:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-07-09 18:29 . 2010-07-09 18:29 -------- d-sh--w- c:\documents and settings\Computer-111.DYNAWASATCH.000\IECompatCache
2010-07-09 16:31 . 2010-07-09 16:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-02 20:37 . 2010-07-02 20:37 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Leadertech
2010-07-01 22:17 . 2010-07-01 22:17 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\EFSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 14:20 . 2010-04-07 21:38 20008 ----a-w- c:\windows\system32\drivers\CDProbe.SYS
2010-07-25 14:41 . 2008-10-14 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-16 15:43 . 2009-09-23 22:17 -------- d-----w- c:\program files\Trend Micro
2010-07-16 14:45 . 2010-06-24 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-16 13:08 . 2010-04-07 21:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 17:23 . 2008-10-16 14:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-12 21:06 . 2006-02-15 15:42 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 21:05 . 2005-04-01 20:29 -------- d-----w- c:\program files\Java
2010-07-10 20:47 . 2008-07-31 17:05 286720 ------w- c:\windows\Setup1.exe
2010-07-09 13:44 . 2010-06-01 13:37 -------- d-----w- c:\program files\Paltalk Messenger
2010-06-25 14:26 . 2010-06-25 14:26 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Accellion
2010-06-24 16:40 . 2010-06-24 16:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-24 16:18 . 2009-11-11 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 16:04 . 2010-06-24 16:04 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\AdobeUM
2010-06-24 15:41 . 2010-06-24 15:41 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2B.tmp.exe
2010-06-23 19:56 . 2010-06-23 19:56 84992 ----a-w- c:\windows\system32\fcec.sys
2010-06-22 14:53 . 2010-06-22 14:50 -------- d-----w- c:\program files\iTunes
2010-06-22 14:53 . 2010-06-22 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 14:52 . 2010-06-22 14:52 -------- d-----w- c:\program files\iPod
2010-06-22 14:51 . 2009-05-07 14:15 -------- d-----w- c:\program files\Common Files\Apple
2010-06-22 14:45 . 2010-06-22 14:44 -------- d-----w- c:\program files\QuickTime
2010-06-22 14:39 . 2010-06-22 14:39 -------- d-----w- c:\program files\Bonjour
2010-06-22 14:26 . 2010-06-22 14:26 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2010-04-19 18:09 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-04 15:04 . 2009-03-19 17:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 13:37 . 2010-03-19 16:12 -------- d-----w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Paltalk
2010-05-21 20:14 . 2009-11-11 14:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 14:01 . 2008-09-04 21:47 99304 -c--a-w- c:\documents and settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 22:35 . 2010-05-18 22:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 22:35 . 2010-05-18 22:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 22:35 . 2010-05-18 22:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2003-07-16 16:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-07-16 16:45 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 21:39 . 2009-11-11 16:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2009-11-11 16:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-07-17 13:44 . 2008-07-17 13:43 22 -c--a-w- c:\program files\InstSuccess.ini
2007-05-10 16:47 . 2007-05-10 16:47 4499 ----a-w- c:\program files\Common Files\Waveguides-S8x0D.lst
2007-05-10 16:47 . 2007-05-10 16:47 21100 ----a-w- c:\program files\Common Files\AllFreqCable.lst
2006-07-13 19:36 . 2006-07-13 19:36 37518744 ----a-w- c:\program files\iTunesSetup.exe
2006-04-28 00:59 . 2006-04-28 00:59 19594 ----a-w- c:\program files\Common Files\CABLES-S8x0D.LST
2005-08-05 22:47 . 2005-04-06 18:30 656 -c--a-w- c:\program files\PanaHDS.ini
.

((((((((((((((((((((((((((((( SnapShot@2010-07-16_15.10.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-04-01 20:19 . 2010-07-16 15:50 76054 c:\windows\SYSTEM32\PERFC009.DAT
+ 2010-07-16 14:46 . 2010-07-16 15:37 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-16 14:46 . 2010-07-16 14:46 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-04-01 20:16 . 2010-07-16 15:37 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2005-04-01 20:16 . 2010-07-16 14:46 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2010-07-16 15:37 . 2010-07-16 15:37 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2005-04-01 20:16 . 2010-07-16 14:46 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2005-07-11 16:34 . 2010-07-16 15:33 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-04-01 20:19 . 2010-07-16 15:50 454894 c:\windows\SYSTEM32\PERFH009.DAT
+ 2010-07-20 20:36 . 2010-07-20 20:36 231888 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10h_Plugin.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-07-11 16:34 . 2010-07-16 15:33 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2005-07-11 16:34 . 2010-06-10 21:28 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-04-19 20:01 . 2007-04-19 20:01 238424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2010-07-20 20:36 . 2010-07-20 20:36 5612496 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2010-05-25 17:45 . 2010-05-25 17:45 8445440 c:\windows\Installer\1318bd.msp
+ 2010-06-11 23:55 . 2010-06-11 23:55 1827328 c:\windows\Installer\1318a8.msp
+ 2010-07-01 04:52 . 2010-07-01 04:52 5522944 c:\windows\Installer\13188f.msp
+ 2006-05-10 13:42 . 2010-07-02 19:39 34045896 c:\windows\SYSTEM32\MRT.exe
+ 2010-06-11 23:52 . 2010-06-11 23:52 45542912 c:\windows\Installer\1318a9.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-01-20 16:34 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-09 13:48 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 746792]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2009-01-08 233472]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-29 3784704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-29 202256]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rocket Dock.lnk]
backup=c:\windows\pss\Rocket Dock.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UberIcon Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UberIcon Manager.lnk
backup=c:\windows\pss\UberIcon Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YzShadow.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Computer-111.DYNAWASATCH.000^Start Menu^Programs^Startup^DESKTOP.INI]
backup=c:\windows\pss\DESKTOP.INIStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 08:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
2009-01-30 16:35 451920 ----a-w- c:\program files\Common Files\ACD Systems\EN\DevDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discovery User Input]
2009-01-08 19:14 233472 ----a-w- c:\discovery\User Input\userin32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 11:20 122940 -c--a-w- c:\windows\SYSTEM32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 12:03 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-12-12 23:32 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 22:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-26 06:31 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2005-08-25 01:25 101080 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-05-29 21:52 3784704 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 04:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-22 22:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45 39424 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 01:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Fax"=2 (0x2)
"ose"=3 (0x3)
"Multi-user Cleanup Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"HssTrayService"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"Iap"=2 (0x2)
"RAIDStorAgent"=2 (0x2)
"ntrtscan"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AFAmgt;AFAmgt;c:\windows\SYSTEM32\DRIVERS\afamgt.sys [4/21/2004 3:36 AM 92411]
R1 fcec;fcec;c:\windows\SYSTEM32\fcec.sys [6/23/2010 1:56 PM 84992]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/8/2004 8:02 AM 118784]
R2 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [12/18/2002 4:31 AM 36064]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [3/31/2010 6:24 PM 194608]
R2 tmevtmgr;tmevtmgr;c:\windows\SYSTEM32\DRIVERS\tmevtmgr.sys [7/16/2010 9:43 AM 50192]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/9/2005 8:34 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/9/2005 8:34 PM 36368]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CdProbe;CdProbe;c:\windows\SYSTEM32\DRIVERS\CDProbe.SYS [4/7/2010 3:38 PM 20008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/2/2010 12:39 PM 135664]
S3 EraserUtilDrv10502;EraserUtilDrv10502;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10502.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10502.sys [?]
S3 EraserUtilDrv1061;EraserUtilDrv1061;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv1061.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv1061.sys [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/16/2010 9:42 AM 652552]
S4 RAIDStorAgent;RAID Storage Manager Agent;c:\program files\Dell\RAID Storage Manager\StorServ.exe [6/16/2004 2:10 PM 49152]
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-06 14:15]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 18:39]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 18:39]

