Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ? Web page hijack


  • Please log in to reply
8 replies to this topic

#1 Fleeb AUS

Fleeb AUS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 07 September 2010 - 02:20 AM

Hi,

I have Microsoft Security Essentials & Malwarebyes Anti Malware Installed. Computer was infected with AntivirusGT.

Web pages get hijacked sometimes but not others, computer seems to be running really slow (slower than normal)

Thanks in advance


DDS (Ver_10-03-17.01) - NTFSx86
Run by Celeron1700 at 15:56:47.40 on Tue 07/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.252 [GMT 10:00]

AV: Security Suite *On-access scanning enabled* (Updated) {F5E52F41-190C-46f6-9FC3-55470285CC2B}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Celeron1700\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://mystart.incredimail.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;localhost
uInternet Settings,ProxyServer = http=127.0.0.1:6522
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

=============== Created Last 30 ================

2010-09-07 05:43:54 0 ----a-w- c:\documents and settings\celeron1700\defogger_reenable
2010-09-07 04:46:57 1409 ----a-w- c:\windows\QTFont.for
2010-09-07 04:46:56 54156 ---ha-w- c:\windows\QTFont.qfn
2010-09-07 04:09:37 0 d-sha-r- C:\cmdcons
2010-09-07 04:05:22 98816 ----a-w- c:\windows\sed.exe
2010-09-07 04:05:22 77312 ----a-w- c:\windows\MBR.exe
2010-09-07 04:05:22 256512 ----a-w- c:\windows\PEV.exe
2010-09-07 04:05:22 161792 ----a-w- c:\windows\SWREG.exe
2010-08-30 05:31:15 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-30 05:24:42 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-30 04:47:33 0 d-----w- c:\docume~1\celero~1\applic~1\Malwarebytes
2010-08-30 04:47:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 04:47:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-30 04:47:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 04:47:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 04:43:55 0 d-----w- c:\windows\pss
2010-08-28 13:56:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-21 12:57:59 0 d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJEGV
2010-08-14 07:51:27 0 d-----w- c:\docume~1\celero~1\applic~1\IObit
2010-08-14 07:51:26 0 d-----w- c:\program files\IObit

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-12-08 12:15:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120820081209\index.dat

============= FINISH: 16:01:09.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:32 AM

Posted 13 September 2010 - 01:12 PM

Hello Fleeb AUS

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Fleeb AUS

Fleeb AUS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 13 September 2010 - 11:23 PM

Hi Thanks for your reply,

i have also ran a program called tdsskiller before i got your reply. please see output from that also


