Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

|Win32/Olmarik| having serious problems.


  • This topic is locked This topic is locked
28 replies to this topic

#1 ZakDank

ZakDank

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 October 2010 - 07:04 AM

Hi, my eset nod is constantly giving me Warnings of an olmarik Trojan in my operating memory.

I am not a newbie when it comes down to computers so i already had plenty of scanners and ill post the logs.

2 programs suggested, do not work for me.

Combo-fix: Generally getting stuck or disappearing completely. It has managed to scan once, but no log was produced. it has also seemingly removed the olmarik twice, but it also caused other severe problems. NO desktop backgrounds, No thumbnails etc.

Root Repeal: gives an error on start-up of IoDevice.

logs: please note , i have edited some to remove personal information , Emails etc.

I also have issues with blue screens , long loading times , and sometimes the computer not passing POST for a few days. just wandering if this is related because it started happening when this trojan started.

EDIT: i have attached a .txt file with some more logs.

MBR Check:
CODE
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows Vista Ultimate Edition
Windows Information:         (build 6000), 32-bit
Base Board Manufacturer:    ASUSTeK Computer INC.
BIOS Manufacturer:        Phoenix Technologies, LTD
System Manufacturer:        System manufacturer
System Product Name:        System Product Name
Logical Drives Mask:        0x0000003d