2010-07-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

2010-07-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1529193839-4040784604-3554453458-1323.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1529193839-4040784604-3554453458-1323.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-07-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-01-20 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.knrs.com/pages/player.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: beatport.com
Trusted Zone: emcor.net\securetransfer
DPF: {B5F31C7D-D161-46FF-B06C-AE133F284477} - hxxp://www2.ubroadcast.com/Share/ubweb.cab
FF - ProfilePath - c:\documents and settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla\Firefox\Profiles\jk7vzphy.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-26 08:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\COMPUT~1.000\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-26 08:38:35
ComboFix-quarantined-files.txt 2010-07-26 14:38

Pre-Run: 11,586,473,984 bytes free
Post-Run: 11,730,419,712 bytes free

- - End Of File - - 8C8BE1AB9DFD04B4C48502B4E2635183


OTL logfile created on: 7/26/2010 1:03:15 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 10.84 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 659.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 1335.21 Gb Total Space | 365.33 Gb Free Space | 27.36% Space Free | Partition Type: NTFS
Drive Z: | 1335.21 Gb Total Space | 365.33 Gb Free Space | 27.36% Space Free | Partition Type: NTFS

Computer Name: 760-BWPK671
Current User Name: jmclark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/26 08:40:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/23 14:52:28 | 012,649,736 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2010/04/06 13:44:14 | 000,247,856 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/03/31 18:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/29 09:40:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/26 13:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/21 13:20:30 | 001,246,848 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2009/04/16 05:11:06 | 000,746,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2009/04/15 22:37:08 | 001,332,520 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2009/04/02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/12 05:41:10 | 000,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/01/08 13:14:30 | 000,476,448 | ---- | M] (Centennial Software Limited ) -- C:\CENTENN.IAL\AUDIT\xferwan.exe
PRC - [2009/01/08 13:13:52 | 001,004,832 | ---- | M] (Centennial Software Limited ) -- C:\CENTENN.IAL\AUDIT\cagent32.exe
PRC - [2008/12/08 12:50:40 | 001,990,656 | ---- | M] (Anritsu) -- C:\Program Files\Anritsu\Anritsu Master Software Tools\MST.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/22 16:52:14 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/09/08 19:59:22 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2005/03/28 06:39:20 | 001,044,529 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\nlnotes.exe
PRC - [2005/03/28 06:08:44 | 000,020,530 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntaskldr.exe
PRC - [2004/02/08 08:02:22 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/07/26 08:40:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10\OTL.exe
MOD - [2010/04/23 14:52:32 | 000,048,368 | ---- | M] () -- C:\Program Files\Paltalk Messenger\ctrlkey.dll
MOD - [2008/04/13 18:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msacm32.dll
MOD - [2008/04/13 18:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/06 13:44:46 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/04/06 13:44:14 | 000,247,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/03/31 18:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/26 13:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/21 13:20:30 | 001,246,848 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2009/04/15 22:37:08 | 001,332,520 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2009/03/12 05:41:10 | 000,341,256 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/02/23 13:31:40 | 000,652,552 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/01/08 13:14:30 | 000,476,448 | ---- | M] (Centennial Software Limited ) [Auto | Running] -- C:\CENTENN.IAL\AUDIT\xferwan.exe -- (CentennialIPTransferAgent)
SRV - [2009/01/08 13:13:52 | 001,004,832 | ---- | M] (Centennial Software Limited ) [Auto | Running] -- C:\CENTENN.IAL\AUDIT\cagent32.exe -- (CentennialClientAgent)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/03/28 06:49:12 | 000,057,393 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2004/06/16 14:10:48 | 000,049,152 | ---- | M] (Dell) [Disabled | Stopped] -- C:\Program Files\Dell\RAID Storage Manager\StorServ.exe -- (RAIDStorAgent)
SRV - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Disabled | Stopped] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2004/02/08 08:02:22 | 000,118,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv1061.sys -- (EraserUtilDrv1061)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10502.sys -- (EraserUtilDrv10502)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPUT~1.000\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/07/26 09:26:36 | 000,020,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDProbe.SYS -- (CdProbe)
DRV - [2010/06/23 13:56:10 | 000,084,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\fcec.sys -- (fcec)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/31 10:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys -- (Srv)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2009/10/20 10:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys -- (HTTP)
DRV - [2009/09/15 14:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hssdrv.sys -- (HssDrv)
DRV - [2009/09/15 14:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys -- (taphss)
DRV - [2009/07/22 13:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tap0901.sys -- (tap0901)
DRV - [2009/06/24 05:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/28 14:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/04/03 20:47:16 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2009/04/03 20:47:14 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/03 20:47:12 | 000,151,568 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2009/02/23 13:32:54 | 000,078,352 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmtdi.sys -- (tmtdi)
DRV - [2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 18:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 18:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 18:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2008/04/13 18:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 13:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys -- (NetBT)
DRV - [2008/04/13 13:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 13:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 13:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 13:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)
DRV - [2008/04/13 13:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 13:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 13:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 13:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 13:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 13:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/04/13 13:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 13:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 13:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 12:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 12:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 12:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 12:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 12:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 12:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys -- (IpNat)
DRV - [2008/04/13 12:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 12:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys -- (PSched)
DRV - [2008/04/13 12:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys -- (Gpc)
DRV - [2008/04/13 12:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 12:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 12:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys -- (IRENUM)
DRV - [2008/04/13 12:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 12:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 12:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 12:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 12:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 12:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 12:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2008/04/13 12:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2008/04/13 12:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 12:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2008/04/13 12:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 12:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys -- (kmixer)
DRV - [2008/04/13 12:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys -- (swmidi)
DRV - [2008/04/13 12:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys -- (splitter)
DRV - [2008/04/13 12:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys -- (DMusic)
DRV - [2008/04/13 12:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2008/04/13 12:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/13 12:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 12:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/13 12:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 12:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys -- (Imapi)
DRV - [2008/04/13 12:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 12:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 12:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 12:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 12:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 12:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys -- (redbook)
DRV - [2008/04/13 12:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys -- (Fdc)
DRV - [2008/04/13 12:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 12:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys -- (serenum)
DRV - [2008/04/13 12:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys -- (Parport)
DRV - [2008/04/13 12:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys -- (swenum)
DRV - [2008/04/13 12:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 12:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 12:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 12:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 12:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 12:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 12:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\update.sys -- (Update)
DRV - [2008/04/13 12:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 12:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 12:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 12:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 12:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 12:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 12:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 12:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 12:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 12:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 12:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 12:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 12:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 12:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 12:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 12:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 12:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 12:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 12:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 12:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor)
DRV - [2008/04/13 10:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys -- (aec)
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tapvpn.sys -- (tapvpn)
DRV - [2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\DLADResN.SYS -- (DLADResN)
DRV - [2005/10/21 11:07:12 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DRVNDDM.SYS -- (drvnddm)
DRV - [2004/05/29 15:52:00 | 002,206,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/04/21 03:36:44 | 000,092,411 | R--- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\afamgt.sys -- (AFAmgt)
DRV - [2004/04/09 12:41:30 | 000,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/03/29 18:16:24 | 000,131,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e1000325.sys -- (E1000) Intel®
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2003/07/16 10:42:39 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/07/16 10:42:10 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\toside.sys -- (TosIde)
DRV - [2003/07/16 10:41:17 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/07/16 10:41:16 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/07/16 10:41:16 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/07/16 10:41:16 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/07/16 10:40:06 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/07/16 10:36:34 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpcdd.sys -- (RDPCDD)
DRV - [2003/07/16 10:36:27 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspti.sys -- (Raspti)
DRV - [2003/07/16 10:36:19 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasacd.sys -- (RasAcd)
DRV - [2003/07/16 10:36:08 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/07/16 10:36:07 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/07/16 10:36:07 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2003/07/16 10:36:07 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2003/07/16 10:36:06 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/07/16 10:36:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink)
DRV - [2003/07/16 10:35:03 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2003/07/16 10:35:02 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\perc2.sys -- (perc2)
DRV - [2003/07/16 10:34:53 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2003/07/16 10:34:48 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/07/16 10:34:03 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/07/16 10:34:03 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/07/16 10:33:55 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2003/07/16 10:29:06 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/07/16 10:28:32 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/07/16 10:25:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/07/16 10:24:54 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2003/07/16 10:23:52 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpn.sys -- (hpn)
DRV - [2003/07/16 10:22:45 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2003/07/16 10:21:40 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/07/16 10:21:40 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2003/07/16 10:21:24 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2003/07/16 10:21:14 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/07/16 10:20:43 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/07/16 10:20:43 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2003/07/16 10:20:07 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2003/07/16 10:19:41 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/07/16 10:19:15 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2003/07/16 10:19:14 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/07/16 10:19:14 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2003/07/16 10:18:52 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2003/07/16 10:18:27 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/07/16 10:18:27 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2003/07/16 10:18:27 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/07/16 10:18:14 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amsint.sys -- (amsint)
DRV - [2003/07/16 10:18:13 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/07/16 10:18:12 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2003/07/16 10:18:12 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2003/07/16 10:18:12 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2003/07/16 10:17:57 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2003/07/16 10:17:50 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/07/16 10:17:45 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2002/12/18 04:31:06 | 000,036,064 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Asfalrt.sys -- (AsfAlrt)
DRV - [2002/04/03 11:09:16 | 000,049,457 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)
DRV - [2002/04/03 11:09:14 | 000,018,102 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 14:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.knrs.com/pages/player.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.7

