Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With OTL Reort


  • This topic is locked This topic is locked
29 replies to this topic

#1 FaisalFarani1

FaisalFarani1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 27 September 2010 - 12:49 PM

Trojan.Agent/Gen.Virut----W32/rootkit!TDSS_TDL3.26+----Windows Host Process stopped working

My computer was infected with this root-kit not too long ago and i found a guide in these forums on how to remove it. Before i removed it i would notice every now and then that a window would pop up saying that my windows host services had stop working and needed to close, and that i couldn't update my Windows Vista, nor could i connect to the windows update website it was at this point i knew something was wrong. I scanned with MBAM, nothing really major just some corrupted BHO's and Trojans. I did notice a change in speed in boot up times or browsing times and the windows for the stopped host services were still popping up and i still couldn't update.
I am going to paste OTL Report and Norman Malware Cleaner Report as well.

Thanks in advance for your help.

**************************************************************************************

=========OTL========


OTL logfile created on: 27/09/2010 12:21:49 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Moon\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 358.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.30 Gb Total Space | 52.30 Gb Free Space | 49.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOON-PC
Current User Name: Moon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/27 12:19:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/09/17 23:39:15 | 000,494,592 | --S- | M] (BitMicro Software Corporation) -- C:\Program Files\RapidBIT\cidaemon.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/11/14 09:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/11/14 08:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 07:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/09/27 12:19:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/17 05:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/14 07:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Capt905c.sys -- (SQTECH905C)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Capt9052.sys -- (SQTECH9052)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091020.023\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091020.023\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\InPage24\Haspnt.sys -- (Haspnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Moon\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/12 06:42:22 | 000,241,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtlh86.sys -- (RTL8169)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\incdfs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\incdrec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/04/11 00:47:03 | 000,273,920 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\syntp.sys -- (SynTP)
DRV - [2009/02/06 18:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2008/10/09 10:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2008/09/12 13:14:30 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CamdVideo32.sys -- (CamdVideo32)
DRV - [2008/09/12 13:14:28 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CamdDriverV32.sys -- (CamdDriverV32)
DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/09 13:56:13 | 000,099,264 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anydvd.sys -- (AnyDVD)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/01/19 01:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/19 01:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/19 01:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/07 15:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\elbycdio.sys -- (ElbyCDIO)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/08/29 20:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2002/10/07 03:16:10 | 000,075,168 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2002/10/07 03:16:10 | 000,042,992 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/03/16 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\extensions
[2010/09/14 03:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/09/14 07:40:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000..\Run: [cdloader] C:\Users\Moon\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKLM..\RunOnce: [Norman Malware Cleaner] C:\Users\Moon\Desktop\Norman_Malware_Cleaner.exe (Norman ASA)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Moon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Moon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/27 12:19:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
[2010/09/27 12:05:54 | 000,025,244 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\aspi32.sys
[2010/09/27 12:05:53 | 000,025,160 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\System32\drivers\elbycdio.sys
[2010/09/27 12:05:52 | 001,161,888 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\agrsm.sys
[2010/09/27 12:05:52 | 000,202,928 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbtis.sys
[2010/09/27 12:05:52 | 000,130,200 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\incdfs.sys
[2010/09/27 12:05:52 | 000,019,096 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\incdrec.sys
[2010/09/27 12:05:51 | 000,290,816 | ---- | C] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys
[2010/09/27 12:05:51 | 000,208,688 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\syntp.sys
[2010/09/27 12:05:51 | 000,099,264 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\anydvd.sys
[2010/09/27 12:05:51 | 000,016,128 | ---- | C] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\tdcmdpst.sys
[2010/09/27 12:05:50 | 002,302,976 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys
[2010/09/27 12:05:50 | 000,919,552 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010/09/27 12:05:50 | 000,241,696 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\rtlh86.sys
[2010/09/27 12:05:50 | 000,023,640 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tvalz_o.sys
[2010/09/27 12:05:49 | 000,019,456 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Windows\System32\drivers\lpcfilter.sys
[2010/09/27 11:32:07 | 088,413,512 | ---- | C] (Norman ASA) -- C:\Users\Moon\Desktop\Norman_Malware_Cleaner.exe
[2010/09/27 01:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/26 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/26 23:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/20 20:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/20 20:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/20 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/19 16:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/15 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\skypePM
[2010/09/15 00:10:51 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\Skype
[2010/09/15 00:05:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/15 00:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/14 07:40:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/14 07:32:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/14 07:11:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/14 07:10:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/14 06:11:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/14 06:11:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/14 06:11:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/14 06:10:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/12 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/12 18:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/09/12 18:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/09/12 16:05:31 | 000,000,000 | ---D | C] -- C:\Users\Moon\Documents\DivX Movies
[2010/09/12 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/11 01:49:31 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2009/07/14 01:32:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Moon\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/27 12:25:07 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31751B52-AF54-41FF-8DB2-A54A9C6D75AD}.job
[2010/09/27 12:21:37 | 005,242,880 | -HS- | M] () -- C:\Users\Moon\ntuser.dat
[2010/09/27 12:19:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
[2010/09/27 12:03:05 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 12:03:05 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 12:01:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/27 12:00:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/27 11:59:45 | 000,524,288 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/27 11:59:45 | 000,065,536 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TM.blf
[2010/09/27 11:55:32 | 000,982,117 | -H-- | M] () -- C:\Users\Moon\AppData\Local\IconCache.db
[2010/09/27 11:50:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/09/27 11:32:10 | 088,413,512 | ---- | M] (Norman ASA) -- C:\Users\Moon\Desktop\Norman_Malware_Cleaner.exe
[2010/09/27 11:28:45 | 000,237,804 | ---- | M] () -- C:\Users\Moon\Desktop\Remove Fake Antivirus.exe
[2010/09/27 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At60.job
[2010/09/27 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/09/27 10:52:16 | 000,363,520 | ---- | M] () -- C:\Users\Moon\Desktop\rkill.com
[2010/09/27 10:50:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/09/27 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At54.job
[2010/09/27 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/09/27 04:50:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/09/27 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At53.job
[2010/09/27 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/09/27 03:50:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/09/27 03:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At52.job
[2010/09/27 03:00:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/09/27 02:50:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/09/27 02:37:40 | 000,000,905 | ---- | M] () -- C:\Users\Moon\Desktop\magicJack.lnk
[2010/09/27 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At51.job
[2010/09/27 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/09/27 01:52:55 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/27 01:50:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At72.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At71.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At70.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At69.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At68.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At67.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At66.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At65.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At64.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At63.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At62.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At61.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At59.job
[2010/09/27 01:25:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At58.job
[2010/09/27 01:25:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At57.job
[2010/09/27 01:25:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At56.job
[2010/09/27 01:25:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At55.job
[2010/09/27 01:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At50.job
[2010/09/27 01:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/09/27 00:50:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/09/27 00:38:38 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At49.job
[2010/09/27 00:24:26 | 000,000,112 | ---- | M] () -- C:\ProgramData\vJSn01.dat
[2010/09/27 00:22:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/09/27 00:00:02 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Moon-PC_Moon.job
[2010/09/26 20:10:31 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/09/26 20:10:31 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010/09/26 20:10:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/09/26 20:10:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/09/26 20:10:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/09/26 20:10:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/09/26 20:10:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010/09/26 20:10:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/09/26 20:10:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010/09/26 20:10:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/09/26 20:10:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010/09/26 20:10:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/09/26 20:10:29 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/09/26 20:10:29 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/09/26 20:10:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/09/26 20:10:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/09/26 20:10:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/09/26 20:10:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/09/26 20:10:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/09/26 20:10:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/09/26 20:10:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/09/26 20:02:43 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/09/26 19:50:55 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/09/21 21:14:39 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/21 08:26:56 | 000,000,320 | ---- | M] () -- C:\Windows\System32\playlog.xml
[2010/09/20 20:54:54 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/19 19:25:13 | 000,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2010/09/19 16:33:32 | 000,000,622 | ---- | M] () -- C:\Windows\tasks\{384FC25B-677B-4E96-A69F-672FD9B95042}.job
[2010/09/15 00:17:41 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/14 07:40:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/14 07:40:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/14 03:45:43 | 000,524,288 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 02:39:52 | 000,524,288 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{722d8283-11c5-11de-b8e4-0016d4fa501f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 02:39:52 | 000,065,536 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{722d8283-11c5-11de-b8e4-0016d4fa501f}.TM.blf
[2010/09/13 02:17:07 | 000,001,356 | ---- | M] () -- C:\Users\Moon\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 11:28:35 | 000,237,804 | ---- | C] () -- C:\Users\Moon\Desktop\Remove Fake Antivirus.exe
[2010/09/27 10:52:11 | 000,363,520 | ---- | C] () -- C:\Users\Moon\Desktop\rkill.com
[2010/09/27 01:52:55 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/27 00:24:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At72.job
[2010/09/27 00:24:48 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At71.job
[2010/09/27 00:24:47 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At70.job
[2010/09/27 00:24:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At69.job
[2010/09/27 00:24:46 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At68.job
[2010/09/27 00:24:45 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At67.job
[2010/09/27 00:24:44 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At66.job
[2010/09/27 00:24:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At65.job
[2010/09/27 00:24:42 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At64.job
[2010/09/27 00:24:41 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At63.job
[2010/09/27 00:24:41 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At62.job
[2010/09/27 00:24:39 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At61.job
[2010/09/27 00:24:38 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At60.job
[2010/09/27 00:24:37 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At59.job
[2010/09/27 00:24:37 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At58.job
[2010/09/27 00:24:36 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At57.job
[2010/09/27 00:24:35 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At56.job
[2010/09/27 00:24:34 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At55.job
[2010/09/27 00:24:33 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At54.job
[2010/09/27 00:24:32 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At53.job
[2010/09/27 00:24:31 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At52.job
[2010/09/27 00:24:30 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At51.job
[2010/09/27 00:24:29 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At50.job
[2010/09/27 00:24:28 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At49.job
[2010/09/26 19:32:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010/09/26 19:32:24 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010/09/26 19:32:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010/09/26 19:32:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010/09/26 19:32:22 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010/09/26 19:32:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010/09/26 19:32:20 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010/09/26 19:32:19 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010/09/26 19:32:19 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010/09/26 19:32:18 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010/09/26 19:32:18 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010/09/26 19:32:17 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010/09/26 19:32:16 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010/09/26 19:32:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010/09/26 19:32:15 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010/09/26 19:32:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010/09/26 19:32:14 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010/09/26 19:32:13 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010/09/26 19:32:12 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010/09/26 19:32:12 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010/09/26 19:32:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010/09/26 19:32:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010/09/26 19:32:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010/09/26 19:32:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010/09/26 19:32:09 | 000,000,112 | ---- | C] () -- C:\ProgramData\vJSn01.dat
[2010/09/26 19:30:45 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/09/26 19:30:44 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/09/26 19:30:43 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/09/26 19:30:43 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/09/26 19:30:42 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/09/26 19:30:42 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/09/26 19:30:41 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/09/26 19:30:40 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/09/26 19:30:40 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/09/26 19:30:39 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/09/26 19:30:39 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/09/26 19:30:38 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/09/26 19:30:37 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/09/26 19:30:37 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/09/26 19:30:36 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/09/26 19:30:36 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/09/26 19:30:35 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/09/26 19:30:34 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/09/26 19:30:34 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/09/26 19:30:33 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/09/26 19:30:32 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/09/26 19:30:32 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/09/26 19:30:31 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/09/26 19:30:24 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/09/26 19:10:56 | 000,000,390 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{31751B52-AF54-41FF-8DB2-A54A9C6D75AD}.job
[2010/09/20 20:57:27 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/20 20:54:54 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/19 16:33:32 | 000,000,622 | ---- | C] () -- C:\Windows\tasks\{384FC25B-677B-4E96-A69F-672FD9B95042}.job
[2010/09/15 00:17:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/14 06:11:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/14 06:11:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/14 06:11:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/14 06:11:47 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/14 06:11:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/14 03:38:29 | 000,524,288 | -HS- | C] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 03:38:29 | 000,524,288 | -HS- | C] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 03:38:29 | 000,065,536 | -HS- | C] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TM.blf
[2010/09/13 00:28:49 | 000,000,000 | ---- | C] () -- C:\Users\Moon\sfcdetails.txt
[2010/07/20 02:36:02 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/05/11 17:42:08 | 000,000,000 | -HS- | C] () -- C:\ProgramData\.pr_stat_data
[2010/04/29 18:30:55 | 000,000,871 | ---- | C] () -- C:\Windows\Inpage.INI
[2010/04/29 18:25:06 | 000,000,599 | ---- | C] () -- C:\Windows\INPAGE2.INI
[2010/04/11 01:15:05 | 000,081,920 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\ezpinst.exe
[2010/04/11 00:44:27 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/04/11 00:20:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/10 18:00:02 | 000,000,197 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\default.rss
[2010/04/10 18:00:02 | 000,000,000 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\downloads.m3u
[2010/04/10 15:04:57 | 000,262,123 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\Error.log
[2010/04/10 14:47:24 | 000,000,434 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/20 03:05:51 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/26 02:14:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/26 02:13:08 | 000,273,920 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2009/07/20 01:52:11 | 000,001,150 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/14 01:34:06 | 000,000,055 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\pcouffin.log
[2009/07/14 01:32:35 | 000,007,176 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\pcouffin.cat
[2009/07/14 01:32:34 | 000,001,144 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\pcouffin.inf
[2009/04/07 01:14:15 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/07 01:14:07 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/07 01:14:00 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/07 01:14:00 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/19 23:09:53 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/14 14:53:01 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/03/08 09:28:35 | 000,000,088 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\netstat.bat
[2008/07/29 20:57:18 | 000,024,206 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\UserTile.png
[2008/07/07 20:25:54 | 000,110,415 | ---- | C] () -- C:\ProgramData\BM17eafbd0.xml
[2008/07/07 20:25:54 | 000,102,961 | ---- | C] () -- C:\ProgramData\BM17eafbd0.txt
[2008/07/07 20:25:54 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/07/06 20:04:58 | 000,000,001 | ---- | C] () -- C:\Windows\tidosr.dll
[2008/07/06 20:04:54 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/06/16 20:29:44 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/05/07 17:32:42 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008/04/15 21:38:44 | 000,000,679 | ---- | C] () -- C:\Windows\Remove.ini
[2008/03/08 21:14:31 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008/03/08 21:14:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/03/03 19:53:05 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLcNL.DLL
[2008/03/03 19:39:49 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/03/03 19:36:19 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/09 08:13:40 | 000,001,356 | ---- | C] () -- C:\Users\Moon\AppData\Local\d3d9caps.dat
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/01/09 13:12:55 | 000,092,672 | ---- | C] () -- C:\Users\Moon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/09 00:00:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/01/09 00:00:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/01/09 00:00:16 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/01/09 00:00:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/05/09 16:31:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 16:31:01 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 16:31:01 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 16:31:01 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 16:31:01 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 16:31:01 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 15:49:52 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 14:41:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2004/09/28 06:38:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\wmatimer.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/19 10:51:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/19 10:51:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/19 10:51:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 03:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 03:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >
-------------------