Kernel Drivers (total 162):
  0x82400000 \SystemRoot\system32\ntoskrnl.exe
  0x82795000 \SystemRoot\system32\hal.dll
  0x806C6000 \SystemRoot\system32\kdcom.dll
  0x80666000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8065D000 \SystemRoot\system32\PSHED.dll
  0x80655000 \SystemRoot\system32\BOOTVID.dll
  0x8061A000 \SystemRoot\system32\CLFS.SYS
  0x80539000 \SystemRoot\system32\CI.dll
  0x804BE000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x804B1000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x82F03000 \SystemRoot\System32\Drivers\spyq.sys
  0x804A8000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80482000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x8043F000 \SystemRoot\system32\drivers\acpi.sys
  0x80437000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80428000 \SystemRoot\system32\drivers\volmgr.sys
  0x80403000 \SystemRoot\system32\drivers\pci.sys
  0x82EF3000 \SystemRoot\System32\drivers\mountmgr.sys
  0x82EEB000 \SystemRoot\system32\drivers\viaide.sys
  0x82EDD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x82E93000 \SystemRoot\System32\drivers\volmgrx.sys
  0x82E8B000 \SystemRoot\system32\drivers\atapi.sys
  0x82E6D000 \SystemRoot\system32\drivers\ataport.SYS
  0x82E3C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82E2C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82D28000 \SystemRoot\system32\drivers\ndis.sys
  0x82CFD000 \SystemRoot\system32\drivers\msrpc.sys
  0x82CC4000 \SystemRoot\system32\drivers\NETIO.SYS
  0x882F8000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x82C5A000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82C24000 \SystemRoot\system32\drivers\volsnap.sys
  0x82C13000 \SystemRoot\system32\DRIVERS\uagp35.sys
  0x82C0B000 \SystemRoot\System32\Drivers\spldr.sys
  0x882E9000 \SystemRoot\System32\drivers\partmgr.sys
  0x882DA000 \SystemRoot\System32\Drivers\mup.sys
  0x882B5000 \SystemRoot\System32\drivers\ecache.sys
  0x88292000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x88281000 \SystemRoot\system32\drivers\disk.sys
  0x88260000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x82C02000 \SystemRoot\system32\drivers\crcdisk.sys
  0x80401000 \SystemRoot\System32\Drivers\avgrkx86.sys
  0x8B640000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8809C000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x89038000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8CCF8000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x89296000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x8B4B1000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x89008000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B499000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B5E0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x8B64B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8B40C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8906B000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8CCD6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8CC71000 \SystemRoot\System32\Drivers\a0ubq9ma.SYS
  0x891A1000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x8B656000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x8CC57000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8B76A000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8CC3F000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8CC2C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8B661000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8CC1A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8DBD5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8DB95000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8B66C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8CC03000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8B677000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8DB72000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8808D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8DA6F000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8B45D000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x8D9E8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0x8DA82000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8B68D000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x89189000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8D9A1000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8B774000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8D9CB000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8D96D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8B77E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x89380000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8D92E000 \SystemRoot\system32\drivers\HdAudio.sys
  0x8D901000 \SystemRoot\system32\drivers\portcls.sys
  0x8D8DC000 \SystemRoot\system32\drivers\drmk.sys
  0x8B562000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8B71A000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B721000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8D8AF000 \SystemRoot\system32\DRIVERS\ehdrv.sys
  0x8B56B000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x89310000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8B728000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x89195000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8902C000 \SystemRoot\System32\drivers\vga.sys
  0x8D881000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x890C9000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8D84A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8E092000 \SystemRoot\system32\DRIVERS\VX1000.sys
  0x8E330000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8D838000 \SystemRoot\system32\drivers\usbaudio.sys
  0x890F1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x890F9000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B6A3000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8D81A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B574000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8EB2E000 \SystemRoot\System32\drivers\tcpip.sys
  0x8D801000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8E07D000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8E064000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
  0x8E010000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8EAE7000 \SystemRoot\system32\drivers\afd.sys
  0x8EAB5000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8EA9F000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8B788000 \SystemRoot\system32\DRIVERS\rtlprot.sys
  0x8E002000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8EA7B000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x89109000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x8EA59000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x8B5F8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8EA1E000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8B792000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E98B000 \SystemRoot\system32\drivers\csc.sys
  0x8E974000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8B449000 \SystemRoot\System32\Drivers\avgmfx86.sys
  0x8E95E000 \SystemRoot\System32\Drivers\avgldx86.sys
  0x8E364000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8B6C4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x89111000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x89015000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x92600000 \SystemRoot\System32\win32k.sys
  0x8B7CE000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8DB27000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x92400000 \SystemRoot\System32\TSDDD.dll
  0x92410000 \SystemRoot\System32\cdd.dll
  0x93025000 \SystemRoot\system32\drivers\luafv.sys
  0x9AF34000 \SystemRoot\system32\DRIVERS\eamon.sys
  0x9AC26000 \SystemRoot\system32\drivers\spsys.sys
  0x92C60000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9C7AD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9C673000 \SystemRoot\system32\drivers\HTTP.sys
  0x9C598000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9C53F000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9C52B000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9C50B000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9C4ED000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9C4B4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9C4A2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9C47E000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9D3B4000 \SystemRoot\System32\DRIVERS\srv.sys
  0x8B736000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x9D172000 \SystemRoot\System32\Drivers\TBPanel.SYS
  0x9337D000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x8B471000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA7022000 \SystemRoot\system32\drivers\peauth.sys
  0x8B7E2000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x8B682000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x930E5000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8B6DA000 \SystemRoot\system32\drivers\tdtcp.sys
  0x8E288000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0xA7401000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0xA71EB000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x776E0000 \Windows\System32\ntdll.dll