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:03:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/29 09:42:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/18 12:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/20 14:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 08:00:46 | 000,000,000 | ---D | M]

[2010/07/20 14:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla\Extensions
[2010/07/20 14:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/21 23:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla\Firefox\Profiles\jk7vzphy.default\extensions
[2010/07/21 23:30:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla\Firefox\Profiles\jk7vzphy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 14:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/20 14:32:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/14 07:05:49 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/14 07:05:50 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/14 07:05:51 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/03/29 09:41:48 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/22 08:45:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/03/29 09:42:13 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/03/29 09:41:33 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/12/20 23:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/07/13 14:49:58 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/13 14:49:58 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/13 14:49:58 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/13 14:49:58 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/13 14:49:58 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/13 14:49:58 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/13 14:49:58 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/26 08:34:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe (Centennial Software Limited )
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: beatport.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: beatport.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: emcor.net ([securetransfer] https in Trusted sites)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://echoln2.emcor.net/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1224090136889 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1139494568578 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} https://oca.microsoft.com/en/secure/ocarpt.CAB (OcarptMain Class)
O16 - DPF: {B5F31C7D-D161-46FF-B06C-AE133F284477} http://www2.ubroadcast.com/Share/ubweb.cab (UbCtrl Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dynawasatch.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "iPodService"
MsConfig - Services: "Fax"
MsConfig - Services: "ose"
MsConfig - Services: "Multi-user Cleanup Service"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HssTrayService"
MsConfig - Services: "gusvc"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "AdobeActiveFileMonitor4.0"
MsConfig - Services: "Iap"
MsConfig - Services: "RAIDStorAgent"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rocket Dock.lnk - C:\Program Files\WinMatrix\Matrix Skin Pack\RocketDock\Rocket Dock.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UberIcon Manager.lnk - C:\Program Files\WinMatrix\Matrix Skin Pack\UberIcon\UberIcon Manager.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing LP)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YzShadow.lnk - C:\Program Files\WinMatrix\Matrix Skin Pack\YzShadow\YzShadow.exe - (Y'z@Home)
MsConfig - StartUpFolder: C:^Documents and Settings^Computer-111.DYNAWASATCH.000^Start Menu^Programs^Startup^DESKTOP.INI - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Device Detector - hkey= - key= - C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems)
MsConfig - StartUpReg: Discovery User Input - hkey= - key= - C:\Discovery\User Input\userin32.exe (Centennial Software Limited )
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MaxMenuMgr - hkey= - key= - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
MsConfig - StartUpReg: Microsoft Location Finder - hkey= - key= - C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0D85FDA2-B96B-7305-8891-31ABBFF6AA5D} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26010CAD-711D-BDAC-6393-CC638EB20231} - Outlook Express
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {50CC31D6-FCC1-6B32-2255-FF96FA8455E0} - Vector Graphics Rendering (VML)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {643FE7B1-EF11-493D-9695-1A6C55203B6A} - DirectAnimation
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58560405907177472)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 12:57:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/26 08:39:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/26 08:23:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/26 08:23:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/26 08:23:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/26 08:23:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/26 07:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\CWR 7-26
[2010/07/21 22:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\SLCC
[2010/07/20 14:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla
[2010/07/20 10:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\New Folder (3)
[2010/07/20 08:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\SUPERAntiSpyware.com
[2010/07/20 08:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/20 08:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/20 07:59:48 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\SUPERAntiSpyware.exe
[2010/07/20 07:57:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\ATF-Cleaner.exe
[2010/07/20 07:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\GooredFix Backups
[2010/07/20 07:56:08 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\GooredFix.exe
[2010/07/16 11:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Louis Sweep
[2010/07/16 10:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10
[2010/07/16 09:43:53 | 000,151,568 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/07/16 09:43:53 | 000,052,752 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/07/16 09:43:53 | 000,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/07/16 09:43:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2010/07/16 09:42:20 | 000,078,352 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/07/16 09:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/16 08:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\Safe mirror
[2010/07/16 08:29:36 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/16 08:09:30 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.svs
[2010/07/16 08:04:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/16 07:14:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\TFC.exe
[2010/07/15 08:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/15 08:31:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/15 08:30:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/12 15:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/12 15:05:43 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/12 15:05:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/12 15:05:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/12 15:05:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/10 03:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\sbgydmswl
[2010/07/09 21:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/07/09 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/09 12:29:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\IECompatCache
[2010/07/02 14:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Leadertech
[2010/07/01 16:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\EFSoftware
[2010/06/28 08:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Post-con Walks