2010/09/13 17:43:57.0250 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/13 17:43:57.0250 ================================================================================
2010/09/13 17:43:57.0250 SystemInfo:
2010/09/13 17:43:57.0250
2010/09/13 17:43:57.0250 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/13 17:43:57.0250 Product type: Workstation
2010/09/13 17:43:57.0250 ComputerName: WINDOWSXP
2010/09/13 17:43:57.0250 UserName: Celeron1700
2010/09/13 17:43:57.0250 Windows directory: C:\WINDOWS
2010/09/13 17:43:57.0250 System windows directory: C:\WINDOWS
2010/09/13 17:43:57.0250 Processor architecture: Intel x86
2010/09/13 17:43:57.0250 Number of processors: 1
2010/09/13 17:43:57.0250 Page size: 0x1000
2010/09/13 17:43:57.0250 Boot type: Safe boot with network
2010/09/13 17:43:57.0250 ================================================================================
2010/09/13 17:43:57.0609 Initialize success
2010/09/13 17:44:02.0359 ================================================================================
2010/09/13 17:44:02.0359 Scan started
2010/09/13 17:44:02.0359 Mode: Manual;
2010/09/13 17:44:02.0359 ================================================================================
2010/09/13 17:44:04.0531 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/13 17:44:04.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/13 17:44:05.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/13 17:44:05.0390 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/13 17:44:05.0562 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/13 17:44:06.0062 ALCXWDM (e3e7c0f401e7024e8dc0dbe3ce7dcd59) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/13 17:44:06.0906 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/13 17:44:07.0078 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/13 17:44:07.0265 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/13 17:44:07.0468 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/13 17:44:07.0671 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/13 17:44:07.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/13 17:44:07.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/13 17:44:08.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/13 17:44:08.0406 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/13 17:44:08.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/13 17:44:08.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/13 17:44:09.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/13 17:44:09.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/13 17:44:09.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/13 17:44:10.0343 DcCam (844a9b14e2799a2adec1f392e7407d72) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2010/09/13 17:44:10.0515 DcFpoint (016ad1e71da43c39e5211fd7521c88d0) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2010/09/13 17:44:10.0687 DCFS2K (7cef1cd1dc5c24208f196c36eb48a411) C:\WINDOWS\system32\drivers\dcfs2k.sys
2010/09/13 17:44:10.0843 DcLps (2484fe767708eaba26767f2da0256398) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2010/09/13 17:44:11.0015 DcPTP (a76d1610c9cae786006d412f012dcb7c) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2010/09/13 17:44:11.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/13 17:44:11.0406 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/13 17:44:11.0578 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/13 17:44:11.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/13 17:44:11.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/13 17:44:12.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/13 17:44:12.0453 Exportit (3662b779f744e76b3aaa021430cb9dac) C:\WINDOWS\system32\DRIVERS\exportit.sys
2010/09/13 17:44:12.0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/13 17:44:12.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/13 17:44:13.0015 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/13 17:44:13.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/13 17:44:13.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/13 17:44:13.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/13 17:44:13.0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/13 17:44:13.0812 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/09/13 17:44:13.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/13 17:44:14.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/13 17:44:14.0468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/13 17:44:14.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/13 17:44:15.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/13 17:44:15.0562 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/13 17:44:15.0718 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2010/09/13 17:44:15.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/13 17:44:16.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/13 17:44:16.0265 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/13 17:44:16.0453 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/13 17:44:16.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/13 17:44:16.0765 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/13 17:44:16.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/13 17:44:17.0140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/13 17:44:17.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/13 17:44:17.0687 ltmodem5 (4a4a59fe612eb16bc289ec86fe57205f) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/09/13 17:44:17.0890 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/09/13 17:44:18.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/13 17:44:18.0265 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/13 17:44:18.0437 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/09/13 17:44:18.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/13 17:44:18.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/13 17:44:18.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/13 17:44:19.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/13 17:44:19.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/13 17:44:19.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/13 17:44:19.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/13 17:44:19.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/13 17:44:20.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/13 17:44:20.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/13 17:44:20.0484 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/09/13 17:44:20.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/13 17:44:20.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/13 17:44:21.0000 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/13 17:44:21.0312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/13 17:44:21.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/13 17:44:21.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/13 17:44:22.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/13 17:44:22.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/13 17:44:22.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/13 17:44:22.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/13 17:44:22.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/13 17:44:23.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/13 17:44:23.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/13 17:44:23.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/13 17:44:23.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/13 17:44:23.0937 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/13 17:44:24.0125 PCASp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\PCASp50.sys
2010/09/13 17:44:24.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/13 17:44:24.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/13 17:44:24.0750 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/13 17:44:25.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/13 17:44:26.0156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/13 17:44:26.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/13 17:44:26.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/13 17:44:27.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/13 17:44:27.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/13 17:44:27.0578 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/13 17:44:27.0765 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/13 17:44:27.0953 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/13 17:44:28.0140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/13 17:44:28.0312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/13 17:44:28.0500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/13 17:44:28.0765 RTL8023xp (2377f31cbb8277807c3351302cf133e9) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/09/13 17:44:28.0921 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/09/13 17:44:29.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/13 17:44:29.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/13 17:44:29.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/13 17:44:29.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/13 17:44:30.0031 SiS315 (de19e1ddd5cc69781599781b32e5e887) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/09/13 17:44:30.0203 sisagp (99d5140d748ba27576a4c883e536e6d6) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
2010/09/13 17:44:30.0343 SiSkp (88270f73c67d0d40e05e4062e8cd78f5) C:\WINDOWS\system32\drivers\srvkp.sys
2010/09/13 17:44:30.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/13 17:44:30.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/13 17:44:31.0031 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/13 17:44:31.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/13 17:44:31.0406 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/13 17:44:31.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/13 17:44:32.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/13 17:44:32.0390 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/13 17:44:32.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/13 17:44:32.0703 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/13 17:44:33.0062 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/13 17:44:33.0296 UMAXPCLS (931e8cafcaa536e8252cd7a375ff9794) C:\WINDOWS\system32\DRIVERS\umaxpcls.sys
2010/09/13 17:44:33.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/13 17:44:33.0703 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/13 17:44:33.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/13 17:44:34.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/13 17:44:34.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/13 17:44:34.0296 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/13 17:44:34.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/13 17:44:34.0609 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/13 17:44:34.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/13 17:44:34.0937 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/09/13 17:44:35.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/13 17:44:35.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/13 17:44:35.0593 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/13 17:44:35.0875 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/13 17:44:36.0281 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/13 17:44:36.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/13 17:44:36.0640 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/13 17:44:36.0656 ================================================================================
2010/09/13 17:44:36.0656 Scan finished
2010/09/13 17:44:36.0656 ================================================================================
2010/09/13 17:44:36.0718 Detected object count: 1
2010/09/13 17:44:44.0687 \HardDisk0\MBR - will be cured after reboot
2010/09/13 17:44:44.0687 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/09/13 17:44:48.0125 Deinitialize success