Processes (total 64):
       0 System Idle Process
       4 System
     472 C:\Windows\System32\smss.exe
     608 csrss.exe
     660 csrss.exe
     668 C:\Windows\System32\wininit.exe
     704 C:\Windows\System32\services.exe
     716 C:\Windows\System32\lsass.exe
     724 C:\Windows\System32\lsm.exe
     752 C:\Windows\System32\winlogon.exe
     912 C:\Windows\System32\svchost.exe
     952 C:\Windows\System32\nvvsvc.exe
     980 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\svchost.exe
    1304 C:\Windows\System32\audiodg.exe
    1340 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\SLsvc.exe
    1456 C:\Windows\System32\svchost.exe
    1496 C:\Windows\System32\nvvsvc.exe
    1620 C:\Windows\System32\svchost.exe
    1816 C:\Windows\System32\spoolsv.exe
    1852 C:\Windows\System32\svchost.exe
     664 C:\Windows\System32\dwm.exe
     696 C:\Windows\System32\taskeng.exe
    1400 C:\Windows\explorer.exe
     820 C:\Program Files\Windows Defender\MSASCui.exe
    1480 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    2060 C:\Windows\vVX1000.exe
    2144 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    2160 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2168 C:\Program Files\Windows Sidebar\sidebar.exe
    2176 C:\Windows\ehome\ehtray.exe
    2184 C:\Program Files\DAEMON Tools Lite\daemon.exe
    2192 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2200 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    2208 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    2232 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    2280 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    2360 C:\Program Files\Bonjour\mDNSResponder.exe
    2392 C:\Windows\System32\svchost.exe
    2428 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    2584 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    2680 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    2696 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2772 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    2952 C:\Windows\System32\svchost.exe
    2984 C:\Windows\System32\svchost.exe
    3092 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    3112 C:\Windows\System32\svchost.exe
    3168 C:\Windows\System32\SearchIndexer.exe
    3732 C:\Windows\ehome\ehmsas.exe
    1196 C:\Program Files\Windows Sidebar\sidebar.exe
    2916 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3604 C:\Windows\System32\taskeng.exe
    3444 C:\Program Files\Mozilla Firefox\firefox.exe
    3648 C:\Windows\System32\svchost.exe
    3912 C:\Windows\System32\svchost.exe
    5036 C:\Program Files\Mozilla Firefox\plugin-container.exe
    6032 taskeng.exe
    1288 C:\Windows\servicing\TrustedInstaller.exe
    5460 C:\Users\Zak\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-00VYA0, Rev: 12.01B02

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Attached Files

  • Attached File  Rest.txt   185.15KB   1 downloads

Edited by ZakDank, 02 October 2010 - 07:09 AM.


BC AdBot (Login to Remove)

 


#2 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 October 2010 - 07:06 AM

OTL

CODE
OTL logfile created on: 9/26/2010 2:30:04 PM - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Zak\Desktop
Windows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16681)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 48.77 Gb Free Space | 16.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COOPER
Current User Name: Zak
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Zak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Zak\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (WinHttpAutoProxySvc) --  File not found
SRV - (VisualSVNServer) -- C:\Program Files\VisualSVN Server\httpd-wrapper.bat -k runservice -C LoadModule log_visualsvn_module bin\mod_log_visualsvn.so File not found
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe (mst software GmbH, Germany)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 7.0\bin\mysqld.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (PsSdk30) -- C:\Windows\System32\Drivers\PsSdk30.drv File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (epfwtdir) -- C:\Windows\System32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (GRISOFT, s.r.o.)
DRV - (AvgWfpX) -- C:\Windows\System32\Drivers\avgwfpx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (GRISOFT, s.r.o.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (PID_08A0) Labtec WebCam Pro(PID_08A0) -- C:\Windows\System32\drivers\LV302AV.SYS (Labtec Inc.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}:5.8.809.8522
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {23256f20-0d9b-4323-b005-6e5de569c4b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..network.proxy.socks_remote_dns: true


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 19:38:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 19:38:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/04 17:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/02 23:58:28 | 000,000,000 | ---D | M]