========== Files - Modified Within 30 Days ==========

[2010/07/26 13:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/26 12:20:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/26 12:18:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/26 10:15:01 | 000,000,706 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/26 09:26:59 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/26 09:26:36 | 000,020,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\CDProbe.SYS
[2010/07/26 09:25:39 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/26 09:24:10 | 000,004,412 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/26 09:24:09 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1529193839-4040784604-3554453458-1323.job
[2010/07/26 09:24:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/26 09:23:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 09:23:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/26 09:23:50 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 09:23:03 | 022,806,528 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\NTUSER.DAT
[2010/07/26 09:22:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/26 09:22:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/26 08:40:54 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1529193839-4040784604-3554453458-1323.job
[2010/07/26 08:34:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/07/26 08:27:06 | 000,001,222 | ---- | M] () -- C:\CF-Submit.htm
[2010/07/26 08:16:22 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/07/25 21:30:38 | 000,014,852 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/07/23 16:27:40 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee Photo Manager 2009.lnk
[2010/07/22 15:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/21 08:34:46 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\HiJackThis.lnk
[2010/07/20 14:32:20 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/20 14:32:20 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/20 08:00:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 07:59:48 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\SUPERAntiSpyware.exe
[2010/07/20 07:57:35 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\ATF-Cleaner.exe
[2010/07/20 07:56:08 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\GooredFix.exe
[2010/07/19 10:21:16 | 000,493,056 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\Montage Deer Valley.doc
[2010/07/16 14:19:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\NTUSER.INI
[2010/07/16 09:50:10 | 000,454,894 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/07/16 09:50:10 | 000,076,054 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/07/16 09:50:09 | 000,526,968 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/16 09:45:12 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2010/07/16 08:21:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
[2010/07/16 08:20:48 | 1071,833,088 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/16 07:14:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\TFC.exe
[2010/07/16 07:08:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 14:15:00 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\gmer.zip
[2010/07/15 14:13:24 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Attach.zip
[2010/07/15 14:13:12 | 000,005,325 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\DDS.zip
[2010/07/15 14:09:29 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\dds.scr
[2010/07/15 14:08:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\defogger_reenable
[2010/07/15 14:08:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Defogger.exe
[2010/07/15 07:33:24 | 000,821,869 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\69582_AddicitonRecoveryManual_36764000_pdf.pdf
[2010/07/14 13:47:00 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/07/13 15:49:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\Montage Deer Valley - System Sweeps.xls
[2010/07/12 07:31:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/10 14:47:18 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/07/07 13:16:36 | 007,502,480 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\DTF 7-9Jun10_7-7-10.pdf
[2010/07/06 07:44:59 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 14:09:41 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\SL0 Closeout Tracker.xls

========== Files Created - No Company Name ==========

[2010/07/26 08:27:06 | 000,001,222 | ---- | C] () -- C:\CF-Submit.htm
[2010/07/26 08:23:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/26 08:23:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/26 08:23:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/26 08:23:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/26 08:23:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/21 21:25:28 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\._ebook.pdf
[2010/07/21 21:25:27 | 028,335,660 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\ebook.pdf
[2010/07/20 14:32:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/20 14:32:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/20 08:00:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/19 10:20:17 | 000,493,056 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\Montage Deer Valley.doc
[2010/07/16 14:20:28 | 1071,804,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 08:21:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/07/16 08:05:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/16 08:04:57 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/15 14:14:57 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\gmer.zip
[2010/07/15 14:13:24 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Attach.zip
[2010/07/15 14:13:12 | 000,005,325 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\DDS.zip
[2010/07/15 14:09:33 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\dds.scr
[2010/07/15 14:08:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\defogger_reenable
[2010/07/15 14:08:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Defogger.exe
[2010/07/15 11:49:12 | 000,002,493 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\HiJackThis.lnk
[2010/07/15 07:33:24 | 000,821,869 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\69582_AddicitonRecoveryManual_36764000_pdf.pdf
[2010/07/09 07:48:11 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/07 13:55:10 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\Montage Deer Valley - System Sweeps.xls
[2010/07/07 13:16:35 | 007,502,480 | ---- | C] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\DTF 7-9Jun10_7-7-10.pdf
[2010/06/23 14:10:35 | 000,000,058 | -HS- | C] () -- C:\WINDOWS\System32\User.ini
[2010/06/23 13:56:10 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\fcec.sys
[2010/04/07 15:38:07 | 000,020,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDProbe.SYS
[2010/03/05 14:15:39 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/09 13:02:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/14 15:01:40 | 000,004,356 | ---- | C] () -- C:\WINDOWS\cfgps.ini
[2008/07/29 15:32:26 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/10/25 12:27:37 | 000,004,268 | ---- | C] () -- C:\WINDOWS\cfgrt.ini
[2007/10/22 09:08:31 | 000,003,447 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini
[2007/10/22 09:08:30 | 000,004,217 | ---- | C] () -- C:\WINDOWS\cfgrs.ini
[2007/10/19 15:53:15 | 000,004,231 | ---- | C] () -- C:\WINDOWS\cfgms.ini
[2007/06/12 16:53:58 | 001,277,952 | ---- | C] () -- C:\WINDOWS\System32\libfishsound.dll
[2006/09/12 19:34:40 | 000,014,852 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2006/06/16 16:50:58 | 000,000,624 | ---- | C] () -- C:\WINDOWS\XMRadio.ini
[2006/04/27 08:20:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2006/02/21 08:32:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/12/27 10:38:39 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/10/03 07:20:03 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2005/09/29 16:32:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\WINMSG.INI
[2005/09/29 16:32:23 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\NCALLS.DLL
[2005/09/29 16:32:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\guidgen.dll
[2005/09/29 16:22:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2005/08/05 16:50:56 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\MGCSInst.dll
[2005/08/05 16:50:56 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\InstProc.dll
[2005/07/11 10:34:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/08 15:36:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2005/04/06 12:31:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\instut32.dll
[2005/04/01 14:38:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/01 14:36:37 | 000,001,499 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/01 14:18:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/01 14:07:48 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:08:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2002/12/18 04:31:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 16:01:05 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 16:00:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 16:00:19 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 16:00:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 16:00:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2002/01/18 21:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll
[2001/03/22 13:24:22 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[2000/09/01 07:25:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[1980/01/01 00:00:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2005/10/21 11:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/04/15 14:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/14 09:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/05/07 08:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/02/13 15:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/05/18 15:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/04/16 09:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/01/25 17:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/03/28 12:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/05/03 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/03/10 14:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/01/24 09:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/07/26 09:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2006/02/14 10:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/07/16 08:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/11 10:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/31 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/07/27 18:23:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/01/29 17:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/01/26 07:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/03/29 09:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2005/04/01 14:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/09/14 08:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/07/12 15:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/20 08:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/15 11:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/03 17:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/03/10 13:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/09/26 12:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/21 07:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2008/09/11 14:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/22 08:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/26 13:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/06/22 08:26:03 | 000,072,504 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
[2010/06/24 09:41:46 | 000,501,936 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb2B.tmp.exe
[2010/06/24 10:16:52 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2010/06/25 08:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Accellion
[2008/09/10 12:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\ACD Systems
[2009/04/15 14:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Adobe
[2010/06/24 10:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\AdobeUM
[2009/11/02 16:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Apple Computer
[2010/05/18 16:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Avery
[2010/02/26 08:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Azureus
[2010/07/01 16:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\EFSoftware
[2008/10/22 09:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Google
[2008/10/16 13:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Help
[2010/01/11 12:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\ICAClient
[2010/01/11 09:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\InstallShield
[2010/07/02 14:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Leadertech
[2008/09/04 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Macromedia
[2009/11/11 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Malwarebytes
[2009/03/27 16:56:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft
[2010/07/20 14:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Mozilla
[2009/04/08 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Opera
[2010/06/01 07:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Paltalk
[2010/03/29 09:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Real
[2008/09/26 14:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Sonic
[2010/01/15 13:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\streamripper
[2005/04/01 14:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Sun
[2010/07/20 08:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\SUPERAntiSpyware.com
[2010/04/16 09:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\WD
[2010/01/22 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Winamp
[2008/09/29 11:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Windows Search