========EXTRAS========

OTL Extras logfile created on: 27/09/2010 12:21:49 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Moon\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 358.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.30 Gb Total Space | 52.30 Gb Free Space | 49.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOON-PC
Current User Name: Moon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0634BEBD-1716-495A-977D-0D2F49C605F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A741B19-1419-4394-AE03-46118BBAEB52}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0DEFAF23-29D3-49D5-84C4-4EECAAEA6484}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{18D59A16-48DD-4043-BBAE-0B2116843B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3428BBEC-0385-4A67-8F27-5AA6E0B991EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E39CD34-D05E-4FFD-B128-C5E6DC71903B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46ACF289-6ED3-44F5-B7DA-302898293F88}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47A2DC40-106E-4C98-9936-EB1D313E3616}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5C5E46B5-E96A-4B0E-9D15-0C98541044AD}" = lport=53 | protocol=6 | dir=in | name=webserver |
"{707038E3-5B15-4ED5-A03B-27073DF63E87}" = lport=8085 | protocol=6 | dir=in | name=fio32 |
"{818E75C3-0CE9-49E9-9BE8-0F77C6D002FB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{82F16396-ED41-4DC8-B786-1F01E1E2407F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{84D8E88C-B87B-46AD-BB53-1F88B78C8654}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DA3A10F-2CD9-46F1-A51B-3D6E38C74354}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99370889-79A7-4E67-8A2F-B8FC53A1C059}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2AEA3C1-1AC7-469D-BAF5-A632084BA93D}" = lport=80 | protocol=6 | dir=in | name=webserver |
"{B5E92AB8-F821-4B21-AFC6-02DA4F2737DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B65DAABD-71BF-403E-8478-7ED0A94CD0CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BB9E8E2A-3744-4DC3-B6A7-1794064E77B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D238F2F1-E30C-4195-ABA8-A11BE4A5FE56}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADDE32C-29BB-4563-8BCC-AD9D8929EE96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2D0454E-41B5-4B89-9579-09FD4B02C17C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4AC942B-37F7-47FF-B72A-6C71935D261E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB8FF072-879F-4EE4-9421-639C17EF0EDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006A4144-6F47-424B-BDC5-95CC65E61A51}" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\temp\7zs1f43.tmp\symnrt.exe |
"{08E01787-5E59-4705-9602-A17CB7F2140E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11406BD0-7FAD-428E-BD07-F1E315E4DAA1}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{14EE3D79-E3D8-4DA9-8AF3-C5E70EE5E958}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{15244E30-A344-4DC6-A6A9-9DADBC1C7A9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19C3DFE4-B9C9-4294-B961-A8D6BE67A941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19DEBC02-A254-4CCD-B8B0-A7390D793D96}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28FF8544-0156-4AFA-A5D5-6C58B0A0D446}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{2B959B95-6EEB-4D12-8B8D-2102F2E93F4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2E305402-0505-40D7-B41B-5079F2AFA3AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E7C8CD2-42E6-4754-BAFF-8488CBD45764}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A6D852C-C824-44A1-A52E-FF8EB21EAAFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{431EC1EE-3056-4418-812C-7D0C15F8AD44}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4789A45E-9DD1-4255-86ED-9A96AC0F1D1D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{579EBF93-A5AF-416D-9271-6BC46C7DE6B7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5DAFE74C-3A56-4C60-85FC-1D9F0C128929}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F9260FE-8772-446F-A23F-51DBDED94BA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64D1BCED-0058-48F4-B8DB-560787A37441}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{659D454B-1B3B-445F-81A1-5DA850DBA96C}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{6A3AEC96-87D0-493F-B82A-6AD2090AE1E2}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{6D77F44C-27FA-49B1-80F4-5466D2625D14}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{6F7BFC59-E98C-4EBE-9E1E-5F134CFEBBD0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{74C19856-7F14-4CA2-803C-AF8EF67FBAF6}" = protocol=6 | dir=out | app=system |
"{75772927-8D73-4FAA-9F4A-1CA72A7A1F08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{848B0220-2A32-43EF-82CD-AC07E5FBCCE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{880C69EA-29E9-4ADC-889C-80FF9EE79A22}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8898CFD3-2E4F-4A91-83CB-C94DCB3BF221}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{916225DE-4C3C-4AB4-9EBC-975D6ECFFEDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FC69FB8-9E64-423A-9E89-6B2356B239A5}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{A498D6DB-4D1D-4DBC-A16A-79AC8E7AC2AE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{AE4968E0-E2A6-4D42-ACC7-D979C6A6639D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B0DF634E-F68C-4DB2-ADB4-8D625C299E92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1A8BEC0-A214-47EF-975B-EFFF6C61FD97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3C5AFAB-294A-4F70-AA5D-642AD6E8F148}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7D56A00-D275-4F46-BC1A-D954BF7790D6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B8F65173-55FC-4651-89D7-B3E74441B1DB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BEFC53ED-F119-47A9-AD31-F6465933D496}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5C0482E-8B6E-46BB-A7F0-ED1E7AA5424B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E33546BA-B6F8-468C-B343-7D565A3D3960}" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\temp\7zs1f43.tmp\symnrt.exe |
"{E4E8A536-5A0D-4B52-BDDF-6E79DAC3E8FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8F85B10-7509-40BD-81A9-93594EF182AC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EEE8C114-FB2B-4587-A12C-0C162CC61238}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F067B216-B018-4904-A13B-E320A23163A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{15822773-54C0-4491-81CB-A71A97D19280}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{1DF9B258-FFE1-41FE-A410-0510B91FA7D6}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{27808AE8-3636-4110-9D90-77A2C5D9C8CF}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{37DF9809-1ADA-40F9-825D-033F0B4997EA}C:\windows\system32\ppshell.exe" = protocol=6 | dir=in | app=c:\windows\system32\ppshell.exe |
"TCP Query User{3B217C40-F5F7-41AA-BE62-F92492F54DEE}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{51121AED-B8B2-403B-AEB4-DBE4C2DF46B8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{56666C0E-95F7-41D3-81AD-0650DD18C30B}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{69CD6180-FFD2-41B4-B918-AFEC6512C0F0}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{82E07F57-1AF4-4423-81E4-C19F2B7FE5A5}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{85A3B0C9-D275-44AE-99C1-6D7AC4A6ACB4}C:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe |
"TCP Query User{8A781CC6-0DB7-42D7-A7CD-074FC470287A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AB3A710E-2D09-4DB5-BF11-6DE1FF6D9B52}C:\windows\system32\ppshell.exe" = protocol=6 | dir=in | app=c:\windows\system32\ppshell.exe |
"TCP Query User{ADADDEBE-2A9B-4E41-97DC-72FDA0FD1945}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B4BB992F-C20E-4110-811E-FC0FE31C8BE8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B9C9B71A-0907-4DFB-87DA-1E74379030AA}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"TCP Query User{DF948FD7-63A6-4D62-95FB-800710AECF16}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{DFD88569-EF06-41D8-981B-F5F021A51F42}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F5CA9C79-FF6C-461D-BFDD-E206103C834E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0523BCC8-4ED6-4A6B-9E9C-0823497D9B04}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1C03EEFF-715B-40FE-BF95-A7C52A88AA5D}C:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe |
"UDP Query User{3FB2A0AE-B611-4E3B-A286-3FE1E61589BE}C:\windows\system32\ppshell.exe" = protocol=17 | dir=in | app=c:\windows\system32\ppshell.exe |
"UDP Query User{4EDA1C13-80A3-494B-87DD-33276399C739}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{5C7692B8-932B-43FC-B23C-D1EA1834CE0C}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{6225B3E4-979D-4FBC-9935-29703A7E69AB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{74DFE588-0E99-4839-A343-6EB5B8A102A2}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{95A25B80-665A-4D03-9266-8CEE85294F6C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9E279D0E-7856-41DB-94B4-5F22C20028F2}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"UDP Query User{B8904754-B6A9-4BCB-9001-3E7E1A1896C4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C2FEC91C-BD5E-4F94-89D0-5C7449D4D036}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9639CDC-025C-4583-BEFD-D74D732A9C3D}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"UDP Query User{CCC78AEF-D073-450C-83FF-246492575C53}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{D0DBC857-6896-4DB5-8CF7-817E075944AC}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{D4EEEDF6-DF30-4450-B7A1-2C36F564AA32}C:\windows\system32\ppshell.exe" = protocol=17 | dir=in | app=c:\windows\system32\ppshell.exe |
"UDP Query User{DA6D863A-F176-4050-8BDB-F49867E7118D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E6B6FF59-28F5-4E72-8C7A-8A3A5FB634F8}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{EEB18A77-B961-45D7-A39D-1B5018062FAF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59482AA7-3E30-4B5E-A52F-4101DACC2707}" = Nero InCD
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX™ 1.2 SDK
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe® Flash® Player 10 Plugin
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"RealPlayer 12.0" = RealPlayer
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6b-test1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/09/2010 1:08:42 AM | Computer Name = Moon-PC | Source = System Restore | ID = 8193
Description =