[2009/12/10 20:15:58 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mozilla\Extensions
[2009/12/10 20:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zak\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/03/18 16:44:54 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/25 18:42:42 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions
[2010/05/31 19:00:18 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/02/23 17:18:48 | 000,000,000 | ---D | M] (Google Gadget Plugin) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}
[2010/09/05 20:52:28 | 000,000,000 | ---D | M] (TranslatorBar 5.2 Toolbar) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}
[2008/06/24 15:17:45 | 000,000,000 | ---D | M] (BloodFire) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2008/06/24 12:44:54 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2010/05/31 19:00:15 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/02/10 19:18:43 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/12/01 18:17:03 | 000,000,000 | ---D | M] (The Pirate Bay Toolbar) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}
[2010/05/31 19:00:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/31 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\firebug@software.joehewitt.com
[2010/07/10 13:38:36 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\LogMeInClient@logmein.com
[2008/10/11 00:16:24 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\OberonGameHost@OberonGames.com
[2010/05/31 19:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/09/25 18:42:43 | 000,000,950 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-1.xml
[2010/02/21 12:22:53 | 000,000,961 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-2.xml
[2010/03/31 22:55:17 | 000,000,961 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-3.xml
[2010/06/24 23:30:02 | 000,000,961 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-4.xml
[2010/07/18 11:36:09 | 000,000,950 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-5.xml
[2010/08/05 12:51:17 | 000,000,950 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-6.xml
[2010/09/10 16:45:53 | 000,000,950 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-7.xml
[2010/09/16 19:39:04 | 000,000,950 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-8.xml
[2008/03/31 10:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin.gif
[2008/03/31 10:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin.src
[2010/01/07 16:53:06 | 000,000,955 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin.xml
[2008/06/25 15:37:56 | 000,001,406 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\siteadvisor.gif
[2008/06/25 15:37:56 | 000,000,276 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\siteadvisor.src
[2008/06/25 15:37:37 | 000,002,386 | ---- | M] () -- C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\siteadvisor.xml
[2010/09/03 00:37:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/23 01:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/09/03 00:37:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/18 06:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {620395C9-5C2B-4474-89B6-D2A63CEA2EF8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\Zak\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zak\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{05dbce94-4046-11dd-82b3-001d60548566}\Shell - "" = AutoRun
O33 - MountPoints2\{1b5463d7-cdd7-11dd-b935-000060548566}\Shell - "" = AutoRun
O33 - MountPoints2\{1b5463d7-cdd7-11dd-b935-000060548566}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{853d5c34-4611-11de-bbeb-001d60548566}\Shell - "" = AutoRun
O33 - MountPoints2\{9fd92eb7-5a5b-11dd-b970-001d60548566}\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/09/26 14:19:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Zak\Desktop\OTL.exe
[2010/09/18 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Zak\Desktop\Plugins
[2010/09/11 17:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Game Maker 8 Pro
[2010/09/11 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2010/09/11 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2010/09/11 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2010/09/11 16:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Game_Maker8
[2010/09/06 13:39:11 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2010/09/06 13:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/09/05 23:45:45 | 000,000,000 | ---D | C] -- C:\Users\Zak\Documents\WoodsideAve
[2010/09/05 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Zak\Documents\intelliScore
[2010/09/05 21:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
[2010/09/05 20:58:19 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Roaming\Music Recognition
[2010/09/05 20:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\TallStick
[2010/09/05 17:45:03 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Roaming\Malwarebytes
[2010/09/05 17:44:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/05 17:44:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/05 17:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/05 17:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/03 16:00:56 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Local\ESET
[2010/09/02 23:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/09/02 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Local\{F3A61F01-76BD-4F66-BC2A-7F78E7E22214}
[2010/09/02 23:09:37 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Local\Windows Server
[2010/09/02 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\TablEdit
[2010/09/02 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Roaming\ACAMPREF
[2010/08/31 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Zak\Desktop\Client
[2010/08/31 15:11:32 | 000,000,000 | ---D | C] -- C:\Users\Zak\Desktop\School Work
[2010/08/31 13:49:36 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/08/31 13:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/31 13:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/15 19:52:42 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Roaming\Download Manager
[2010/08/07 13:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft1 - Copy