OTL logfile created on: 14/09/2010 9:20:05 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Celeron1700\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

735.00 Mb Total Physical Memory | 307.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 19.11 Gb Free Space | 51.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWSXP
Current User Name: Celeron1700
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Celeron1700\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\htpatch.exe ()
PRC - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
PRC - C:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Celeron1700\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Documents and Settings\Celeron1700\Local Settings\TempIadHide3.dll (BackWeb)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll ()
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Dcfssvc) -- C:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys (Silicon Integrated Systems Corporation)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (UMAXPCLS) -- C:\WINDOWS\system32\drivers\umaxpcls.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E BD 52 2E 17 53 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: ([2010/09/07 14:44:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst0401.cab (YInstStarter Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB (GDIChk Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab (Reg Error: Value error.)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...er/imloader.cab (IMDownloader Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/06/20 04:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/14 09:18:35 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Celeron1700\Desktop\OTL.exe
[2010/09/14 09:17:03 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/09/14 09:17:03 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/09/14 09:17:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/13 17:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Celeron1700\Desktop\tdsskiller
[2010/09/13 17:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/13 17:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Celeron1700\Desktop\Downloads
[2010/09/13 17:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Celeron1700\Application Data\GetRightToGo
[2010/09/09 10:13:33 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/09 10:13:33 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/09 10:13:31 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/09 10:13:26 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/09 10:13:23 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/09 10:13:23 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/09 10:13:23 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/09 10:12:55 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/09 10:12:55 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/09 10:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/09 10:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/09 09:38:55 | 000,000,000 | ---D | C] -- C:\~ErdUserProfile.$$$
[2010/09/08 09:46:24 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Celeron1700\Desktop\ATF-Cleaner.exe
[2010/09/08 09:45:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/07 15:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/07 14:09:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/07 14:05:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/07 14:05:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/07 14:05:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/07 14:05:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/07 14:04:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/07 13:57:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/04 00:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Celeron1700\My Documents\New Folder (4)
[2010/08/30 20:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/30 15:31:15 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/08/30 14:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Celeron1700\Application Data\Malwarebytes
[2010/08/30 14:47:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/30 14:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/30 14:47:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/30 14:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/30 14:43:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/29 12:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/29 03:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\rxtxatkwa
[2010/08/28 23:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/28 23:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/21 22:57:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/14 09:18:48 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\RKUnhookerLE.EXE
[2010/09/14 09:18:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Celeron1700\Desktop\OTL.exe
[2010/09/14 09:15:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/09/14 09:14:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/14 09:14:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/14 09:13:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 17:56:26 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Celeron1700\NTUSER.DAT
[2010/09/13 17:56:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Celeron1700\ntuser.ini
[2010/09/13 17:56:17 | 003,236,080 | -H-- | M] () -- C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IconCache.db
[2010/09/13 17:43:32 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\tdsskiller.zip
[2010/09/13 17:09:14 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB23F985-BE2C-44A7-8D5E-C4FAA5CB4D2A}.job
[2010/09/13 17:07:54 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/09/09 11:34:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/09 10:30:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/09 10:13:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/09 10:00:47 | 000,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/09 10:00:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/09 10:00:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/08 12:27:31 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\rkill.com
[2010/09/08 09:46:32 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Celeron1700\Desktop\ATF-Cleaner.exe
[2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/08 01:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/08 00:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/07 15:57:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\gmer.zip
[2010/09/07 15:44:59 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\dds.scr