Error - 27/09/2010 1:09:01 AM | Computer Name = Moon-PC | Source = SPP | ID = 16387
Description =

Error - 27/09/2010 1:09:01 AM | Computer Name = Moon-PC | Source = System Restore | ID = 8193
Description =

Error - 27/09/2010 1:09:25 AM | Computer Name = Moon-PC | Source = SPP | ID = 16387
Description =

Error - 27/09/2010 1:09:25 AM | Computer Name = Moon-PC | Source = System Restore | ID = 8193
Description =

Error - 27/09/2010 1:10:07 AM | Computer Name = Moon-PC | Source = Application Error | ID = 1000
Description = Faulting application AQrpa5rt.exe, version 0.0.0.0, time stamp 0x4c9cbf67,
faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd, exception
code 0xc0000005, fault offset 0x00049458, process id 0x16b0, application start time
0x01cb5e02279e063e.

Error - 27/09/2010 1:33:54 AM | Computer Name = Moon-PC | Source = VSS | ID = 8194
Description =

Error - 27/09/2010 1:34:17 AM | Computer Name = Moon-PC | Source = SPP | ID = 16387
Description =

Error - 27/09/2010 1:34:17 AM | Computer Name = Moon-PC | Source = System Restore | ID = 8193
Description =

Error - 27/09/2010 5:18:24 AM | Computer Name = Moon-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004714e, process id 0x434, application
start time 0x01cb5e0cf0a31743.

[ System Events ]
Error - 27/09/2010 5:51:37 AM | Computer Name = Moon-PC | Source = DCOM | ID = 10010
Description =

Error - 27/09/2010 9:54:35 AM | Computer Name = Moon-PC | Source = DCOM | ID = 10010
Description =

Error - 27/09/2010 10:43:02 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/09/2010 10:43:02 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/09/2010 11:30:01 AM | Computer Name = Moon-PC | Source = DCOM | ID = 10010
Description =

Error - 27/09/2010 11:55:26 AM | Computer Name = Moon-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_NSAK\0000 disappeared from the system without
first being prepared for removal.

Error - 27/09/2010 11:58:53 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/09/2010 11:58:53 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/09/2010 12:02:17 PM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/09/2010 12:02:17 PM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

===Norman Malware Cleaner Report===
Norman Malware Cleaner
Version 1.8.1
Copyright © 1990 - 2010, Norman ASA. Built 2010/09/27 06:08:57

Norman Scanner Engine Version: 6.06.05
Nvcbin.def Version: 6.06.00, Date: 2010/09/27 06:08:57, Variants: 7513607

Scan started: 2010/09/27 11:53:53

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2
Logged on user: Moon-PC\Moon

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\Windows\System32\avgrsstx.dll" -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning kernel...

Infection Detected: W32/rootkit!TDSS_TDL3.26+

Cleaning process completed successfully

Please reboot the system



Running post-scan cleanup routine:
Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 0
Number of archives unpacked: 0
Number of files scanned: 0
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 0s





BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:13 PM

Posted 01 October 2010 - 04:17 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 02 October 2010 - 04:16 AM

Very Slow Computer, Trojan.Agent/Gen.Viru, W32/rootkit!TDSS_TDL3.26+, Windows Host Process Stopped Working

Thanks for reply. I 'm posting required informations:

Attached File  DDS.txt   11.39KB   8 downloadsAttached File  Attach.txt   3.71KB   10 downloadsAttached File  ark.txt   11.71KB   6 downloads


Edited by FaisalFarani1, 02 October 2010 - 04:20 AM.


#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:13 AM

Posted 06 October 2010 - 08:16 AM

Hello FaisalFarani1

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 06 October 2010 - 11:42 PM

Hello PWQIB
Thanks for your time, I am all set now to follow your instructions.
"wordrap" in Notepad is unchecked, and "Show Hidden Files" is checked as well.
Thanks again for your help in advance.

Edited by FaisalFarani1, 06 October 2010 - 11:44 PM.


#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:13 AM

Posted 07 October 2010 - 03:49 PM

Hi FaisalFarani1,

I see you have ComboFix installed. You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I have some bad news. One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleaning let's start.

If you do not have ComboFix.txt from the previous run on your desktop please navigate to C:\ComboFix.txt and post the report in your next reply.

Step 1.

I need you to download a new version of ComboFix. If it is still present please delete the copy of Combofix from your desktop.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. http://www.bleepingcomputer.com/forums/topic114351.html

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" in your next reply
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Step 2.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 3.

I notice you do not have an antivirus with real time protection running In todays computing environment it is suicidal not to have
an active antivirus protecting your computer. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some good antivirus programs free for non-commercial home use are:Note:
You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Please install an antivirus program now.

In your next reply please include the following: (Note: Do not attach logs unless asked to. Copy and paste them directly into the reply box.)

Previous ComboFix.txt
Current ComboFix.txt
MBAM log


Thanks!!
PW

#7 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 07 October 2010 - 11:04 PM

Hello pwqib,
While I was running ComboFix, I got this msg.
" ComboFix has detected the presence of rootkit activity and need
to reboot the machine.
Service: AFD
File: C:\Windows\system32\drivers\afd.sys"

after clicking on "OK", my laptop is keep trying to restart but all I get a "blue screen" and it restarts.
I am now trying "Startup Repair" for last one hour but it's going nowhere.

#8 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 08 October 2010 - 02:06 AM

Previous ComboFix.txt

I could not find Previous ComboFix.txt from C:\ComboFix.txt but I did find this one...

ComboFix 10-09-13.02 - Moon 14/09/2010 7:14:25.5.1 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.1013.266 [GMT -4:00]
Running from: C:\Users\Moon\Desktop\ComboFix.exe
Command switches used :: C:\Users\Moon\Desktop\CFScript.txt
SP: SpywareStop *disabled* (Updated) {B1FA7566-C605-495F-A5F8-1B63FAAD44F6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Toby\AppData\Roaming\7D0FCD42E131026096CE940941C28B08\mediafix70700en02.exe"
"c:\users\Toby\AppData\Roaming\d3dim700P.dll"
.

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 11:32:10 . 2010-09-14 11:32:10 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-09-14 11:32:10 . 2010-09-14 11:32:10 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2010-09-14 11:32:10 . 2010-09-14 11:32:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-09-14 05:24:33 . 2010-09-14 05:24:33 -------- d-----w- C:\Users\Moon\AppData\Local\Apple
2010-09-13 00:15:59 . 2010-09-13 00:16:43 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-09-12 22:46:16 . 2010-09-12 22:46:16 -------- d-----w- C:\ProgramData\Office Genuine Advantage
2010-09-12 20:00:26 . 2010-09-12 20:07:26 -------- d-----w- C:\ProgramData\DivX
2010-08-24 05:01:40 . 2010-08-24 05:01:40 -------- d-----w- C:\ProgramData\magicJack
2010-08-24 05:00:22 . 2010-08-29 06:02:34 -------- d-----w- C:\Users\Moon\AppData\Local\magicJack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

*****************************************************************************************************************

Current ComboFix.txt

ComboFix 10-10-07.01 - Moon 08/10/2010 1:58.6.1 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.1013.236 [GMT -4:00]
Running from: c:\users\Moon\Desktop\ComboFix.exe
SP: SpywareStop *disabled* (Updated) {B1FA7566-C605-495F-A5F8-1B63FAAD44F6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys

.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 06:14 . 2010-10-08 06:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-08 06:14 . 2010-10-08 06:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-08 02:37 . 2010-10-08 02:51 -------- d-----w- C:\ComboFix(6)
2010-09-27 05:52 . 2010-09-27 05:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-27 03:16 . 2010-09-27 03:16 -------- d-----w- c:\users\Moon\AppData\Roaming\SUPERAntiSpyware.com
2010-09-27 03:16 . 2010-09-27 03:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\23817\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\23817\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\23817\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\8.2\ARM\23817\AcrobatUpdater.exe
2010-09-21 00:56 . 2010-09-21 00:56 -------- d-----w- c:\program files\iPod
2010-09-21 00:56 . 2010-09-27 00:11 -------- d-----w- c:\program files\iTunes
2010-09-21 00:54 . 2010-09-27 14:39 -------- d-----w- c:\program files\QuickTime(30)
2010-09-15 04:45 . 2010-08-15 13:45 11045880 ---ha-w- c:\users\Moon\AppData\Roaming\mjusbsp\in00000\setup.exe
2010-09-15 04:17 . 2010-09-15 04:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-15 04:17 . 2010-09-15 04:17 -------- d-----w- c:\users\Moon\AppData\Roaming\skypePM
2010-09-15 04:10 . 2010-09-15 04:45 -------- d-----w- c:\users\Moon\AppData\Roaming\Skype
2010-09-15 04:05 . 2010-10-08 08:29 -------- d-----w- c:\program files\Common Files\Skype
2010-09-15 04:05 . 2010-10-08 08:29 -------- d-----r- c:\program files\Skype
2010-09-15 04:05 . 2010-09-19 20:33 -------- d-----w- c:\programdata\Skype
2010-09-14 14:29 . 2010-09-14 14:29 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-14 14:29 . 2010-09-14 14:21 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-14 14:29 . 2010-09-14 14:21 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-14 14:29 . 2010-09-14 14:21 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-14 14:29 . 2010-09-14 14:29 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-14 14:29 . 2010-09-14 14:29 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-14 14:29 . 2010-09-14 14:29 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-14 14:28 . 2010-09-14 14:28 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-14 14:25 . 2010-09-14 14:25 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-14 14:25 . 2010-09-14 14:25 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-09-14 14:24 . 2010-09-14 14:24 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-09-14 14:23 . 2010-09-14 14:23 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-09-14 14:23 . 2010-09-14 14:23 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-09-14 14:23 . 2010-09-14 14:23 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-09-14 14:23 . 2010-09-14 14:23 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-09-14 14:23 . 2010-10-08 08:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-14 14:23 . 2010-09-14 14:23 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-09-14 14:21 . 2010-09-14 15:09 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-13 00:15 . 2010-09-13 00:16 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-12 22:46 . 2010-09-12 22:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-12 20:00 . 2010-10-08 08:29 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 08:26 . 2010-04-27 02:06 -------- d-----w- c:\programdata\avg8
2010-10-08 02:16 . 2010-04-27 02:06 -------- d-----w- c:\programdata\avg8(212)
2010-09-27 04:24 . 2010-09-26 23:32 112 ----a-w- c:\programdata\vJSn01.dat
2010-09-21 00:56 . 2008-07-23 23:55 -------- d-----w- c:\program files\Common Files\Apple
2010-09-19 21:41 . 2009-07-14 03:50 -------- d-----w- c:\program files\RapidBIT
2010-09-14 07:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-09-14 07:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-09-14 07:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 07:32 . 2008-03-04 03:15 -------- d-----w- c:\users\Moon\AppData\Roaming\SmartDraw
2010-09-14 07:32 . 2008-03-12 05:54 -------- d-----w- c:\users\Moon\AppData\Roaming\DeepBurner
2010-09-14 07:32 . 2008-01-17 07:31 -------- d-----w- c:\users\Moon\AppData\Roaming\dvdcss
2010-09-14 07:32 . 2009-03-05 06:23 -------- d-----w- c:\programdata\Symantec Temporary Files
2010-09-14 07:32 . 2007-05-09 20:27 -------- d-----w- c:\programdata\Ulead Systems
2010-09-14 07:32 . 2007-05-09 20:02 -------- d-----w- c:\programdata\Vista64
2010-09-14 07:32 . 2007-05-09 20:48 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 07:31 . 2009-05-15 07:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-14 07:31 . 2008-08-18 00:11 -------- d-----w- c:\program files\Safari
2010-09-14 07:31 . 2008-02-08 03:19 -------- d-----w- c:\program files\Microsoft Works
2010-09-14 07:31 . 2009-07-21 05:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 07:31 . 2008-01-09 16:39 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-09-14 07:31 . 2008-03-03 23:38 -------- d-----w- c:\program files\Common Files\PDFView
2010-09-14 07:31 . 2008-03-03 23:39 -------- d-----w- c:\program files\Common Files\NewSoft
2010-09-14 07:30 . 2010-05-26 00:28 -------- d-----w- c:\program files\Apple Software Update
2010-09-14 07:30 . 2008-01-09 03:59 -------- d-----w- c:\program files\Atheros
2010-09-13 06:17 . 2008-02-09 12:13 1356 ----a-w- c:\users\Moon\AppData\Local\d3d9caps.dat
2010-09-13 05:11 . 2008-02-15 06:16 -------- d-----w- c:\users\Moon\AppData\Roaming\DivX
2010-09-11 12:57 . 2010-09-11 12:57 0 --sh--w- c:\windows\S9E289325.tmp
2010-08-24 05:01 . 2010-08-24 05:01 -------- d-----w- c:\programdata\magicJack
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:45 . 2010-08-24 05:00 11045880 ---ha-w- c:\users\Moon\AppData\Roaming\mjusbsp\Upgrade\setup2.exe
2010-08-15 13:45 . 2010-08-15 13:45 11045880 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\ug00000\setup.exe
2010-08-15 13:45 . 2010-08-15 13:45 838488 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\magicJackLoader.exe
2010-08-15 13:45 . 2010-08-15 13:45 83352 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\octvqem_apiw.dll
2010-08-15 13:45 . 2010-08-15 13:45 206232 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\AECOctasic4.dll
2010-08-15 13:45 . 2010-08-15 13:45 734616 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\AECOctasic2.dll
2010-08-15 13:45 . 2010-08-15 13:45 202136 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\AECOctasic1.dll
2010-08-15 13:45 . 2010-08-15 13:45 480680 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\octvqe1_apiw.dll
2010-08-15 13:45 . 2010-08-15 13:45 214432 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\TjVista.dll
2010-08-15 13:45 . 2010-08-15 13:45 325024 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\TjIpSys.dll
2010-08-15 13:45 . 2010-08-15 13:45 632240 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\SJHandsetMagicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\lr00001\magicJack.dll
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-27 06:01 838472 ---ha-w- c:\users\Moon\AppData\Roaming\mjusbsp\ar00000\install.exe
2010-08-15 13:39 . 2010-08-24 05:00 838472 ---ha-w- c:\users\Moon\AppData\Roaming\mjusbsp\Upgrade\install2.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\ug00000\install.exe
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\in00000\magicJack.dll
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\users\Moon\AppData\Roaming\mjusbsp\in00000\magicJackSplash.exe
2010-08-12 04:07 . 2008-03-09 06:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-10 23:56 . 2010-08-10 23:56 -------- d-----w- c:\users\Moon\AppData\Roaming\StreamTorrent
2010-08-04 02:57 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-08-04 02:57 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-08-04 02:57 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 14:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Moon\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-08-15 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [2009-05-17 41984]
R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-09-12 23096]
R3 CamdVideo32;CamdVideo32;c:\windows\system32\DRIVERS\CamdVideo32.sys [2008-09-12 3768]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-27 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-27 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-27 108552]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2008-10-09 202928]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [2009-10-16 53560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\NeroLiveEpgUpdate-Moon-PC_Moon.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 17:51]

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{2BB8555F-F85D-4BAA-9D6A-C0775230E403}.job
- c:\windows\system32\msfeedssync.exe [2010-04-04 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,57,b2,0e,2a,dc,5a,4f,a7,93,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,57,b2,0e,2a,dc,5a,4f,a7,93,79,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-08 02:26:03
ComboFix-quarantined-files.txt 2010-10-08 06:25
ComboFix2.txt 2010-09-14 10:54

Pre-Run: 59,089,362,944 bytes free
Post-Run: 56,165,244,928 bytes free

- - End Of File - - F747C2AC8398B4948085A9265521259A

*********************************************************

MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4773

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

08/10/2010 2:45:10 AM
mbam-log-2010-10-08 (02-45-10).txt

Scan type: Quick scan
Objects scanned: 151241
Time elapsed: 12 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
***********************************

Now I am moving towards step 3 to get a free Anti Virus.



#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:13 AM

Posted 09 October 2010 - 07:09 PM

Hello FaisalFarani1,

QUOTE
Now I am moving towards step 3 to get a free Anti Virus.
thumbup2.gif

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case StreamTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.

Step 1.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2.

If you do not still have Defogger on your desktop then please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 3.

If GMER is not on your desktop please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Step 4.

We need to create an OTL Report
Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:[list]
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Step 5.
  • Please download mbrcheck from Here
  • Save that file to your desktop and double click on it to run it.
  • It will show a Black screen with some data on it then hit any key to continue.
  • Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  • Please post the contents of that log in your next reply.
In your next reply please include the following:

TDSSKiller log
Gmer log
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
mbrcheck*.txt


How is your computer running?

Thanks!!
PW

#10 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 10 October 2010 - 01:42 AM

Hello pwqib,
Thanks for your detailed response. I would never use Torrent again.