[2010/08/06 14:21:17 | 000,000,000 | ---D | C] -- C:\Users\Zak\Documents\WildWestMMo
[2010/08/05 17:29:41 | 000,000,000 | ---D | C] -- C:\Users\Zak\AppData\Local\LogMeIn
[2010/08/05 17:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/08/05 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/08/05 13:29:32 | 000,000,000 | ---D | C] -- C:\Trinity Core
[2010/07/04 20:50:25 | 000,000,000 | ---D | C] -- C:\Users\Zak\Desktop\Wow Stuff
[2010/06/28 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\Zak\Documents\Nucleur Winter
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/09/26 14:30:19 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34FF92BF-6DF5-4771-98BE-119A43F2B347}.job
[2010/09/26 14:21:58 | 007,340,032 | -HS- | M] () -- C:\Users\Zak\ntuser.dat
[2010/09/26 14:20:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zak\Desktop\OTL.exe
[2010/09/26 14:00:31 | 000,002,368 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 14:00:31 | 000,002,368 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 13:00:48 | 000,034,709 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/26 13:00:48 | 000,034,709 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/26 13:00:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/26 13:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/26 01:19:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/26 01:19:19 | 006,291,456 | -H-- | M] () -- C:\Users\Zak\AppData\Local\IconCache.db
[2010/09/19 18:00:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2010/09/12 20:48:50 | 000,238,592 | ---- | M] () -- C:\Users\Zak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 16:48:04 | 000,002,645 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/09/11 16:47:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp
[2010/09/11 16:47:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp
[2010/09/07 13:23:48 | 000,626,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/07 13:23:47 | 000,107,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/07 13:23:46 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/03 00:06:20 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/02 23:37:30 | 000,305,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/02 23:11:35 | 000,000,120 | ---- | M] () -- C:\Users\Zak\AppData\Local\Qxekivuluyetofiw.dat
[2010/09/02 23:11:35 | 000,000,000 | ---- | M] () -- C:\Users\Zak\AppData\Local\Yfetoyow.bin
[2010/09/02 22:01:28 | 000,082,936 | ---- | M] () -- C:\Users\Zak\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/02 15:13:12 | 000,000,022 | ---- | M] () -- C:\Windows\tabled32.ini
[2010/08/31 15:06:13 | 000,000,431 | ---- | M] () -- C:\Users\Zak\Desktop\games.lnk
[2010/08/31 15:06:03 | 000,000,443 | ---- | M] () -- C:\Users\Zak\Desktop\Game+General work.lnk
[2010/08/31 15:05:54 | 000,000,419 | ---- | M] () -- C:\Users\Zak\Desktop\Tools.lnk
[2010/08/31 13:49:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/08/08 21:58:16 | 000,378,720 | ---- | M] () -- C:\Users\Zak\Documents\clip0033.avi.sfk
[2010/08/08 21:58:16 | 000,110,400 | ---- | M] () -- C:\Users\Zak\Documents\clip0032.avi.sfk
[2010/08/07 20:06:40 | 000,000,892 | ---- | M] () -- C:\Users\Zak\Desktop\Wow.exe - Shortcut.lnk
[2010/08/07 20:06:28 | 000,000,948 | ---- | M] () -- C:\Users\Zak\Desktop\WoWEmuHacker5.exe - Shortcut.lnk
[2010/08/06 15:41:37 | 000,085,111 | ---- | M] () -- C:\Users\Zak\Documents\map.jpg
[2010/07/06 15:56:17 | 000,105,958 | ---- | M] () -- C:\Users\Zak\Documents\clip0025.avi
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/11 16:47:50 | 000,002,645 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2010/09/11 16:47:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp
[2010/09/11 16:47:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp
[2010/09/05 21:15:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\imsfchk.dll
[2010/09/02 23:11:35 | 000,000,120 | ---- | C] () -- C:\Users\Zak\AppData\Local\Qxekivuluyetofiw.dat
[2010/09/02 23:11:35 | 000,000,000 | ---- | C] () -- C:\Users\Zak\AppData\Local\Yfetoyow.bin
[2010/09/02 15:13:12 | 000,000,022 | ---- | C] () -- C:\Windows\tabled32.ini
[2010/08/31 15:06:13 | 000,000,431 | ---- | C] () -- C:\Users\Zak\Desktop\games.lnk
[2010/08/31 15:06:03 | 000,000,443 | ---- | C] () -- C:\Users\Zak\Desktop\Game+General work.lnk
[2010/08/31 15:05:54 | 000,000,419 | ---- | C] () -- C:\Users\Zak\Desktop\Tools.lnk
[2010/08/31 13:33:41 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/08 21:43:04 | 000,378,720 | ---- | C] () -- C:\Users\Zak\Documents\clip0033.avi.sfk
[2010/08/08 21:43:04 | 000,110,400 | ---- | C] () -- C:\Users\Zak\Documents\clip0032.avi.sfk
[2010/08/06 15:41:36 | 000,085,111 | ---- | C] () -- C:\Users\Zak\Documents\map.jpg
[2010/07/17 18:41:00 | 000,034,709 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/17 18:39:54 | 000,034,709 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/06 15:40:06 | 000,105,958 | ---- | C] () -- C:\Users\Zak\Documents\clip0025.avi
[2010/07/05 14:03:14 | 000,000,892 | ---- | C] () -- C:\Users\Zak\Desktop\Wow.exe - Shortcut.lnk
[2010/06/15 20:59:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\imsised.dll
[2010/03/30 19:16:33 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/12/31 00:51:27 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009/07/30 23:26:39 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/07/28 14:45:40 | 000,000,318 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2009/07/28 01:59:23 | 000,000,261 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/05/23 16:48:16 | 000,002,508 | ---- | C] () -- C:\Users\Zak\AppData\Roaming\$_hpcst$.hpc
[2009/05/11 19:13:46 | 000,000,990 | -HS- | C] () -- C:\Users\Zak\AppData\Roaming\systemfl.$dk
[2009/03/05 14:11:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/01/28 19:30:05 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/11 13:27:24 | 000,000,259 | ---- | C] () -- C:\Users\Zak\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
[2008/12/11 12:53:20 | 000,000,207 | ---- | C] () -- C:\Users\Zak\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2008/09/19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/05 21:11:16 | 000,000,353 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/08 17:54:00 | 000,000,091 | ---- | C] () -- C:\Users\Zak\AppData\Local\fusioncache.dat