[2010/09/07 15:43:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Celeron1700\defogger_reenable
[2010/09/07 15:43:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\Defogger.exe
[2010/09/07 14:44:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/07 12:02:06 | 003,839,253 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\ComboFix.exe
[2010/09/04 00:35:39 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 22:59:29 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Desktop\Car AM.xls
[2010/08/30 14:47:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 14:44:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2010/08/30 14:44:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/28 18:56:22 | 000,001,950 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wallpapers by IncrediMail.lnk
[2010/08/28 18:56:21 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2010/08/28 18:56:21 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Celeron1700\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/14 09:18:48 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\RKUnhookerLE.EXE
[2010/09/13 17:43:24 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\tdsskiller.zip
[2010/09/13 17:07:54 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/13 17:07:54 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/09/09 10:13:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/08 12:26:57 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\rkill.com
[2010/09/07 15:57:58 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\gmer.exe
[2010/09/07 15:57:40 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\gmer.zip
[2010/09/07 15:44:33 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\dds.scr
[2010/09/07 15:43:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Celeron1700\defogger_reenable
[2010/09/07 15:43:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\Defogger.exe
[2010/09/07 14:09:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/07 14:09:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/07 14:05:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/07 14:05:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/07 14:05:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/07 14:05:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/07 14:05:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/07 14:01:37 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\Car AM.xls
[2010/09/07 13:54:49 | 003,839,253 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Desktop\ComboFix.exe
[2010/08/30 15:18:44 | 000,000,434 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB23F985-BE2C-44A7-8D5E-C4FAA5CB4D2A}.job
[2010/08/30 14:47:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 23:56:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/28 18:56:22 | 000,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wallpapers by IncrediMail.lnk
[2007/10/25 15:08:12 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLdNL.DLL
[2004/09/24 13:28:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2003/10/27 10:18:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/28 13:45:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/09/27 10:19:23 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Celeron1700\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/09/10 07:01:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3y.DLL
[2002/07/22 06:39:25 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2002/07/22 06:39:24 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2002/06/20 05:52:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/06/20 04:57:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/06/20 04:55:14 | 000,032,768 | R--- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2002/06/20 04:55:02 | 000,009,536 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2002/06/20 04:55:01 | 000,028,709 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2002/06/20 04:55:01 | 000,001,004 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2002/06/20 04:54:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/06/20 04:54:41 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2002/06/20 04:12:10 | 000,000,852 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/06/20 03:55:52 | 000,000,308 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/12 04:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/09/09 10:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/10/25 15:09:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/04 21:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/08/21 22:57:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/07 11:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/04/02 01:39:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/05/16 01:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/16 01:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/07/19 21:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/09/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/23 23:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Celeron1700\Application Data\Arkadium
[2010/07/14 10:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Celeron1700\Application Data\Canon
[2007/11/14 15:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Celeron1700\Application Data\FUJIFILM
[2010/09/13 17:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Celeron1700\Application Data\GetRightToGo
[2002/09/10 09:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Celeron1700\Application Data\InterTrust
[2010/09/13 17:09:14 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB23F985-BE2C-44A7-8D5E-C4FAA5CB4D2A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2002/06/20 04:08:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/30 14:44:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/09 10:00:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/07 15:12:06 | 000,013,106 | ---- | M] () -- C:\ComboFix.txt
[2002/06/20 04:08:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/06/20 04:08:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/06/20 04:08:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/21 12:49:29 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/08 21:18:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/14 09:13:55 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2010/09/08 12:36:29 | 000,000,404 | ---- | M] () -- C:\rkill.log
[2003/10/06 17:49:04 | 000,009,928 | ---- | M] () -- C:\sponsorship.rtf
[2010/09/13 17:44:48 | 000,036,424 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_13.09.2010_17.43.57_log.txt
[2010/09/13 17:51:54 | 000,035,814 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_13.09.2010_17.46.52_log.txt