TDSSKILLER log

2010/10/09 23:08:45.0210 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/09 23:08:45.0210 ================================================================================
2010/10/09 23:08:45.0210 SystemInfo:
2010/10/09 23:08:45.0210
2010/10/09 23:08:45.0210 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/09 23:08:45.0211 Product type: Workstation
2010/10/09 23:08:45.0211 ComputerName: MOON-PC
2010/10/09 23:08:45.0212 UserName: Moon
2010/10/09 23:08:45.0212 Windows directory: C:\Windows
2010/10/09 23:08:45.0212 System windows directory: C:\Windows
2010/10/09 23:08:45.0212 Processor architecture: Intel x86
2010/10/09 23:08:45.0212 Number of processors: 1
2010/10/09 23:08:45.0212 Page size: 0x1000
2010/10/09 23:08:45.0212 Boot type: Normal boot
2010/10/09 23:08:45.0212 ================================================================================
2010/10/09 23:08:46.0865 Initialize success
2010/10/09 23:08:49.0708 ================================================================================
2010/10/09 23:08:49.0708 Scan started
2010/10/09 23:08:49.0708 Mode: Manual;
2010/10/09 23:08:49.0708 ================================================================================
2010/10/09 23:08:52.0833 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2010/10/09 23:08:53.0026 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/09 23:08:53.0327 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/09 23:08:53.0571 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/09 23:08:53.0904 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/09 23:08:54.0030 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/09 23:08:54.0214 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/09 23:08:54.0477 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/10/09 23:08:54.0662 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/09 23:08:54.0775 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/09 23:08:54.0857 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/09 23:08:54.0969 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/09 23:08:55.0029 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/09 23:08:55.0154 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/09 23:08:55.0233 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/09 23:08:55.0399 AnyDVD (198938a4c2b165e1778740a01c2f0690) C:\Windows\system32\Drivers\AnyDVD.sys
2010/10/09 23:08:55.0517 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/10/09 23:08:55.0704 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/09 23:08:55.0826 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/09 23:08:55.0990 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
2010/10/09 23:08:56.0143 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/10/09 23:08:56.0283 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/10/09 23:08:56.0385 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/10/09 23:08:56.0512 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/10/09 23:08:56.0665 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/10/09 23:08:56.0751 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/09 23:08:56.0833 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/09 23:08:57.0134 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2010/10/09 23:08:57.0672 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2010/10/09 23:08:58.0190 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/09 23:08:58.0554 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/09 23:08:58.0655 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\Windows\system32\Drivers\avgrkx86.sys
2010/10/09 23:08:58.0849 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/09 23:08:59.0082 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/09 23:08:59.0737 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/09 23:09:00.0089 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/09 23:09:00.0259 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/09 23:09:00.0395 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/09 23:09:00.0757 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/09 23:09:01.0038 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/09 23:09:01.0337 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/09 23:09:01.0606 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/09 23:09:02.0006 CamdDriverV32 (a7b3a6578ad677c0cc1a5a0fbf5d11aa) C:\Windows\system32\drivers\CamdDriverV32.sys
2010/10/09 23:09:02.0320 CamdVideo32 (10898e3378062a8654bf2333dda629a4) C:\Windows\system32\DRIVERS\CamdVideo32.sys
2010/10/09 23:09:03.0016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/09 23:09:03.0324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/09 23:09:04.0041 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/09 23:09:04.0516 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/09 23:09:04.0864 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/09 23:09:05.0055 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/09 23:09:05.0379 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/09 23:09:05.0639 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/09 23:09:05.0775 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/09 23:09:06.0117 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2010/10/09 23:09:06.0331 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/09 23:09:06.0620 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/09 23:09:06.0824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/09 23:09:07.0099 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/09 23:09:07.0340 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/09 23:09:07.0496 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/09 23:09:07.0772 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/10/09 23:09:07.0995 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/09 23:09:08.0332 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/09 23:09:08.0452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/09 23:09:08.0783 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/09 23:09:08.0993 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/09 23:09:09.0207 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/09 23:09:09.0414 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/09 23:09:09.0634 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/09 23:09:10.0005 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/09 23:09:10.0194 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/09 23:09:10.0425 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/09 23:09:10.0625 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/09 23:09:10.0980 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/10/09 23:09:11.0189 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/09 23:09:11.0485 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/09 23:09:11.0737 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/09 23:09:12.0030 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/09 23:09:12.0213 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/09 23:09:12.0407 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/09 23:09:12.0583 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/09 23:09:12.0790 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/09 23:09:13.0051 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/09 23:09:13.0353 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/09 23:09:13.0910 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/09 23:09:14.0311 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/09 23:09:14.0497 InCDFs (26f2d2aa8c5942ebc5f4c626c4b37794) C:\Windows\system32\DRIVERS\InCDFs.sys
2010/10/09 23:09:14.0635 InCDPass (4c5e4899d0fda39292d8e6e13a7148ee) C:\Windows\system32\DRIVERS\InCDPass.sys
2010/10/09 23:09:14.0808 InCDRec (a08d75215a7852f7d496b6fc0df30361) C:\Windows\system32\DRIVERS\InCDRec.sys
2010/10/09 23:09:15.0200 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/09 23:09:15.0305 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/09 23:09:15.0444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/09 23:09:15.0865 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/09 23:09:16.0016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/09 23:09:16.0276 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/09 23:09:16.0477 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/09 23:09:16.0670 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/09 23:09:16.0940 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/09 23:09:17.0179 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/09 23:09:17.0309 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/09 23:09:17.0687 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/10/09 23:09:17.0966 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/09 23:09:18.0328 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/09 23:09:18.0550 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2010/10/09 23:09:18.0836 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/09 23:09:18.0953 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/09 23:09:19.0120 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/09 23:09:19.0435 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/09 23:09:19.0679 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/09 23:09:19.0944 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/09 23:09:20.0205 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/09 23:09:20.0458 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/09 23:09:20.0672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/09 23:09:20.0852 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/09 23:09:21.0045 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/09 23:09:21.0250 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/09 23:09:21.0485 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/09 23:09:21.0601 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/09 23:09:21.0854 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/09 23:09:22.0024 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/09 23:09:22.0233 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/09 23:09:22.0407 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/10/09 23:09:22.0633 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/09 23:09:22.0877 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2010/10/09 23:09:22.0983 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/09 23:09:23.0267 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/09 23:09:23.0535 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/09 23:09:23.0651 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/09 23:09:23.0756 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/09 23:09:23.0915 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/09 23:09:24.0089 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/09 23:09:24.0250 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/09 23:09:24.0411 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/09 23:09:24.0603 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/09 23:09:25.0096 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/09 23:09:25.0291 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/09 23:09:25.0405 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/09 23:09:25.0553 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/09 23:09:25.0692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/09 23:09:25.0875 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/09 23:09:26.0012 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/09 23:09:26.0315 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/09 23:09:26.0490 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/09 23:09:26.0651 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/09 23:09:26.0843 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/09 23:09:27.0043 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/09 23:09:27.0159 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/09 23:09:27.0291 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/09 23:09:27.0392 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/09 23:09:27.0524 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/09 23:09:27.0863 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/09 23:09:28.0110 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/09 23:09:28.0272 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/09 23:09:28.0586 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/09 23:09:28.0843 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/09 23:09:29.0038 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/10/09 23:09:29.0175 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/09 23:09:29.0398 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2010/10/09 23:09:29.0627 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/09 23:09:30.0311 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/09 23:09:30.0468 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/09 23:09:30.0689 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/09 23:09:30.0970 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/09 23:09:31.0335 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/09 23:09:32.0258 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/09 23:09:32.0425 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/09 23:09:32.0519 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/09 23:09:32.0631 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/09 23:09:32.0752 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/09 23:09:32.0845 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/09 23:09:32.0978 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/09 23:09:33.0070 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/09 23:09:33.0208 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/10/09 23:09:33.0280 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/09 23:09:33.0388 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/09 23:09:33.0600 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/09 23:09:33.0721 RTL8169 (4755c86fd7dc189faa0e6d111c417de1) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/10/09 23:09:33.0842 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/09 23:09:34.0073 sbtis (d23b2615f9af5c8a6f74634344a5a216) C:\Windows\system32\drivers\sbtis.sys
2010/10/09 23:09:34.0252 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/09 23:09:34.0391 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/09 23:09:34.0572 Ser2pl (b97e1d0e59a128394f24e9f31e227ef2) C:\Windows\system32\DRIVERS\ser2pl.sys
2010/10/09 23:09:34.0684 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/09 23:09:34.0752 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/09 23:09:34.0846 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/09 23:09:35.0150 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/09 23:09:35.0364 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/09 23:09:35.0472 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/09 23:09:35.0601 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/09 23:09:35.0861 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/09 23:09:36.0005 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/09 23:09:36.0329 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/09 23:09:36.0678 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/09 23:09:36.0953 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/09 23:09:37.0639 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2010/10/09 23:09:38.0076 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/09 23:09:38.0377 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/09 23:09:38.0765 sscdbus (291330e1ab4d96be0eddf389b68d5291) C:\Windows\system32\DRIVERS\sscdbus.sys
2010/10/09 23:09:39.0429 sscdmdm (83afbf6722a15c8f63a9e3c5e659c15b) C:\Windows\system32\DRIVERS\sscdmdm.sys
2010/10/09 23:09:39.0769 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/09 23:09:39.0961 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/09 23:09:40.0106 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/09 23:09:40.0445 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/09 23:09:40.0654 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/09 23:09:40.0955 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2010/10/09 23:09:41.0272 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/09 23:09:41.0531 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/09 23:09:41.0767 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/10/09 23:09:41.0977 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/09 23:09:42.0287 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/09 23:09:42.0510 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/09 23:09:42.0799 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/09 23:09:43.0220 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
2010/10/09 23:09:43.0929 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/09 23:09:44.0305 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/09 23:09:44.0485 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/09 23:09:44.0604 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/10/09 23:09:44.0706 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/09 23:09:44.0878 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/09 23:09:45.0093 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/09 23:09:45.0313 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/09 23:09:45.0520 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/09 23:09:45.0718 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/09 23:09:45.0898 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/09 23:09:46.0176 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/09 23:09:46.0346 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/10/09 23:09:46.0482 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/09 23:09:46.0775 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/09 23:09:47.0035 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/09 23:09:47.0243 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/09 23:09:47.0359 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/09 23:09:47.0518 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/09 23:09:47.0670 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/09 23:09:47.0806 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/09 23:09:47.0957 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/09 23:09:48.0182 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/09 23:09:48.0305 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/09 23:09:48.0464 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/09 23:09:48.0593 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/09 23:09:48.0776 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/09 23:09:48.0918 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/09 23:09:49.0066 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/09 23:09:49.0270 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/09 23:09:49.0476 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/09 23:09:49.0742 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/09 23:09:49.0845 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/09 23:09:49.0925 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/09 23:09:50.0109 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/09 23:09:50.0327 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/09 23:09:50.0850 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/10/09 23:09:51.0103 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/09 23:09:51.0245 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/09 23:09:51.0565 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/09 23:09:51.0781 ================================================================================
2010/10/09 23:09:51.0781 Scan finished
2010/10/09 23:09:51.0783 ================================================================================

Gmer log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-10 01:16:07
Windows 6.0.6002 Service Pack 2
Running: ecqozftz.exe; Driver: C:\Users\Moon\AppData\Local\Temp\kwldypog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8BE70BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8BE709D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8BE70B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwLoadDriver 821A83A8 7 Bytes JMP 8BE70B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 821E7E16 5 Bytes JMP 8BE6C5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObInsertObject 82235521 5 Bytes JMP 8BE6DFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8224DB5F 7 Bytes JMP 8BE709D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 822CC94A 7 Bytes JMP 8BE70BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1716] kernel32.dll!SetUnhandledExceptionFilter 7588A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0102034E] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [010218D8] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [01021725] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [010217ED] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [010215A5] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0102034E] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0102034E] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [010218D8] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [01021725] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [010215A5] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0102034E] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [0102162B] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [010217ED] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [010215A5] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [010218D8] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0102034E] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [010215A5] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [0102162B] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [010217ED] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [01021725] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [010218D8] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0102034E] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0102047A] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01020494] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [01020FA2] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [010215A5] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [010218D8] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [01021725] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCDSrv.exe[1448] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [010217ED] C:\Program Files\Nero\Tools\InCD\InCDSrv.exe (incdsrv/Nero AG)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74177817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7417BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7416F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7416E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7417DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7416FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7416FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7419C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7416D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74166853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7416687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74172AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [01015BCC] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [01017161] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [01017323] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [010170DB] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [0101740E] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [01015BCC] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [01015BCC] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [0101740E] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [0101725B] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [010170DB] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01015BCC] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [010170DB] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [01017161] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [01017323] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [0101725B] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [0101740E] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [01015BCC] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [0101740E] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [0101725B] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [01017323] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [010170DB] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [01015BCC] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [01015CF8] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01015D12] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [01016FB5] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [010170DB] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [0101740E] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [0101725B] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\NBHGui.exe[3236] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [01017323] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero SecurDisc Host/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0102CE44] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [0102E5C1] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [0102E783] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [0102E53B] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [0102E86E] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0102CE44] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0102CE44] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102E86E] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102E6BB] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [0102E53B] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0102CE44] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [0102E53B] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [0102E5C1] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [0102E783] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [0102E6BB] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [0102E86E] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0102CE44] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102E86E] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102E6BB] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [0102E783] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [0102E53B] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0102CE44] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0102CF70] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [0102E3B1] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [0102E53B] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [0102E86E] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [0102E6BB] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [0102E783] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0102CF8A] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [0102E6BB] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [0102E86E] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)
IAT C:\Program Files\Nero\Tools\InCD\InCD.exe[3256] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCloseKey] [0102E53B] C:\Program Files\Nero\Tools\InCD\InCD.exe (InCD/Nero AG)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