[2008/07/01 22:20:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2008/07/01 22:20:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\COMSocketServer.dll
[2008/06/25 14:45:17 | 000,110,321 | ---- | C] () -- C:\ProgramData\BM2f63c08b.xml
[2008/06/25 14:45:17 | 000,103,715 | ---- | C] () -- C:\ProgramData\BM2f63c08b.txt
[2008/06/25 14:45:17 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/06/16 19:25:49 | 000,000,035 | ---- | C] () -- C:\Windows\dice.ini
[2008/06/14 23:16:33 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/06/14 23:16:33 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/06/07 11:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/05/05 21:33:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/05/04 13:51:52 | 000,000,171 | ---- | C] () -- C:\Windows\icecast2.ini
[2008/05/01 16:03:26 | 000,110,592 | ---- | C] () -- C:\Windows\System32\suppdll.dll
[2008/05/01 16:03:26 | 000,035,363 | ---- | C] () -- C:\Windows\System32\windrvNT.sys
[2008/04/19 22:32:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\29BD5DC0B9.sys
[2008/04/19 22:32:01 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/03/25 22:12:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/03/12 20:28:24 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008/02/18 16:45:35 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/01/26 23:15:42 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/01/11 22:38:47 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2007/12/30 13:46:52 | 000,138,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/12/30 13:46:51 | 000,022,328 | ---- | C] () -- C:\Users\Zak\AppData\Roaming\PnkBstrK.sys
[2007/12/26 18:18:08 | 000,238,592 | ---- | C] () -- C:\Users\Zak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 13:35:01 | 000,000,552 | ---- | C] () -- C:\Users\Zak\AppData\Local\d3d8caps.dat
[2007/12/26 12:40:25 | 000,000,680 | ---- | C] () -- C:\Users\Zak\AppData\Local\d3d9caps.dat
[2007/04/10 22:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007/02/05 01:38:16 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MD5.dll
[2006/11/02 13:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2005/05/08 17:56:00 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/03/17 18:15:00 | 000,000,117 | ---- | C] () -- C:\Windows\smp32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009/05/11 19:13:49 | 000,000,000 | -HSD | M] -- C:\Users\Zak\AppData\Roaming\.#
[2010/09/02 23:35:33 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\ACAMPREF
[2008/12/09 18:25:52 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\AidMaker
[2010/05/04 22:59:21 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\AVG7
[2010/09/02 23:55:30 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Azureus
[2008/01/26 23:20:37 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\DAEMON Tools
[2009/04/14 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Darkfall
[2009/11/05 23:35:18 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\FileZilla
[2008/09/21 11:45:28 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Filter Forge
[2010/02/21 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Filter Forge Freepack 1 - Metals
[2010/02/21 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2008/11/30 16:56:09 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\GetRightToGo
[2009/05/05 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Grig Software
[2008/12/07 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\HiYo
[2009/12/23 01:23:20 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\ICQ
[2008/01/14 17:56:45 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\ICQ Toolbar
[2008/10/10 23:35:17 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\LG Electronics
[2010/09/07 00:50:20 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\LimeWire
[2008/07/10 19:32:18 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Mount&Blade
[2010/09/05 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Music Recognition
[2008/11/09 17:33:23 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Notepad++
[2010/06/27 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\PACE Anti-Piracy
[2010/01/08 20:57:28 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Pandora's Box 2
[2010/01/08 21:00:08 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Pandora's Box 3
[2008/06/16 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Poser Pro
[2010/08/08 21:58:01 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Publish Providers
[2008/07/09 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Sony
[2009/07/15 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\SQLyog
[2009/05/05 17:10:07 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Subversion
[2010/06/03 16:19:27 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\TeamViewer
[2009/09/05 15:34:31 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\The Path
[2008/07/02 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Thinstall
[2010/03/20 16:46:28 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Three Rings Design
[2009/12/10 20:15:57 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Thunderbird
[2010/06/03 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\TS3Client
[2009/08/13 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Unity
[2010/02/15 00:45:01 | 000,000,000 | ---D | M] -- C:\Users\Zak\AppData\Roaming\Wings3D
[2006/11/02 14:08:16 | 000,000,484 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/26 14:30:19 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34FF92BF-6DF5-4771-98BE-119A43F2B347}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Users\Zak\Documents\clip0025.avi:TOC.WMV
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:RykCJS87hDnQKS8HBKYIyTR
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AC707B50
@Alternate Data Stream - 1077 bytes -> C:\ProgramData\Microsoft:ebxNMcY1zVTimwfOHjmWUeW8
@Alternate Data Stream - 1015 bytes -> C:\Users\Zak\AppData\Local\8iWdnpr2Otvw:hiyqzfTt6K7e2hV7BeuV5XP3
< End of report >