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/06/19 20:59:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/06/19 20:59:01 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/06/19 20:59:01 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/08 00:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/09/08 00:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/09/08 00:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/06/22 01:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2002/02/12 15:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD3y.DLL
[2007/04/16 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL
[2008/10/26 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9P.DLL
[2002/02/12 15:00:00 | 000,043,008 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP3y.DLL
[2007/04/16 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
[2008/10/26 04:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9P.DLL
[2001/12/13 20:09:54 | 000,009,728 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2001/12/15 12:10:36 | 001,941,504 | ---- | M] (Hewlett-Packard Corp.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\pcldll6l.dll
[2001/12/15 12:10:36 | 000,045,056 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zpp.dll
[2001/12/15 12:10:36 | 000,036,864 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\zpppcl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 5368 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029E021F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Edited by Fleeb AUS, 14 September 2010 - 12:38 AM.


#4 Fleeb AUS

Fleeb AUS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 14 September 2010 - 12:02 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 1167360 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF74C3000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 712704 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF73D4000 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF7673000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF4490000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7312000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF459D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF3E88000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF395C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF75A8000 C:\WINDOWS\System32\DRIVERS\sisgrp.sys 245760 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF777F000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF3F2F000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7646000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF4528000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF4575000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF43A3000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xF446A000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF749F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF747B000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7571000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4553000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF4629000 C:\WINDOWS\System32\DRIVERS\EXPORTIT.SYS 135168 bytes (Eastman Kodak Company, Kodak DC File System driver)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7717000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF774F000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF762C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7737000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF40EC000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7700000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF73A9000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF3B7B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF73C0000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7594000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF45F6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7469000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 73728 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF776E000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7398000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF79DE000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7A2E000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF785E000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF783E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A3E000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF3E28000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF78FE000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF780E000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF786E000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF787E000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF77EE000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF789E000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF795E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A1E000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF77DE000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF788E000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF793E000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF77CE000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF78EE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF78BE000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF792E000 C:\WINDOWS\System32\DRIVERS\DcCam.sys 36864 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xF443A000 C:\WINDOWS\system32\drivers\dcfs2k.sys 36864 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xF77FE000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF798E000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF3F7C000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF78AE000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF794E000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF5282000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A0E000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF796E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B16000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B76000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B0E000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B1E000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7B7E000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7A4E000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7A5E000 SISAGP.sys 28672 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7B8E000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7B26000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7B4E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7B2E000 C:\WINDOWS\system32\DRIVERS\umaxpcls.sys 24576 bytes (Microsoft Corporation, Parallel Scanner Driver)
0xF7B66000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7ACE000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7B56000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7B6E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A56000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B3E000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B46000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7B36000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B06000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7BAE000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF4353000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF7600000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7CB2000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF425F000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C9A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C66000 C:\WINDOWS\system32\drivers\srvkp.sys 16384 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF434F000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7BDE000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7374000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7C9E000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7C86000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7C8A000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7CA2000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF75EC000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D08000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D06000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7CCE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D0A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D5E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D0C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D00000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D04000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7CD0000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E0F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DBC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E0D000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7EF4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D96000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonBJ
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonIJ
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonIJPLM
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonIJScan
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Google
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\TEMP
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\2ABD0A
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Videos
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX330 series Manual
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\MP Navigator EX 2.1
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\FinePixViewer
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Adobe\Flash Player
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Arkadium
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Canon
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\FUJIFILM
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Google\Local Search History
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\InstallShield
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\207.218.205.99
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\216.40.252.130\demonic_defence_3.swf
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\adaptv.vo.llnwd.net
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\bandtools.nabbr.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\bin.clearspring.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\c2.zedo.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\iad.bigpondvideo.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\img.cameraboys.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\media.tattomedia.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\members.cameraboys.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\mochiads.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\oddcast.com\vhsssecure.php
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\s.mcstatic.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\s9.addthis.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\static.awempire.com\flash\custom-freechat\freechat136.swf
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\suitesmart.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\twinks.com\tour\flvplayer\fp\6a3a135d4c388d7612a23\wf700\fp.swf
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\widgets.discovery.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.baitbus.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.dickdorm.com\swf
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.flashearth.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.gofish.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.gotgayporn.com\player
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.mousebreaker.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\#SharedObjects\HEC5CAHR\www.outinpublic.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#207.218.205.99
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#216.40.252.130
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adaptv.vo.llnwd.net
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bandtools.nabbr.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#c2.zedo.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#doggyboys.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iad.bigpondvideo.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.cameraboys.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.tattomedia.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#members.cameraboys.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#news.ninemsn.com.au