< %APPDATA%\*.exe /s >
[2008/10/15 09:38:12 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009/03/09 08:54:54 | 000,370,070 | R--- | M] () -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Installer\{36C9E08A-BE2B-40A0-83C5-576748F7B777}\ARPPRODUCTICON.exe
[2010/07/15 11:49:16 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2010/04/19 14:34:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/21 12:43:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/19 14:34:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/04/21 12:43:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/03/19 17:43:04 | 010,158,890 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2003/07/16 10:40:05 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010/04/19 14:34:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/21 12:43:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/19 14:34:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/04/21 12:43:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/03/19 17:43:04 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\ATAPI.SYS
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/03/19 17:37:08 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\i386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/03/19 17:40:30 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\i386\NETLOGON.DLL
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/03/19 17:42:24 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\i386\SCECLI.DLL
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2004/03/19 17:44:02 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\i386\USERINIT.EXE

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/04/19 05:10:10 | 000,786,432 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2010/04/19 10:58:58 | 000,262,144 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2010/04/19 05:10:10 | 033,816,576 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2010/04/19 05:10:10 | 007,340,032 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2010/05/06 04:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/26 09:26:36 | 000,020,008 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\CDProbe.SYS
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/06/24 10:40:44 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

OTL Extras logfile created on: 7/26/2010 1:03:15 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Desktop\Malware 7-16-10
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 402.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 10.84 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 659.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 1335.21 Gb Total Space | 365.33 Gb Free Space | 27.36% Space Free | Partition Type: NTFS
Drive Z: | 1335.21 Gb Total Space | 365.33 Gb Free Space | 27.36% Space Free | Partition Type: NTFS

Computer Name: 760-BWPK671
Current User Name: jmclark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:fio32
"38055:TCP" = 38055:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe" = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabled:MFPSCDL -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" = C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"C:\Program Files\XM Satellite Radio\XMMT.exe" = C:\Program Files\XM Satellite Radio\XMMT.exe:*:Enabled:XM Satellite Radio PC Player -- (XM Satellite Radio)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\iTunnel\iTunnel\iTunnel.exe" = C:\Documents and Settings\Computer-111.DYNAWASATCH.000\My Documents\iTunnel\iTunnel\iTunnel.exe:*:Enabled:iTunnel -- ()
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Local Settings\Temp\7zSC.tmp\SymNRT.exe" = C:\Documents and Settings\Computer-111.DYNAWASATCH.000\Local Settings\Temp\7zSC.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Program Files\Streamripper\wstreamripper.exe" = C:\Program Files\Streamripper\wstreamripper.exe:*:Enabled:wstreamripper -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AAE3976-3167-4BDF-B785-00E19C6671A3}" = Lotus Notes 6.5.4
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2FE4F1CB-0917-41FD-87F6-E7E6C6C3CFC5}" = TMO Upgrade Application
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC99C3E-A32B-11D6-A56B-005004881E56}" = Powerprint Request v.5.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 with GPS Locator
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9C92D8D9-95DA-46B3-969F-923DBB30E268}" = Anritsu Master Software Tools
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3BAE6D2-0FAD-4C32-8138-8A226460C864}" = Intel ® Pro Alerting Agent
"{C5F7AEC4-80DB-4179-9D79-BF59D8F35AC3}" = Anritsu Master Software Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D7E2F983-97AA-4F9A-B327-54DE078C9466}" = RAID Storage Manager
"{E3F32659-0A17-4229-88DA-31019D5F4182}" = Matrix Skin Pack
"{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}" = MetaFrame Presentation Server Client
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}" = ACDSee 6.0 Standard
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AudibleDownloadManager" = Audible Download Manager
"AutoItv3" = AutoIt v3.1.1
"Avery Wizard 2.1 MSW11" = Avery® Wizard 2.1 for Microsoft® Office Word 2003
"CobBackup10" = Cobian Backup 10
"EF Multi File Renamer" = EF Multi File Renamer
"EphPod" = EphPod
"ESET Online Scanner" = ESET Online Scanner v3
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Google Updater" = Google Updater
"HotspotShield" = Hotspot Shield 1.41
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{D7E2F983-97AA-4F9A-B327-54DE078C9466}" = RAID Storage Manager
"InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeScanNT" = Trend Micro OfficeScan Client
"PalTalk8.2" = PaltalkScene
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ST6UNST #1" = Handheld Software Tools v6.61
"ST6UNST #3" = Handheld Software Tools v6.58
"Streamripper" = Streamripper (Remove only)
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2010 5:35:16 AM | Computer Name = 760-BWPK671 | Source = ESENT | ID = 489
Description = wuauclt (5968) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/21/2010 5:35:16 AM | Computer Name = 760-BWPK671 | Source = ESENT | ID = 455
Description = wuaueng.dll (5968) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/22/2010 3:22:34 AM | Computer Name = 760-BWPK671 | Source = Application Hang | ID = 1002
Description = Hanging application ACDSeeQV11.exe, version 2.0.111.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2010 3:47:27 PM | Computer Name = 760-BWPK671 | Source = Application Error | ID = 1000
Description = Faulting application NTRtScan.exe, version 11.0.0.1310, faulting module
ssapi32.dll, version 6.2.0.3009, fault address 0x000c73d8.

Error - 7/23/2010 6:52:32 PM | Computer Name = 760-BWPK671 | Source = Application Hang | ID = 1002
Description = Hanging application ACDSee11.exe, version 11.0.115.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2010 3:43:54 PM | Computer Name = 760-BWPK671 | Source = ESENT | ID = 490
Description = svchost (380) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/26/2010 10:09:39 AM | Computer Name = 760-BWPK671 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/26/2010 10:09:41 AM | Computer Name = 760-BWPK671 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/26/2010 10:10:33 AM | Computer Name = 760-BWPK671 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/26/2010 10:59:02 AM | Computer Name = 760-BWPK671 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:53:58 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:54:59 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error - 1/29/2010 6:54:59 PM | Computer Name = 760-BWPK671 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}


< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3747840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 61.27 )
0xF6702000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 2207744 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.27 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF3043000 C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 1318912 bytes (Trend Micro Inc., VsapiNT )
0xF65FD000 C:\WINDOWS\system32\drivers\smwdm.sys 614400 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF7359000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5113000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6523000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5292000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF29CD000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF2FD2000 C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 299008 bytes (Trend Micro Inc., Post Filter For XP)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF18EE000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6581000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF2CE1000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF732C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF1643000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5183000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2C8F000 C:\WINDOWS\system32\drivers\tmcomm.sys 172032 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF526A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF746F000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF5244000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4EC9000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF65D9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF66CA000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6693000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF51E2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF51AE000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7425000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7495000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74B4000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7312000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7457000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF2FA4000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF4EB1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF522C000 C:\WINDOWS\system32\fcec.sys 98304 bytes
0xF73E6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF65C2000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2FBC000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF2F8E000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF73FD000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xF27B0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF66B6000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF66EE000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF52EB000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF2C54000 C:\WINDOWS\system32\drivers\tmactmon.sys 77824 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0xF7445000 AFAmgt.sys 73728 bytes (Adaptec, Inc., Dell Management Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7413000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF51D0000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 73728 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xF74D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF65B1000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF5093000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7742000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7772000 C:\WINDOWS\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0xF7702000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7622000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7722000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7852000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7762000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7752000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2875000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF31FD000 C:\WINDOWS\system32\drivers\tmevtmgr.sys 61440 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0xF7802000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7632000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7672000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7712000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7782000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF50E3000 C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xF7652000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7792000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7862000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7732000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7642000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77E2000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF77B2000 C:\WINDOWS\system32\DRIVERS\tapvpn.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xF50D3000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF7612000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77F2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7682000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77C2000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7662000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7872000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76F2000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77A2000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7822000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF1603000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7842000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7942000 C:\WINDOWS\system32\DRIVERS\CDProbe.SYS 32768 bytes
0xF78FA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF790A000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79DA000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF791A000 C:\WINDOWS\System32\drivers\AsfAlrt.sys 28672 bytes (Intel Corporation, Asfalrt Driver)
0xF796A000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79E2000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF78E2000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7892000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7A12000 C:\WINDOWS\system32\DRIVERS\taphss.sys 28672 bytes (AnchorFree Inc, TAP-Win32 Virtual Network Driver)
0xF7912000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78DA000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF79F2000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF79EA000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A1A000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7902000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF79D2000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78EA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78CA000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF78F2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78AA000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF789A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A02000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7A0A000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF79FA000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7962000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A2A000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF31D9000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF72CE000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF301B000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B06000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A22000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A26000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF4F09000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B02000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7AC2000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF64C1000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72E6000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B0A000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF7ACE000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B4C000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7B60000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B4A000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7B1A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B16000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BAA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B5E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B12000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B62000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B98000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B64000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B4E000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B58000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B14000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CD0000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C08000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7D01000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C86000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BDA000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870F12C8 ] TID: 132
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BBEDA8 ] TID: 136, 36290072 bytes
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A485C0 ] TID: 140, 3145776 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B8B020 ] TID: 144, 3407875 bytes
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x87076988 ] TID: 164, 4194368 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87137020 ] TID: 168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B99B18 ] TID: 172
0x8055C700 Faked ServiceTable-->hsssrv.exe [ ETHREAD 0x870BD458 ] TID: 180
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869E45B0 ] TID: 184
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x869CCA08 ] TID: 188
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x869D0DA8 ] TID: 192
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x869D2A10 ] TID: 196
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x86A12950 ] TID: 200, 718776 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869DCB30 ] TID: 208
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x87108850 ] TID: 212
0x8055C700 Faked ServiceTable-->hsssrv.exe [ ETHREAD 0x870B8948 ] TID: 216, 8781831 bytes
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x872E0DA8 ] TID: 232
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869D3020 ] TID: 240
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8695F800 ] TID: 252
0x8055C700 Faked ServiceTable-->hsssrv.exe [ ETHREAD 0x872AAAD0 ] TID: 256
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86961748 ] TID: 264
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8711D9A0 ] TID: 280
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x869C4020 ] TID: 304
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x869C7020 ] TID: 308
0x8055C700 Faked ServiceTable-->hsswd.exe [ ETHREAD 0x870D8720 ] TID: 312
0x8055C700 Faked ServiceTable-->hsswd.exe [ ETHREAD 0x86B989E8 ] TID: 332
0x8055C700 Faked ServiceTable-->hsswd.exe [ ETHREAD 0x870FCA30 ] TID: 336
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86BADC28 ] TID: 344
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x8708BDA8 ] TID: 352
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x869C8830 ] TID: 364
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x86B9C3D8 ] TID: 368
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x870E22A8 ] TID: 372
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x86BC4918 ] TID: 376
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x871332C8 ] TID: 380
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x870EEA60 ] TID: 384
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87121488 ] TID: 404, 8781876 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B8BBE8 ] TID: 408
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BF89E8 ] TID: 420, 8781885 bytes
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x869C0BC8 ] TID: 424
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x869FE588 ] TID: 428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BAC870 ] TID: 432
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x869D9458 ] TID: 444
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x869E5770 ] TID: 456
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A64A30 ] TID: 460
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86989A18 ] TID: 472
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A68670 ] TID: 480
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86986770 ] TID: 484
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A091F0 ] TID: 488
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A194E8 ] TID: 492
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870EA3E0 ] TID: 504
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BFDDA8 ] TID: 508
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8699E5A0 ] TID: 512
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869D3648 ] TID: 520
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87123BE8 ] TID: 540
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BAD2F8 ] TID: 552
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x868F7020 ] TID: 560
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869D0950 ] TID: 568
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A19DA8 ] TID: 596
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x869BE810 ] TID: 600
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86CBABF8 ] TID: 620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870E9418 ] TID: 624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A6F850 ] TID: 628
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8725CB30 ] TID: 640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86915810 ] TID: 660
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A1A630 ] TID: 664
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x871C7550 ] TID: 672
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8713ABC8 ] TID: 676
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870D84A8 ] TID: 680
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x868DD550 ] TID: 692
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x872F1DA8 ] TID: 700
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BF7DA8 ] TID: 748
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8711DC18 ] TID: 764
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86BAB670 ] TID: 772, 196611 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B7CA28 ] TID: 776
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B7C7B0 ] TID: 780, 196615 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868A2020 ] TID: 784
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870D1A28 ] TID: 796
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B7C330 ] TID: 800
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868BC020 ] TID: 808, 34013187 bytes
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8725F848 ] TID: 812
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870D1DA8 ] TID: 816
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870F0A88 ] TID: 820
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x870CE498 ] TID: 824, 1317568 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8717D020 ] TID: 828
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x87083958 ] TID: 832
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x86950498 ] TID: 840
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87190658 ] TID: 848, 7471204 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87057230 ] TID: 852
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872735D8 ] TID: 864
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B86470 ] TID: 872
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8704BDA8 ] TID: 876, 5374020 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870C0DA8 ] TID: 880, 903592 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86B9F3C8 ] TID: 900
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8705CDA8 ] TID: 904
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87071C10 ] TID: 908
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870853C8 ] TID: 912
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8727B658 ] TID: 920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870A1988 ] TID: 940
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8705C990 ] TID: 948
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x87270160 ] TID: 960
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86B9FC18 ] TID: 964
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x869A4828 ] TID: 976
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B8CC18 ] TID: 980
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x87275988 ] TID: 988
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8726AC18 ] TID: 1004
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B7FDA8 ] TID: 1008
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x869A1020 ] TID: 1012
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8725CDA8 ] TID: 1020
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x869AA350 ] TID: 1024
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x868F75C8 ] TID: 1040
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8713A6D8 ] TID: 1044
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87099508 ] TID: 1052
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x869FC448 ] TID: 1060
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x87097A28 ] TID: 1076
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x870A0370 ] TID: 1084
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8704C770 ] TID: 1088, 6357104 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8726E160 ] TID: 1096
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87271A50 ] TID: 1108
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870A07F0 ] TID: 1144
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8718A230 ] TID: 1152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8706E7F0 ] TID: 1156
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8709DC18 ] TID: 1172
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8706CB48 ] TID: 1176