---- EOF - GMER 1.0.15 ----


OTL.txt

OTL logfile created on: 10/10/2010 1:52:50 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Moon\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.30 Gb Total Space | 51.25 Gb Free Space | 48.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOON-PC
Current User Name: Moon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/10 01:51:34 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/17 02:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 00:44:09 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:14 | 001,600,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/10/16 10:44:06 | 001,060,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
PRC - [2009/09/17 23:39:15 | 000,494,592 | --S- | M] (BitMicro Software Corporation) -- C:\Program Files\RapidBIT\cidaemon.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/09 01:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/11/14 09:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/11/14 08:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 07:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/10 01:51:34 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/17 05:16:24 | 000,041,984 | --S- | M] (BitMicro Software Corporation) [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/14 07:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Capt905c.sys -- (SQTECH905C)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Capt9052.sys -- (SQTECH9052)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091020.023\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091020.023\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\InPage24\Haspnt.sys -- (Haspnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Moon\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/27 08:26:58 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/27 08:26:58 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/27 08:26:47 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/27 08:26:39 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/12 06:42:22 | 000,241,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/06 18:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2008/10/09 10:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2008/09/12 13:14:30 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CamdVideo32.sys -- (CamdVideo32)
DRV - [2008/09/12 13:14:28 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CamdDriverV32.sys -- (CamdDriverV32)
DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/09 13:56:13 | 000,099,264 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/01/19 01:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/19 01:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/19 01:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/07 15:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/08/29 20:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2002/10/07 03:16:10 | 000,075,168 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2002/10/07 03:16:10 | 000,042,992 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/03/16 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\extensions
[2010/09/14 03:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/10/08 02:14:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-18..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000..\Run: [cdloader] C:\Users\Moon\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Moon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Moon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 01:27:08 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
[2010/10/09 22:57:44 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Moon\Desktop\TDSSKiller.exe
[2010/10/09 22:54:01 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Local\Apple
[2010/10/08 03:19:19 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/10/08 03:19:18 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/10/08 03:19:16 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/10/08 03:19:14 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/10/08 03:19:10 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/10/08 03:17:43 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/08 03:17:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/10/08 03:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/08 03:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/08 02:26:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/08 02:26:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/08 01:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/07 22:37:37 | 000,000,000 | ---D | C] -- C:\ComboFix(6)
[2010/09/27 01:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/26 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/26 23:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/20 20:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/20 20:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/20 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(30)
[2010/09/15 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\skypePM
[2010/09/15 00:10:51 | 000,000,000 | ---D | C] -- C:\Users\Moon\AppData\Roaming\Skype
[2010/09/15 00:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/15 00:05:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/15 00:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/14 10:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/09/14 06:11:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/14 06:11:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/14 06:11:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/14 06:10:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/12 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/12 18:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/09/12 18:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/09/12 16:05:31 | 000,000,000 | ---D | C] -- C:\Users\Moon\Documents\DivX Movies
[2010/09/12 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/11 01:49:31 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2009/07/14 01:32:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Moon\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/10 02:00:49 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2BB8555F-F85D-4BAA-9D6A-C0775230E403}.job
[2010/10/10 01:52:40 | 005,242,880 | -HS- | M] () -- C:\Users\Moon\ntuser.dat
[2010/10/10 01:51:34 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Moon\Desktop\OTL.exe
[2010/10/10 01:50:46 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 01:50:46 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 01:46:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 01:46:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 01:44:28 | 000,524,288 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000001.regtrans-ms
[2010/10/10 01:44:28 | 000,065,536 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TM.blf
[2010/10/10 01:44:10 | 001,811,176 | -H-- | M] () -- C:\Users\Moon\AppData\Local\IconCache.db
[2010/10/10 01:22:50 | 000,000,788 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/10 00:00:46 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Moon-PC_Moon.job
[2010/10/09 23:21:04 | 000,293,376 | ---- | M] () -- C:\Users\Moon\Desktop\ecqozftz.exe
[2010/10/09 22:57:14 | 001,211,285 | ---- | M] () -- C:\Users\Moon\Desktop\tdsskiller.zip
[2010/10/08 03:19:20 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/08 03:19:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/08 03:15:36 | 050,594,264 | ---- | M] () -- C:\Users\Moon\Desktop\setup_av_free.exe
[2010/10/08 02:15:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/08 02:14:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/08 01:52:15 | 003,875,331 | R--- | M] () -- C:\Users\Moon\Desktop\ComboFix.exe
[2010/10/08 01:50:55 | 000,050,477 | ---- | M] () -- C:\Users\Moon\Desktop\Defogger.exe
[2010/10/08 00:33:25 | 101,202,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/07 22:17:37 | 005,242,880 | -HS- | M] () -- C:\Users\Moon\ntuser.dat_previous
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Moon\Desktop\TDSSKiller.exe
[2010/10/02 02:56:20 | 000,000,000 | ---- | M] () -- C:\Users\Moon\defogger_reenable
[2010/09/27 00:24:26 | 000,000,112 | ---- | M] () -- C:\ProgramData\vJSn01.dat
[2010/09/16 08:18:40 | 064,691,171 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm.prepare
[2010/09/15 18:39:39 | 064,670,715 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/15 00:46:06 | 000,000,905 | ---- | M] () -- C:\Users\Moon\Desktop\magicJack.lnk
[2010/09/15 00:42:04 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/15 00:17:41 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/14 10:29:20 | 000,001,544 | ---- | M] () -- C:\Users\Moon\Desktop\DivX Movies.lnk
[2010/09/14 10:26:41 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/09/14 10:24:23 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/09/14 03:45:43 | 000,524,288 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 02:39:52 | 000,524,288 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{722d8283-11c5-11de-b8e4-0016d4fa501f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 02:39:52 | 000,065,536 | -HS- | M] () -- C:\Users\Moon\ntuser.dat{722d8283-11c5-11de-b8e4-0016d4fa501f}.TM.blf
[2010/09/13 02:17:07 | 000,001,356 | ---- | M] () -- C:\Users\Moon\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 23:21:01 | 000,293,376 | ---- | C] () -- C:\Users\Moon\Desktop\ecqozftz.exe
[2010/10/09 22:57:04 | 001,211,285 | ---- | C] () -- C:\Users\Moon\Desktop\tdsskiller.zip
[2010/10/08 03:19:20 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/08 03:15:34 | 050,594,264 | ---- | C] () -- C:\Users\Moon\Desktop\setup_av_free.exe
[2010/10/08 01:52:08 | 003,875,331 | R--- | C] () -- C:\Users\Moon\Desktop\ComboFix.exe
[2010/10/08 01:50:53 | 000,050,477 | ---- | C] () -- C:\Users\Moon\Desktop\Defogger.exe
[2010/10/02 02:56:20 | 000,000,000 | ---- | C] () -- C:\Users\Moon\defogger_reenable
[2010/09/26 19:32:09 | 000,000,112 | ---- | C] () -- C:\ProgramData\vJSn01.dat
[2010/09/15 00:17:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/15 00:05:41 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/14 10:29:20 | 000,001,544 | ---- | C] () -- C:\Users\Moon\Desktop\DivX Movies.lnk
[2010/09/14 10:26:41 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/09/14 10:24:23 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/09/14 06:11:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/14 06:11:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/14 06:11:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/14 06:11:47 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/14 06:11:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/14 03:38:29 | 000,524,288 | -HS- | C] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 03:38:29 | 000,524,288 | -HS- | C] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 03:38:29 | 000,065,536 | -HS- | C] () -- C:\Users\Moon\ntuser.dat{8b86c246-bfbe-11df-9184-0016d4fa501f}.TM.blf
[2010/09/13 00:28:49 | 000,000,000 | ---- | C] () -- C:\Users\Moon\sfcdetails.txt
[2010/07/20 02:36:02 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/05/11 17:42:08 | 000,000,000 | -HS- | C] () -- C:\ProgramData\.pr_stat_data
[2010/04/29 18:30:55 | 000,000,871 | ---- | C] () -- C:\Windows\Inpage.INI
[2010/04/29 18:25:06 | 000,000,599 | ---- | C] () -- C:\Windows\INPAGE2.INI
[2010/04/11 01:15:05 | 000,081,920 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\ezpinst.exe
[2010/04/11 00:44:27 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/04/11 00:20:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/10 18:00:02 | 000,000,197 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\default.rss
[2010/04/10 18:00:02 | 000,000,000 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\downloads.m3u
[2010/04/10 15:04:57 | 000,262,123 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\Error.log
[2010/04/10 14:47:24 | 000,000,788 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/20 03:05:51 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/26 02:14:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/20 01:52:11 | 000,001,150 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/14 01:34:06 | 000,000,055 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\pcouffin.log
[2009/07/14 01:32:35 | 000,007,176 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\pcouffin.cat
[2009/07/14 01:32:34 | 000,001,144 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\pcouffin.inf
[2009/04/07 01:14:15 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/07 01:14:07 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/07 01:14:00 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/07 01:14:00 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/19 23:09:53 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/14 14:53:01 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/03/08 09:28:35 | 000,000,088 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\netstat.bat
[2008/07/29 20:57:18 | 000,024,206 | ---- | C] () -- C:\Users\Moon\AppData\Roaming\UserTile.png
[2008/07/07 20:25:54 | 000,110,415 | ---- | C] () -- C:\ProgramData\BM17eafbd0.xml
[2008/07/07 20:25:54 | 000,102,961 | ---- | C] () -- C:\ProgramData\BM17eafbd0.txt
[2008/07/07 20:25:54 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/07/06 20:04:58 | 000,000,001 | ---- | C] () -- C:\Windows\tidosr.dll
[2008/07/06 20:04:54 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/06/16 20:29:44 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/05/07 17:32:42 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008/04/15 21:38:44 | 000,000,679 | ---- | C] () -- C:\Windows\Remove.ini
[2008/03/08 21:14:31 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008/03/08 21:14:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/03/03 19:53:05 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLcNL.DLL
[2008/03/03 19:39:49 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/03/03 19:36:19 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/09 08:13:40 | 000,001,356 | ---- | C] () -- C:\Users\Moon\AppData\Local\d3d9caps.dat
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/01/09 13:12:55 | 000,092,672 | ---- | C] () -- C:\Users\Moon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/09 00:00:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/01/09 00:00:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/01/09 00:00:16 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/01/09 00:00:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/05/09 16:31:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 16:31:01 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 16:31:01 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 16:31:01 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 16:31:01 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 16:31:01 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 15:49:52 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 14:41:06 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2004/09/28 06:38:30 | 000,114,688 | ---- | C] () -- C:\Windows\System32\wmatimer.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >



#11 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 10 October 2010 - 01:48 AM

Extra.txt

OTL Extras logfile created on: 10/10/2010 1:52:50 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Moon\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.30 Gb Total Space | 51.25 Gb Free Space | 48.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOON-PC
Current User Name: Moon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0634BEBD-1716-495A-977D-0D2F49C605F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A741B19-1419-4394-AE03-46118BBAEB52}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0DEFAF23-29D3-49D5-84C4-4EECAAEA6484}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{18D59A16-48DD-4043-BBAE-0B2116843B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3428BBEC-0385-4A67-8F27-5AA6E0B991EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E39CD34-D05E-4FFD-B128-C5E6DC71903B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46ACF289-6ED3-44F5-B7DA-302898293F88}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47A2DC40-106E-4C98-9936-EB1D313E3616}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5C5E46B5-E96A-4B0E-9D15-0C98541044AD}" = lport=53 | protocol=6 | dir=in | name=webserver |
"{707038E3-5B15-4ED5-A03B-27073DF63E87}" = lport=8085 | protocol=6 | dir=in | name=fio32 |
"{818E75C3-0CE9-49E9-9BE8-0F77C6D002FB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{82F16396-ED41-4DC8-B786-1F01E1E2407F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{84D8E88C-B87B-46AD-BB53-1F88B78C8654}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DA3A10F-2CD9-46F1-A51B-3D6E38C74354}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99370889-79A7-4E67-8A2F-B8FC53A1C059}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2AEA3C1-1AC7-469D-BAF5-A632084BA93D}" = lport=80 | protocol=6 | dir=in | name=webserver |
"{B5E92AB8-F821-4B21-AFC6-02DA4F2737DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B65DAABD-71BF-403E-8478-7ED0A94CD0CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BB9E8E2A-3744-4DC3-B6A7-1794064E77B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D238F2F1-E30C-4195-ABA8-A11BE4A5FE56}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADDE32C-29BB-4563-8BCC-AD9D8929EE96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2D0454E-41B5-4B89-9579-09FD4B02C17C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4AC942B-37F7-47FF-B72A-6C71935D261E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB8FF072-879F-4EE4-9421-639C17EF0EDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006A4144-6F47-424B-BDC5-95CC65E61A51}" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\temp\7zs1f43.tmp\symnrt.exe |
"{00DE7BB8-A291-4553-96A5-9AD41EAAB46A}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{08E01787-5E59-4705-9602-A17CB7F2140E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11406BD0-7FAD-428E-BD07-F1E315E4DAA1}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{14EE3D79-E3D8-4DA9-8AF3-C5E70EE5E958}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{15244E30-A344-4DC6-A6A9-9DADBC1C7A9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19C3DFE4-B9C9-4294-B961-A8D6BE67A941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19DEBC02-A254-4CCD-B8B0-A7390D793D96}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28FF8544-0156-4AFA-A5D5-6C58B0A0D446}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{2B959B95-6EEB-4D12-8B8D-2102F2E93F4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2E305402-0505-40D7-B41B-5079F2AFA3AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E7C8CD2-42E6-4754-BAFF-8488CBD45764}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A6D852C-C824-44A1-A52E-FF8EB21EAAFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{431EC1EE-3056-4418-812C-7D0C15F8AD44}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4789A45E-9DD1-4255-86ED-9A96AC0F1D1D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{54948C25-BED4-4057-B34D-8E448184AA95}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe |
"{579EBF93-A5AF-416D-9271-6BC46C7DE6B7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5DAFE74C-3A56-4C60-85FC-1D9F0C128929}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F9260FE-8772-446F-A23F-51DBDED94BA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{629327CD-F328-4B3B-A746-B0C08811136F}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{659D454B-1B3B-445F-81A1-5DA850DBA96C}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{6D77F44C-27FA-49B1-80F4-5466D2625D14}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{6F7BFC59-E98C-4EBE-9E1E-5F134CFEBBD0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{74C19856-7F14-4CA2-803C-AF8EF67FBAF6}" = protocol=6 | dir=out | app=system |
"{75772927-8D73-4FAA-9F4A-1CA72A7A1F08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D10811B-2F46-44B9-AE07-395D2C7A9104}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{7E6FEC82-A367-41A5-BC4E-93469F6D8AAB}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe |
"{848B0220-2A32-43EF-82CD-AC07E5FBCCE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{880C69EA-29E9-4ADC-889C-80FF9EE79A22}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8898CFD3-2E4F-4A91-83CB-C94DCB3BF221}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{916225DE-4C3C-4AB4-9EBC-975D6ECFFEDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B30DE02-2336-476D-8F35-FC2CDD84F416}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FC69FB8-9E64-423A-9E89-6B2356B239A5}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{9FF20D7F-94A5-47FB-98CB-7ACAA8E157BA}" = protocol=6 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{A498D6DB-4D1D-4DBC-A16A-79AC8E7AC2AE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{A77982B6-0D88-4F1E-9571-9C7147DABE4D}" = protocol=17 | dir=in | app=c:\users\moon\appdata\roaming\mjusbsp\magicjack.exe |
"{AE4968E0-E2A6-4D42-ACC7-D979C6A6639D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B0DF634E-F68C-4DB2-ADB4-8D625C299E92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1A8BEC0-A214-47EF-975B-EFFF6C61FD97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3C5AFAB-294A-4F70-AA5D-642AD6E8F148}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7D56A00-D275-4F46-BC1A-D954BF7790D6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B8F65173-55FC-4651-89D7-B3E74441B1DB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BEFC53ED-F119-47A9-AD31-F6465933D496}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5C0482E-8B6E-46BB-A7F0-ED1E7AA5424B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E07F447B-852C-4CB6-8DF7-F01949A95A27}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{E33546BA-B6F8-468C-B343-7D565A3D3960}" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\temp\7zs1f43.tmp\symnrt.exe |
"{E4E8A536-5A0D-4B52-BDDF-6E79DAC3E8FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8F85B10-7509-40BD-81A9-93594EF182AC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EEE8C114-FB2B-4587-A12C-0C162CC61238}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F067B216-B018-4904-A13B-E320A23163A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{15822773-54C0-4491-81CB-A71A97D19280}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{1DF9B258-FFE1-41FE-A410-0510B91FA7D6}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{27808AE8-3636-4110-9D90-77A2C5D9C8CF}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"TCP Query User{37DF9809-1ADA-40F9-825D-033F0B4997EA}C:\windows\system32\ppshell.exe" = protocol=6 | dir=in | app=c:\windows\system32\ppshell.exe |
"TCP Query User{3B217C40-F5F7-41AA-BE62-F92492F54DEE}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{51121AED-B8B2-403B-AEB4-DBE4C2DF46B8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{56666C0E-95F7-41D3-81AD-0650DD18C30B}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{69CD6180-FFD2-41B4-B918-AFEC6512C0F0}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{82E07F57-1AF4-4423-81E4-C19F2B7FE5A5}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{85A3B0C9-D275-44AE-99C1-6D7AC4A6ACB4}C:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe |
"TCP Query User{8A781CC6-0DB7-42D7-A7CD-074FC470287A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AB3A710E-2D09-4DB5-BF11-6DE1FF6D9B52}C:\windows\system32\ppshell.exe" = protocol=6 | dir=in | app=c:\windows\system32\ppshell.exe |
"TCP Query User{ADADDEBE-2A9B-4E41-97DC-72FDA0FD1945}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B4BB992F-C20E-4110-811E-FC0FE31C8BE8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B9C9B71A-0907-4DFB-87DA-1E74379030AA}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"TCP Query User{DF948FD7-63A6-4D62-95FB-800710AECF16}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{DFD88569-EF06-41D8-981B-F5F021A51F42}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F5CA9C79-FF6C-461D-BFDD-E206103C834E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0523BCC8-4ED6-4A6B-9E9C-0823497D9B04}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1C03EEFF-715B-40FE-BF95-A7C52A88AA5D}C:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\moon\appdata\local\temp\wzse1.tmp\symnrt.exe |
"UDP Query User{3FB2A0AE-B611-4E3B-A286-3FE1E61589BE}C:\windows\system32\ppshell.exe" = protocol=17 | dir=in | app=c:\windows\system32\ppshell.exe |
"UDP Query User{4EDA1C13-80A3-494B-87DD-33276399C739}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{5C7692B8-932B-43FC-B23C-D1EA1834CE0C}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{6225B3E4-979D-4FBC-9935-29703A7E69AB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{74DFE588-0E99-4839-A343-6EB5B8A102A2}C:\program files\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero showtime\showtime.exe |
"UDP Query User{95A25B80-665A-4D03-9266-8CEE85294F6C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9E279D0E-7856-41DB-94B4-5F22C20028F2}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"UDP Query User{B8904754-B6A9-4BCB-9001-3E7E1A1896C4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C2FEC91C-BD5E-4F94-89D0-5C7449D4D036}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9639CDC-025C-4583-BEFD-D74D732A9C3D}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe |
"UDP Query User{CCC78AEF-D073-450C-83FF-246492575C53}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{D0DBC857-6896-4DB5-8CF7-817E075944AC}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{D4EEEDF6-DF30-4450-B7A1-2C36F564AA32}C:\windows\system32\ppshell.exe" = protocol=17 | dir=in | app=c:\windows\system32\ppshell.exe |
"UDP Query User{DA6D863A-F176-4050-8BDB-F49867E7118D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E6B6FF59-28F5-4E72-8C7A-8A3A5FB634F8}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{EEB18A77-B961-45D7-A39D-1B5018062FAF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2ade169a-6267-4946-865e-26a0955c1be2}" = Nero 9
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59482AA7-3E30-4B5E-A52F-4101DACC2707}" = Nero InCD
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX™ 1.2 SDK
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6333AB7-7C1F-4817-9805-40E048F95C7B}_is1" = AdvancedDefrag 4.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe® Flash® Player 10 Plugin
"avast5" = avast! Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"RealPlayer 12.0" = RealPlayer
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6b-test1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1185312727-2915035481-1072167887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2010 9:48:48 PM | Computer Name = Moon-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x430, application
start time 0x01cb667fb226cba9.

Error - 07/10/2010 10:26:05 PM | Computer Name = Moon-PC | Source = VSS | ID = 8194
Description =

Error - 07/10/2010 10:27:20 PM | Computer Name = Moon-PC | Source = SPP | ID = 16387
Description =

Error - 07/10/2010 10:27:20 PM | Computer Name = Moon-PC | Source = System Restore | ID = 8193
Description =

Error - 08/10/2010 1:37:27 AM | Computer Name = Moon-PC | Source = VSS | ID = 8194
Description =

Error - 09/10/2010 11:30:53 PM | Computer Name = Moon-PC | Source = Application Error | ID = 1000
Description = Faulting application ecqozftz.exe, version 1.0.15.15281, time stamp
0x4b2763f0, faulting module ecqozftz.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0xf44, application
start time 0x01cb682a59a77c6b.