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#oddcast.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.mcstatic.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s9.addthis.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#suitesmart.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widgets.discovery.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.baitbus.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dickdorm.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.flashearth.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.gofish.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.gotgayporn.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mousebreaker.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.outinpublic.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.uknakedmen.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www3.bfcollection.com
!-->[Hidden] C:\Documents and Settings\Celeron1700\Favorites\BigPond
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\1277
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\888
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\100\889
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\1269
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\882
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\883
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{2FB2B765-BDB0-43BA-A264-EC6377063A5C}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{05ABC17F-B9FA-4B50-968D-AF7AB22CBD9A}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{0704C563-683D-4807-8668-0013A719D81E}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{09C155D3-2C20-4B69-AF1A-40D34D1CE8BC}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{13A98A2C-B8BE-456A-8291-87C94F22364E}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{2440751A-AD1A-4779-A3C0-0F452320E063}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{27BFAB54-DA16-460C-960E-A57F51299994}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{31F42C41-9632-4D48-9683-C1F851F91845}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{32B14880-4F77-4918-91D7-55398D710F3C}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{51EE43CD-5244-44CA-8DD9-B73F47B7D0C9}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{52E09DFC-4133-42CE-9CA0-23B87B439D2A}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{5A281DF1-AA8D-4849-BEA3-DBC4C691D3CE}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{5B35464A-A1C5-41BA-8FCA-5CAE730FCD31}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{61A59E4A-3C89-4C39-A4E0-87AC898D9559}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{629F7D98-F38F-4EC4-88B2-5AE051DEEC68}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{68F33920-E6B3-454D-8678-5A40A69B2319}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{73B55B8D-9ABC-400E-AFC9-B4F756283C9F}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{790D14E9-5DFB-44BF-A85A-2798671DCBF4}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{79A0374B-F983-4BF6-8E3E-379D0B26C257}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{801952F2-0465-406C-9249-311139664443}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{829C020C-49D3-48E8-980E-342E7CDE64FF}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{86FFA958-8291-42A2-A591-D494771D3FC7}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{8DEBE69A-DDD7-4E0F-B18F-E82E7E4FA23A}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{90F4AA70-6B7B-4F0B-A1A7-7868889638F1}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{97A15F5B-AEAD-46C4-9649-287EFB9E6E47}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{9E6A735E-1287-4A35-9329-4C1246E6DC30}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{A7589E90-55E0-46E0-A03F-BC6481D53DAB}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{B2D9D95C-029E-4357-95E3-DF3BF99834A4}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{BAF493E6-0293-4FAD-8581-6D0E08870690}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{BB5888E9-52D0-4C86-9EF5-CC490BD7DC17}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{BC439B0A-836B-42DF-8D4D-AC7B7E9BC6BD}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{C28561E3-8C18-4B05-BA30-E7E6F3BF0BD8}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{F0105F74-8410-46BD-A181-0DDBE3C6F058}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\Attachments\{F288DDF1-F4C9-481F-877F-95EE21C3A216}
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\IndexB\index_i_43.ix
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\IndexB\index_klh_43.ix
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Message Store\IndexB\index_k_43.ix
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Identities\{92DA2F15-AC17-4B64-841D-7DE192DFEA6A}\Signature
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Letter
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Runtime\Animation
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Runtime\EmoticonCenter
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Runtime\Letter
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Runtime\LetterThumbnail
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\IM\Runtime\Resource\Features
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\Microsoft\Internet Explorer\Services
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\Microsoft\Media Player\Art Cache
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\Microsoft\Windows Media\11.0
!-->[Hidden] C:\Documents and Settings\Celeron1700\Local Settings\Application Data\Temp
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\Downloads
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\My Pictures\2007_1115
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\My Pictures\2008_1206NZ2007
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\My Pictures\2008_1207NZ2007
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\My Pictures\Kodak Pictures\2003-10-31
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\My Pictures\Kodak Pictures\2003-12-25
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\My Pictures\MP Navigator EX
!-->[Hidden] C:\Documents and Settings\Celeron1700\My Documents\New Folder
!-->[Hidden] C:\Documents and Settings\Celeron1700\NetHood\SharedDocs on general (Windowsxp)
!-->[Hidden] C:\Documents and Settings\Celeron1700\Start Menu\Programs\IncrediGames
!-->[Hidden] C:\Documents and Settings\LocalService\IETldCache
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5
!-->[Hidden] C:\Documents and Settings\Skygod\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Skygod\Application Data\Microsoft\CryptnetUrlCache
!-->[Hidden] C:\Documents and Settings\Skygod\Local Settings\Application Data\Microsoft\Portable Devices
!-->[Hidden] C:\Program Files\CanonBJ\IJPrinter\Canon MX330 series
!-->[Hidden] C:\Program Files\Canon\IJ Manual
!-->[Hidden] C:\Program Files\Canon\IJPLM
!-->[Hidden] C:\Program Files\Canon\MP Navigator EX 2.1
!-->[Hidden] C:\Program Files\Common Files\CANON
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\10
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Professional
!-->[Hidden] C:\Program Files\Common Files\Oberon Media
!-->[Hidden] C:\Program Files\DIFX
!-->[Hidden] C:\Program Files\FinePixViewer
!-->[Hidden] C:\Program Files\Google
!-->[Hidden] C:\Program Files\IncrediGames
!-->[Hidden] C:\Program Files\IncrediMail\Data\Licenses
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}
!-->[Hidden] C:\Program Files\Internet Explorer\en-US
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\install
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\oobe
!-->[Hidden] C:\Program Files\Oberon Media
!-->[Hidden] C:\Program Files\PIXELA
!-->[Hidden] C:\Program Files\REGSHAVE
!-->[Hidden] C:\Program Files\Telstra
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\RECYCLER\S-1-5-21-2836731471-2947880745-1436944951-1005\Dc1\Advanced SystemCare\Backup
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB904942
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB915865
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB923561
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB932823-v3\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938127-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB938464
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB941568
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB941644\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB941693
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942615
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942615-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942763
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB942840
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB943055
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB943460
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB943485\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB944533-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB944653
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB945553
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB946026
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB948590
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB948881
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950749\SP2QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950749\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950759-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950760
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950762
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB950974
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951376-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951698
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951748
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB951978
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952004
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB952954
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954211
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954459\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB954459\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955069
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955759
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB955839
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956390-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956391
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956572
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956744
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956803
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956841
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB956844
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB957095
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB957097
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958215-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB958690
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB959426
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960225
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960714-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960803
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB960859
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961371-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961373
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961501\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB961501\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB963027-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB967715
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB968389\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969059
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB969947
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970430\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB970430\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971468
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971486
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971557
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971633
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971657
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB971961-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE7
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972260-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972270
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB972636-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973346
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973354
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973507