OTS

CODE
OTS logfile created on: 10/1/2010 8:40:54 PM - Run 1
OTS by OldTimer - Version 3.1.38.1     Folder = C:\Users\Zak\Desktop
Windows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16681)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 33.12 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COOPER
Current User Name: Zak
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Quick Scan

[Processes - Safe List]
ots.exe -> C:\Users\Zak\Desktop\OTS.exe -> [2010/10/01 20:37:21 | 000,641,536 | ---- | M] (OldTimer Tools)
pmb.exe -> C:\Program Files\Pando Networks\Media Booster\PMB.exe -> [2010/10/01 17:30:32 | 002,969,496 | ---- | M] ()
lotro_mirkwood_engb_downloader_2.exe -> C:\Users\Zak\Desktop\LOTRO_Mirkwood_ENGB_Downloader_2.exe -> [2010/10/01 17:29:42 | 001,909,104 | ---- | M] ()
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010/09/28 15:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)
plugin-container.exe -> C:\Program Files\Mozilla Firefox\plugin-container.exe -> [2010/09/16 19:38:44 | 000,014,808 | ---- | M] (Mozilla Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/09/16 19:38:42 | 000,910,296 | ---- | M] (Mozilla Corporation)
hamachi-2.exe -> C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -> [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.)
vvx1000.exe -> C:\Windows\vVX1000.exe -> [2010/03/12 19:41:16 | 000,762,736 | ---- | M] (Microsoft Corporation)
mscams32.exe -> C:\Program Files\Microsoft LifeCam\MSCamS32.exe -> [2010/03/12 19:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/09/29 13:02:52 | 002,054,360 | ---- | M] (ESET)
tsvncache.exe -> C:\Program Files\TortoiseSVN\bin\TSVNCache.exe -> [2009/04/10 08:35:48 | 000,615,936 | ---- | M] (http://tortoisesvn.net)
explorer.exe -> C:\Windows\explorer.exe -> [2008/06/26 16:12:24 | 002,923,520 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/06/26 16:11:36 | 001,006,264 | ---- | M] (Microsoft Corporation)
wg111v3.exe -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe -> [2008/02/22 16:13:14 | 002,506,752 | ---- | M] ()
daemon.exe -> C:\Program Files\DAEMON Tools Lite\daemon.exe -> [2008/01/17 17:51:02 | 000,486,856 | ---- | M] (DT Soft Ltd)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)