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x86BC5DA8 ] TID: 1180
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86994890 ] TID: 1196
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x86B29BD0 ] TID: 1200
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87101950 ] TID: 1208
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86953330 ] TID: 1268
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87109678 ] TID: 1280
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870C9B50 ] TID: 1284, 7209074 bytes
0x8055C700 Faked ServiceTable-->CNTAoSMgr.exe [ ETHREAD 0x872EEB30 ] TID: 1288
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x86A56DA8 ] TID: 1296
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870C9788 ] TID: 1304, 3801155 bytes
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x86B8E258 ] TID: 1316
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x86B8B808 ] TID: 1320
0x8055C700 Faked ServiceTable-->ASFAgent.exe [ ETHREAD 0x87115588 ] TID: 1332
0x8055C700 Faked ServiceTable-->ASFAgent.exe [ ETHREAD 0x871A74E0 ] TID: 1336
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BF9798 ] TID: 1372, 5963808 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BF9DA8 ] TID: 1392
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x86BC5998 ] TID: 1396
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x8718DDA8 ] TID: 1428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B9D460 ] TID: 1432
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x871F1678 ] TID: 1436
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BFCDA8 ] TID: 1440
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870DA7C0 ] TID: 1456
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x86CBD9E8 ] TID: 1468, 7012468 bytes
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x87082800 ] TID: 1472
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x87082588 ] TID: 1476
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x87082310 ] TID: 1480
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870CADA8 ] TID: 1484
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870CAB30 ] TID: 1488
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870CA8B8 ] TID: 1492
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870FFDA8 ] TID: 1496, 4980804 bytes
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870FFB30 ] TID: 1500, 2949120 bytes
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870FF8B8 ] TID: 1504
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870766F0 ] TID: 1508
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x87076478 ] TID: 1516
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x87076200 ] TID: 1520
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870AADA8 ] TID: 1524
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x869D79E8 ] TID: 1532
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x869C9640 ] TID: 1536
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x87134968 ] TID: 1544
0x8055C700 Faked ServiceTable-->FreeAgentService.exe [ ETHREAD 0x870D4370 ] TID: 1552
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x870B9368 ] TID: 1568
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x87107DA8 ] TID: 1572
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x86C88500 ] TID: 1576
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x872D1900 ] TID: 1580
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x869BF660 ] TID: 1616
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A41020 ] TID: 1620
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8709E418 ] TID: 1652, 7536686 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x87069368 ] TID: 1680
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8727A4B8 ] TID: 1684
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x87073228 ] TID: 1688
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x870445B0 ] TID: 1696
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8706BDA8 ] TID: 1708
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x869D4808 ] TID: 1716
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86B70020 ] TID: 1724
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x87130020 ] TID: 1728, 7536761 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86B95130 ] TID: 1732
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x87136020 ] TID: 1736
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B90020 ] TID: 1740
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x87131130 ] TID: 1744
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x870F6130 ] TID: 1748
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86BAC130 ] TID: 1752
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x870488B8 ] TID: 1764
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x871BF0E0 ] TID: 1772, 6357107 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86CBBDA8 ] TID: 1776
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x87057678 ] TID: 1792
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x87051D80 ] TID: 1796
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x870BDC18 ] TID: 1800
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8726B9A8 ] TID: 1804
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x870E4898 ] TID: 1808
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x87283DA8 ] TID: 1812
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x870BADA8 ] TID: 1816, 4784193 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86C17A90 ] TID: 1820
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86C0F780 ] TID: 1824
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86BFA1D8 ] TID: 1828
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x871C5DA8 ] TID: 1832
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x870DD020 ] TID: 1836
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x87169170 ] TID: 1840
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x870E79C0 ] TID: 1844
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x871F4B58 ] TID: 1848, 2949120 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86B75DA8 ] TID: 1852
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x87129920 ] TID: 1864
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86895DA8 ] TID: 1868
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86BA0020 ] TID: 1884
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B89DA8 ] TID: 1888
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x87133A80 ] TID: 1896
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8713F020 ] TID: 1968
0x8055C700 Faked ServiceTable-->openvpnas.exe [ ETHREAD 0x87186BC8 ] TID: 1976
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x869DC590 ] TID: 2000
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869D73B0 ] TID: 2004
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8718CDA8 ] TID: 2012
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BA4460 ] TID: 2020
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870C4460 ] TID: 2024
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86895B30 ] TID: 2028
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86BA6020 ] TID: 2032
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x872715D8 ] TID: 2040, 3014753 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8713A460 ] TID: 2068
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A48838 ] TID: 2080
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x869D59F8 ] TID: 2084
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x870CBBA0 ] TID: 2096
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8725EDA8 ] TID: 2116
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A19020 ] TID: 2140
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x87088760 ] TID: 2152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868BAB30 ] TID: 2156
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x86945780 ] TID: 2172
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x869523E8 ] TID: 2184
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x870CB928 ] TID: 2192
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869DE4D8 ] TID: 2208
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x872F1478 ] TID: 2216
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A50770 ] TID: 2232
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x86B27770 ] TID: 2260
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x86890BC8 ] TID: 2396, 3014753 bytes
0x8055C700 Faked ServiceTable-->PccNTMon.exe [ ETHREAD 0x86911020 ] TID: 2400
0x8055C700 Faked ServiceTable-->ASFAgent.exe [ ETHREAD 0x869B1918 ] TID: 2408
0x8055C700 Faked ServiceTable-->PccNTMon.exe [ ETHREAD 0x86909BC8 ] TID: 2412, 7536761 bytes
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x8691CBA0 ] TID: 2420
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x868BB020 ] TID: 2432
0x8055C700 Faked ServiceTable-->jusched.exe [ ETHREAD 0x868FFA18 ] TID: 2436
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x872C53D8 ] TID: 2460
0x8055C700 Faked ServiceTable-->CNTAoSMgr.exe [ ETHREAD 0x86B29020 ] TID: 2468, 7536761 bytes
0x8055C700 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x869069F0 ] TID: 2472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872EFDA8 ] TID: 2488
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87033020 ] TID: 2512
0x8055C700 Faked ServiceTable-->CNTAoSMgr.exe [ ETHREAD 0x86A54DA8 ] TID: 2536
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x872CA5E0 ] TID: 2540
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x868F22A8 ] TID: 2544
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x868F0020 ] TID: 2572
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x86902520 ] TID: 2588
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868F4DA8 ] TID: 2592
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868F9DA8 ] TID: 2600
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868F9B30 ] TID: 2604
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868EADA8 ] TID: 2608
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868ECBC8 ] TID: 2612
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x8706B370 ] TID: 2616, 36146672 bytes
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868E7B90 ] TID: 2632
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x8719AA90 ] TID: 2636, 130 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868E1DA8 ] TID: 2656
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868D5648 ] TID: 2660, 36327216 bytes
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868D77A0 ] TID: 2664
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868D9440 ] TID: 2668
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868E0800 ] TID: 2672
0x8055C700 Faked ServiceTable-->CNTAoSMgr.exe [ ETHREAD 0x86A4F268 ] TID: 2676
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869BC020 ] TID: 2700, 7602284 bytes
0x8055C700 Faked ServiceTable-->CNTAoSMgr.exe [ ETHREAD 0x872EE458 ] TID: 2708
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x86B292D0 ] TID: 2712
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A51CE8 ] TID: 2716
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x869A3950 ] TID: 2748, 36308392 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868AFDA8 ] TID: 2752
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x869BB398 ] TID: 2788, 16777215 bytes
0x8055C700 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x868F4810 ] TID: 2824
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869BB6B8 ] TID: 2836
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869E1020 ] TID: 2852
0x8055C700 Faked ServiceTable-->PccNTMon.exe [ ETHREAD 0x869A3BD0 ] TID: 2856
0x8055C700 Faked ServiceTable-->PccNTMon.exe [ ETHREAD 0x86953BD0 ] TID: 2860
0x8055C700 Faked ServiceTable-->PccNTMon.exe [ ETHREAD 0x86906488 ] TID: 2864
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8695ABD0 ] TID: 2872
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868F4B30 ] TID: 2884
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87140440 ] TID: 2888
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868EFBD8 ] TID: 2900
0x8055C700 Faked ServiceTable-->MSASCui.exe [ ETHREAD 0x868BD760 ] TID: 2908
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86990A58 ] TID: 2948
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868D63B8 ] TID: 2952
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x872C5020 ] TID: 2956
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86980B30 ] TID: 2960
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8697FDA8 ] TID: 2964
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86939020 ] TID: 2968
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x86978738 ] TID: 2972
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86936DA8 ] TID: 2976
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x869057D8 ] TID: 2992
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A08DA8 ] TID: 3000
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868EF3C8 ] TID: 3016
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86905560 ] TID: 3020
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x869AB2D0 ] TID: 3024
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86988808 ] TID: 3036
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86978B30 ] TID: 3060
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86937810 ] TID: 3068
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x870DE8C0 ] TID: 3072
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869AC388 ] TID: 3088
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x86903750 ] TID: 3096
0x8055C700 Faked ServiceTable-->PccNTMon.exe [ ETHREAD 0x86931020 ] TID: 3112
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872D8990 ] TID: 3148
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868B0598 ] TID: 3156
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x86988BC8 ] TID: 3160
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86968DA8 ] TID: 3168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869B3020 ] TID: 3172
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86B97020 ] TID: 3176
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D578C8 ] TID: 3180
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x868AEDA8 ] TID: 3236
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x869ADDA8 ] TID: 3244
0x8055C700 Faked ServiceTable-->mspaint.exe [ ETHREAD 0x86902A00 ] TID: 3264
0x8055C700 Faked ServiceTable-->mspaint.exe [ ETHREAD 0x868B0BA0 ] TID: 3268
0x8055C700 Faked ServiceTable-->mspaint.exe [ ETHREAD 0x86BAFB30 ] TID: 3272
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8697DBC8 ] TID: 3280
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x8686D3A0 ] TID: 3300
0x8055C700 Faked ServiceTable-->xferwan.exe [ ETHREAD 0x86BB0840 ] TID: 3316
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868DB438 ] TID: 3324
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x872D57E0 ] TID: 3356
0x8055C700 Faked ServiceTable-->mspaint.exe [ ETHREAD 0x86941660 ] TID: 3416
0x8055C700 Faked ServiceTable-->mspaint.exe [ ETHREAD 0x8725B5F0 ] TID: 3428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872CD7C0 ] TID: 3444
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872C95E0 ] TID: 3452
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x872D4978 ] TID: 3460
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8693B728 ] TID: 3464
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8693B498 ] TID: 3488
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x871EC590 ] TID: 3492
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86908020 ] TID: 3496
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x871ECB30 ] TID: 3504
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86908DA8 ] TID: 3508
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86908B30 ] TID: 3512
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x872C3448 ] TID: 3540
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8691D020 ] TID: 3544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869A9AF8 ] TID: 3560
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86998C08 ] TID: 3564
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86998990 ] TID: 3568
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869DD020 ] TID: 3616
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87167A08 ] TID: 3624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87167790 ] TID: 3628
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87167518 ] TID: 3632
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872DB500 ] TID: 3680
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869DDBC8 ] TID: 3692
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87192AA0 ] TID: 3708
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87192828 ] TID: 3712
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x872C6C70 ] TID: 3724
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x872C89E0 ] TID: 3796
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872C67C0 ] TID: 3816
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872D07C0 ] TID: 3880
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x871933D0 ] TID: 3884
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x86A0A5C0 ] TID: 3888
0x8055C700 Faked ServiceTable-->TmListen.exe [ ETHREAD 0x86977918 ] TID: 3892
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x868C6020 ] TID: 3896
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869776A0 ] TID: 3900
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86986DA8 ] TID: 3904
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86933A98 ] TID: 3908
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869334F8 ] TID: 3912
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869DD490 ] TID: 3916
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86934498 ] TID: 3920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869D6808 ] TID: 3956
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x869D6590 ] TID: 3960
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869CA020 ] TID: 3972
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x869CA9E8 ] TID: 3976
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x869CA770 ] TID: 3980
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x869D5DA8 ] TID: 4008
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x869CADA8 ] TID: 4020
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x869368D0 ] TID: 4056
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872E2DA8 ] TID: 4068
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x87166A58 ] TID: 4080