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973525
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973687
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973815
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB973869
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974112
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974318\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974318\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974455-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB974571
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975025
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975467
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975560\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975561
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975562\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975562\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB975713\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976662-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB976749-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977165-v2
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB977816
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978037\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978207-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978251
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978262
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978338
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978542\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978601\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB978601\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979309\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979309\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482\SP3QFE
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979482\update
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979559
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB979683
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980195
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980218
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB980232
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB981332-IE8
!-->[Hidden] C:\WINDOWS\$hf_mig$\KB982381-IE8
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB904942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914440$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB915865$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926239$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938464-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938464_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941568$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941569$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941644$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941693$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942615$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942763$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943055$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943485$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944653$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB945553$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946026$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948590$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948881$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950760$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952004$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952069_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954154_WM11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954155_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955069_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956391$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956572$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956841_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956844$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958690$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959772_WM11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960225$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961371-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961373$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961501$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB967715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968389$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968816_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969059$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969947$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970430$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970653-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971468$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971486$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB972270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973525$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973540_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973815$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974112$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974318$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974571$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975025$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975467$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975560$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975562$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975713$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB976098-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977165-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977816$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978037$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978251$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978262$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978542$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978601$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978695_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979309$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979482$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979559$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980195$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980218$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980232$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981793$
!-->[Hidden] C:\WINDOWS\$NtUninstallMSCompPackV1$
!-->[Hidden] C:\WINDOWS\$NtUninstallWMFDist11$
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01000$
!-->[Hidden] C:\WINDOWS\Debug\Setup
!-->[Hidden] C:\WINDOWS\ie7
!-->[Hidden] C:\WINDOWS\ie7updates
!-->[Hidden] C:\WINDOWS\ie8
!-->[Hidden] C:\WINDOWS\ie8updates
!-->[Hidden] C:\WINDOWS\inf\IEM
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{433A39B0-380C-4634-93FE-12A812954F5B}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\network diagnostic
!-->[Hidden] C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2gdr
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\e740a72458caa5dc68334c7afa82ebf3
!-->[Hidden] C:\WINDOWS\system32\CanonIJ Uninstaller Information
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE
!-->[Hidden] C:\WINDOWS\system32\en-US
!-->[Hidden] C:\WINDOWS\system32\LogFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\canonmx330_series718d
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\canonmx330_series_fa0921
!-->[Hidden] C:\WINDOWS\twain_32\MX330 series
!-->[Hidden] C:\WINDOWS\WBEM
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8A0, Type: Inline - PushRet 0x804E28A0-->CDF43AB6 [unknown_code_page]
ntoskrnl.exe+0x0000B9B8, Type: Inline - PushRet 0x804E29B8-->F446F43A [ipnat.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8057FE4C-->F43B8BB2 [aswSP.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Inline - RelativeJump 0x805652B3-->F43B89D6 [aswSP.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805A3B73-->F43B8B10 [aswSP.SYS]
ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8056503A-->F43B5FFA [aswSP.SYS]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8059F8CA-->F43B45D4 [aswSP.SYS]
[1148]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[1744]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1744]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1744]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1744]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1744]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1744]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1744]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3472]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3472]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3472]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3472]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3472]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3472]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3472]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3472]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3472]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3472]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3472]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3472]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3472]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3472]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3472]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3472]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3472]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3472]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3472]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3472]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3472]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3472]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3472]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3472]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3472]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[3472]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[3472]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3472]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[3472]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[3472]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[3472]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3472]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[4040]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[4040]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[4040]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[4040]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[4040]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[4040]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[4040]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[4040]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[4040]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[4040]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[4040]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[4040]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[4040]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[4040]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[4040]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[4040]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[4040]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[4040]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[4040]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[4040]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[4040]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[4040]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[4040]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[4040]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[4040]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[4040]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[4040]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[4040]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[4040]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[4040]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[4040]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[4040]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[568]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[568]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:32 AM