Error - 09/10/2010 11:43:08 PM | Computer Name = Moon-PC | Source = Perflib | ID = 1010
Description =

Error - 10/10/2010 1:25:48 AM | Computer Name = Moon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2010 1:25:51 AM | Computer Name = Moon-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2010 1:33:58 AM | Computer Name = Moon-PC | Source = Windows Search Service | ID = 3024
Description =

[ System Events ]
Error - 09/10/2010 10:44:52 PM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2010 1:38:28 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2010 1:38:28 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2010 1:38:28 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2010 1:38:28 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2010 1:47:50 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2010 1:47:50 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2010 1:47:50 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2010 1:47:51 AM | Computer Name = Moon-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/10/2010 2:02:23 AM | Computer Name = Moon-PC | Source = DCOM | ID = 10010
Description =


< End of report >

MBRCheck_10.10.10_02.11.20

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite Pro A200
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 155):
0x8204F000 \SystemRoot\system32\ntoskrnl.exe
0x8201C000 \SystemRoot\system32\hal.dll
0x8280D000 \SystemRoot\system32\kdcom.dll
0x82814000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82884000 \SystemRoot\system32\PSHED.dll
0x82895000 \SystemRoot\system32\BOOTVID.dll
0x8289D000 \SystemRoot\system32\CLFS.SYS
0x828DE000 \SystemRoot\system32\CI.dll
0x829BE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A3A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A47000 \SystemRoot\system32\drivers\acpi.sys
0x82A8D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82A96000 \SystemRoot\system32\drivers\msisadrv.sys
0x82A9E000 \SystemRoot\system32\drivers\pci.sys
0x82AC5000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x82ACF000 \SystemRoot\System32\drivers\partmgr.sys
0x82ADE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82AE1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82AEB000 \SystemRoot\system32\drivers\volmgr.sys
0x82AFA000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B44000 \SystemRoot\system32\drivers\intelide.sys
0x82B4B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B59000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82B86000 \SystemRoot\System32\drivers\mountmgr.sys
0x82B96000 \SystemRoot\system32\drivers\atapi.sys
0x82B9E000 \SystemRoot\system32\drivers\ataport.SYS
0x82BBC000 \SystemRoot\system32\drivers\fltmgr.sys
0x82BEE000 \SystemRoot\system32\drivers\fileinfo.sys
0x82800000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x86400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86471000 \SystemRoot\system32\drivers\ndis.sys
0x8657C000 \SystemRoot\system32\drivers\msrpc.sys
0x865A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x865E2000 \SystemRoot\System32\drivers\tcpip.sys
0x866CC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x866E7000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86806000 \SystemRoot\system32\drivers\volsnap.sys
0x8683F000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x86844000 \SystemRoot\System32\Drivers\spldr.sys
0x8684C000 \SystemRoot\System32\Drivers\mup.sys
0x8685B000 \SystemRoot\System32\drivers\ecache.sys
0x86882000 \SystemRoot\system32\drivers\disk.sys
0x86893000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x868B4000 \SystemRoot\system32\drivers\crcdisk.sys
0x868BD000 \SystemRoot\System32\Drivers\avgrkx86.sys
0x868DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x868EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x868F3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B006000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B6C1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B762000 \SystemRoot\System32\drivers\watchdog.sys
0x8B76E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x86902000 \SystemRoot\system32\DRIVERS\athr.sys
0x869E9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x86A26000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x86A31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x86A6F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x86A7E000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x86A8E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x86A9C000 \SystemRoot\system32\drivers\tifm21.sys
0x86AE9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B7FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x86B03000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x86B16000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86B21000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B000000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x86B53000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B002000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x86B5E000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x86B75000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x86B8D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x86B93000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B80D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B84E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B859000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B870000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B87B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B89E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B8AD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B8C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B8D6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8B95F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B96F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B971000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B99B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B9A5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B9B2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B9E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B9F8000 \SystemRoot\system32\drivers\HdAudio.sys
0x8BA37000 \SystemRoot\system32\drivers\portcls.sys
0x8BA64000 \SystemRoot\system32\drivers\drmk.sys
0x8BA89000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8BBA5000 \SystemRoot\system32\drivers\modem.sys
0x8BBB2000 \SystemRoot\system32\DRIVERS\InCDRec.sys
0x8BBB6000 \SystemRoot\system32\DRIVERS\InCDFs.sys
0x8BBD5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BBDE000 \SystemRoot\System32\Drivers\Null.SYS
0x8BBE5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BBEC000 \SystemRoot\System32\drivers\vga.sys
0x86BC2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BBF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B800000 \SystemRoot\system32\drivers\rdpencdd.sys
0x86BE3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x86BEE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x867F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BC0B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BC21000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8BC2B000 \SystemRoot\system32\drivers\sbtis.sys
0x8BC5B000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8BC74000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BC88000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BCBA000 \SystemRoot\system32\drivers\afd.sys
0x8BD02000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8BD07000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BD1D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BD2B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BD3E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BD7A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BD84000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8BD89000 \SystemRoot\system32\drivers\csc.sys
0x8BDE4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BDFB000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8BE01000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8BE52000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8BE79000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BE86000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BE91000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95C30000 \SystemRoot\System32\win32k.sys
0x8BE99000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BEA3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95E50000 \SystemRoot\System32\TSDDD.dll
0x95E70000 \SystemRoot\System32\cdd.dll
0x8BEB2000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8BEE9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8BEF4000 \SystemRoot\system32\drivers\spsys.sys
0x8BFA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8BFB4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BFDE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8BFE8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB801000 \SystemRoot\system32\drivers\HTTP.sys
0xAB86E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB88B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB8A4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB8B9000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB8DA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB8F9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB932000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB94A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB971000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB9BF000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xAB9C3000 \SystemRoot\system32\drivers\peauth.sys
0xABAA1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABAAB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABAB7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77460000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
480 csrss.exe
524 C:\Windows\System32\wininit.exe
532 csrss.exe
580 C:\Windows\System32\winlogon.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\audiodg.exe
1184 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\SLsvc.exe
1256 C:\Windows\System32\svchost.exe
1432 C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
1568 C:\Windows\System32\svchost.exe
1720 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1748 C:\Windows\System32\dwm.exe
1768 C:\Windows\explorer.exe
2044 C:\Windows\System32\spoolsv.exe
204 C:\Windows\System32\taskeng.exe
300 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\agrsmsvc.exe
944 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
332 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2060 C:\Program Files\Bonjour\mDNSResponder.exe
2072 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2300 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2336 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2364 C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
2404 C:\Windows\System32\IoctlSvc.exe
2420 C:\Windows\System32\svchost.exe
2464 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2536 C:\Windows\System32\svchost.exe
2564 C:\Windows\System32\TODDSrv.exe
2584 C:\Windows\System32\svchost.exe
2612 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2712 C:\Windows\System32\SearchIndexer.exe
3232 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3276 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
3284 C:\Program Files\Nero\Tools\InCD\NBHGui.exe
3304 C:\Program Files\ltmoh\ltmoh.exe
3336 C:\Program Files\Nero\Tools\InCD\InCD.exe
3424 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3432 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3440 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3596 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3704 C:\Windows\System32\taskeng.exe
4088 C:\Program Files\Windows Media Player\wmpnscfg.exe
2272 C:\Program Files\Windows Media Player\wmpnetwk.exe
2352 C:\Program Files\RapidBIT\cidaemon.exe
3296 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
3224 C:\Windows\servicing\TrustedInstaller.exe
4632 C:\Windows\System32\taskeng.exe
5220 C:\Windows\System32\wuauclt.exe
5600 C:\Windows\System32\SearchProtocolHost.exe
3132 C:\Windows\System32\SearchProtocolHost.exe
5004 C:\Windows\System32\SearchFilterHost.exe
4776 C:\Users\Moon\Desktop\MBRCheck.exe
5188 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2120BH, Rev: 00400013

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!



#12 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 10 October 2010 - 02:09 AM

"How is your computer running?"

I don't know. I 'm using it just to perform scans to create logs for you. It seems running OK just to perform these tasks.

......"While I was running ComboFix, I got this msg.
" ComboFix has detected the presence of rootkit activity and need
to reboot the machine.
Service: AFD
File: C:\Windows\system32\drivers\afd.sys"

after clicking on "OK", my laptop is keep trying to restart but all I get a "blue screen" and it restarts.
I am now trying "Startup Repair" for last one hour but it's going nowhere."


#13 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:13 AM

Posted 11 October 2010 - 07:51 AM

Hello FaisalFarani1,

QUOTE
don't know. I 'm using it just to perform scans to create logs for you. It seems running OK just to perform these tasks.

......"While I was running ComboFix, I got this msg.
" ComboFix has detected the presence of rootkit activity and need
to reboot the machine.
Service: AFD
File: C:\Windows\system32\drivers\afd.sys"

after clicking on "OK", my laptop is keep trying to restart but all I get a "blue screen" and it restarts.
I am now trying "Startup Repair" for last one hour but it's going nowhere."

This was because of the rootkit. You are not getting that message now are you?

Thanks!!
PW

#14 FaisalFarani1

FaisalFarani1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oshawa, Canada
  • Local time:07:13 AM

Posted 11 October 2010 - 07:10 PM

Hello pwgib,

no I am not getting that msg. anymore but I had to perform a system restore to get rid off it.
Are we done? is my laptop cleaned up now?

#15 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:13 AM

Posted 12 October 2010 - 07:34 AM

Hello FaisalFarani1,

Step 1.

We need to check a file.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\ProgramData\vJSn01.dat

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Step 2.

I see you have a number of AVG8 and Symantec remnants on your computer.

Please go here download and run the AVG Remover

Now go here or here to download and run the Norton / Symantec Removal Tool
QUOTE
The Norton Removal Tool uninstalls all Norton 2010/2009/2008/2007/2006/2005/2004/2003 products, Norton 360 and Norton SystemWorks 12.0 from your computer


Step 3.

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
    O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    [2010/09/12 20:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

    :Reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{006A4144-6F47-424B-BDC5-95CC65E61A51}"-

    :commands
    [EmptyTemp]

  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
Step 4.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
<<Note: If ESET finds nothing there will be no log produced

Step 5.

================================OTL Follow up scan=================================

Please read the directions carefully as they have changed from the last scan.

We need to create an OTL Report
  1. Please download OTL from the following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. In the Extra Registry box make sure that Use Safelist is checked.
  5. Click the "Scan All Users" checkbox.
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTList.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Step 6.

We need to get another GMER report
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

In your next reply please include the following:

Jotti scan results
OTL report
ESET log
OTList.txt <-- Will be opened
Extra.txt <-- Will be minimized

GMER report


Thanks!!
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users