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 27 July 2010 - 09:48 AM

This next...

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 27 July 2010 - 07:15 PM

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...



#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 27 July 2010 - 10:02 PM

Well done thumbup2.gif

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-s.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

=========

With your next post please provide:

* MBAM log
* ESET log
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 28 July 2010 - 12:50 PM

Done :D MBAM found no threats - ESET found 6 and quarantined - should I uninstall application on close/delete quarantined files? My computer is running ok but it seems still vulnerable to attacks - my Trend Office Scan found some more threats via realtime scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/28/2010 8:06:09 AM
mbam-log-2010-07-28 (08-06-09).txt

Scan type: Quick scan
Objects scanned: 195174
Time elapsed: 15 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------

C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\[89]-Submit_2010-07-26_08.27.02.zip probably a variant of Win32/Agent.REB trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\dcoplre.sys.vir Win32/Agent.RJU trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP0\A0000004.dll a variant of Win32/Cimag.CW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000015.dll a variant of Win32/Cimag.CK trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP28\A0019247.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined


#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 28 July 2010 - 01:18 PM

Almost there...

Re-run ESET and makes sure it comes up clean.

Any ongoing problems?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 glowstickgorilla

glowstickgorilla
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 28 July 2010 - 03:53 PM

still experiencing the same seek.ind.in redirects! :C - I can't tell if my PC is picking up the same/similiar malware infections or if we've been unable to eradicate some

my Office Scan is regularly finding new infections - its like theres a huge vulnerability or somehting

going to run the ESET scan again now




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users