Posted 14 September 2010 - 07:08 AM

Yep look like TDSSKiller removed the infection.
It was an mbr infection.
It is a newer tdl4 and it hooks into the system in the mbr.
SO it removed it apparently.

But to check it over please do the following.
  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 Fleeb AUS

Fleeb AUS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 14 September 2010 - 06:33 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7CCE000 \WINDOWS\system32\KDCOM.DLL
0xF7BDE000 \WINDOWS\system32\BOOTVID.dll
0xF777F000 ACPI.sys
0xF7CD0000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF776E000 pci.sys
0xF77CE000 isapnp.sys
0xF7D96000 pciide.sys
0xF7A4E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF77DE000 MountMgr.sys
0xF774F000 ftdisk.sys
0xF7A56000 PartMgr.sys
0xF77EE000 VolSnap.sys
0xF7737000 atapi.sys
0xF77FE000 disk.sys
0xF780E000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7717000 fltmgr.sys
0xF7700000 KSecDD.sys
0xF7673000 Ntfs.sys
0xF7646000 NDIS.sys
0xF7A5E000 SISAGP.sys
0xF762C000 Mup.sys
0xF79CE000 \SystemRoot\System32\DRIVERS\processr.sys
0xF75A8000 \SystemRoot\System32\DRIVERS\sisgrp.sys
0xF7594000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF79EE000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF79FE000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7A0E000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7571000 \SystemRoot\System32\DRIVERS\ks.sys
0xF74C3000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF749F000 \SystemRoot\system32\drivers\portcls.sys
0xF7A3E000 \SystemRoot\system32\drivers\drmk.sys
0xF7ADE000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF747B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7AE6000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7469000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF73D4000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF7AEE000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7AF6000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF783E000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7CA2000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF73C0000 \SystemRoot\System32\DRIVERS\parport.sys
0xF784E000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7AFE000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7CA6000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF7DF6000 \SystemRoot\system32\drivers\msmpu401.sys
0xF7B06000 \SystemRoot\system32\DRIVERS\umaxpcls.sys
0xF7DF7000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF785E000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7CAA000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF73A9000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF786E000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF787E000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7B0E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7398000 \SystemRoot\System32\DRIVERS\psched.sys
0xF788E000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7B16000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7B1E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF789E000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7B26000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7D06000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7312000 \SystemRoot\System32\DRIVERS\update.sys
0xF7CBE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF78DE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF78EE000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7D08000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF75F4000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7B2E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7D0C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF791E000 \SystemRoot\System32\DRIVERS\DcCam.sys
0xF4629000 \SystemRoot\System32\DRIVERS\EXPORTIT.SYS
0xF7EBC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D0E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B3E000 \SystemRoot\System32\drivers\vga.sys
0xF7D10000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D12000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7B46000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7B4E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7C62000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF45F6000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF459D000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF792E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF4575000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4553000 \SystemRoot\System32\drivers\afd.sys
0xF793E000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7C72000 \SystemRoot\system32\drivers\srvkp.sys
0xF4528000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4490000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF794E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF446A000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF795E000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7C92000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF796E000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7B56000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF4443000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7B66000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7C96000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF79DE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7378000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B86000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7EB6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xF466A000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF4357000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF4413000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF4313000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF40EC000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF3F07000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7D88000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3DC0000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7B76000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF3A63000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3F5C000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7D4E000 \SystemRoot\system32\drivers\splitter.sys
0xF3A40000 \SystemRoot\system32\drivers\aec.sys
0xF3E7F000 \SystemRoot\system32\drivers\swmidi.sys
0xF3D28000 \SystemRoot\system32\drivers\DMusic.sys
0xF3A15000 \SystemRoot\system32\drivers\kmixer.sys
0xF7EAD000 \SystemRoot\system32\drivers\drmkaud.sys
0xF386C000 \SystemRoot\System32\Drivers\HTTP.sys
0xF3784000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
452 C:\WINDOWS\system32\smss.exe
500 csrss.exe
524 C:\WINDOWS\system32\winlogon.exe
568 C:\WINDOWS\system32\services.exe
580 C:\WINDOWS\system32\lsass.exe
732 C:\WINDOWS\system32\svchost.exe
776 svchost.exe
848 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1036 svchost.exe
1136 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1404 C:\WINDOWS\system32\spoolsv.exe
1896 svchost.exe
1976 C:\WINDOWS\system32\drivers\dcfssvc.exe
2028 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
132 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
224 C:\WINDOWS\system32\svchost.exe
628 alg.exe
1548 C:\WINDOWS\explorer.exe
2156 C:\WINDOWS\htpatch.exe
2176 C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
2192 C:\Program Files\QuickTime\qttask.exe
2204 C:\WINDOWS\SOUNDMAN.EXE
2212 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2252 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2260 C:\Program Files\IncrediMail\bin\IncMail.exe
2276 C:\WINDOWS\system32\ctfmon.exe
2296 C:\Program Files\FinePixViewer\QuickDCF2.exe
2328 C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
2348 C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
3428 C:\Program Files\Internet Explorer\iexplore.exe
3588 C:\Program Files\IncrediMail\bin\ImApp.exe
4020 C:\Program Files\Internet Explorer\iexplore.exe
1088 C:\Documents and Settings\Celeron1700\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST340014A, Rev: 3.54

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:32 AM

Posted 15 September 2010 - 06:20 AM

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 Fleeb AUS

Fleeb AUS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 15 September 2010 - 09:49 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4623

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/09/2010 9:40:20 AM
mbam-log-2010-09-16 (09-40-20).txt

Scan type: Quick scan
Objects scanned: 140006
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:32 AM

Posted 16 September 2010 - 06:33 AM

Ok great post the Eset log when it is completed.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users