[Modules - Safe List]
ots.exe -> C:\Users\Zak\Desktop\OTS.exe -> [2010/10/01 20:37:21 | 000,641,536 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2006/11/02 10:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(WinHttpAutoProxySvc) WinHTTP Web Proxy Auto-Discovery Service [On_Demand | Stopped] ->  -> File not found
(VisualSVNServer) VisualSVN Server [Disabled | Stopped] -> C:\Program Files\VisualSVN Server\httpd-wrapper.bat -k runservice -C LoadModule log_visualsvn_module bin\mod_log_visualsvn.so  -> File not found
(Hamachi2Svc) LogMeIn Hamachi 2.0 Tunneling Engine [Auto | Running] -> C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -> [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.)
(MSCamSvc) MSCamSvc [Auto | Running] -> C:\Program Files\Microsoft LifeCam\MSCamS32.exe -> [2010/03/12 19:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation)
(TeamViewer5) TeamViewer 5 [Disabled | Stopped] -> C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -> [2009/12/16 09:14:52 | 000,185,640 | ---- | M] (TeamViewer GmbH)
(EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/09/29 13:11:10 | 000,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET)
(DfSdkS) Defragmentation-Service [On_Demand | Stopped] -> C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe -> [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\System32\GameMon.des -> [2009/06/03 18:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.)
(MySQL) MySQL [Disabled | Stopped] -> C:\Program Files\MySQL\MySQL Server 7.0\bin\mysqld.exe -> [2009/05/27 21:19:32 | 007,570,048 | ---- | M] ()
(Steam Client Service) Steam Client Service [Disabled | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2009/01/09 13:24:33 | 000,104,944 | ---- | M] (Valve Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/06/26 16:11:36 | 000,265,912 | ---- | M] (Microsoft Corporation)
(WcesComm) Windows Mobile-2003-based device connectivity [Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)

[Driver Services - Safe List]
(PsSdk30) PsSdk30 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\PsSdk30.drv -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkfwd.sys -> File not found
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nwlnkflt.sys -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ipinip.sys -> File not found
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> C:\Windows\System32\drivers\blbdrive.sys -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation)
(VX1000) VX-1000 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VX1000.sys -> [2010/03/12 19:41:16 | 001,961,072 | ---- | M] (Microsoft Corporation)
(ivusb) Initio Driver for USB Default Controller [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ivusb.sys -> [2010/03/10 08:17:26 | 000,024,216 | ---- | M] (Initio Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\Windows\System32\drivers\epfwtdir.sys -> [2009/09/29 13:05:54 | 000,096,408 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\Windows\System32\drivers\ehdrv.sys -> [2009/09/29 13:02:58 | 000,108,792 | ---- | M] (ESET)
(eamon) eamon [File_System | Auto | Running] -> C:\Windows\System32\drivers\eamon.sys -> [2009/09/29 12:56:32 | 000,116,008 | ---- | M] (ESET)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\hamachi.sys -> [2009/09/23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.)
(viaide) viaide [Kernel | Boot | Running] -> C:\Windows\system32\drivers\viaide.sys -> [2008/06/26 16:08:19 | 000,020,024 | ---- | M] (VIA Technologies, Inc.)
(AvgRkx86) avgrkx86.sys [File_System | Boot | Running] -> C:\Windows\System32\Drivers\avgrkx86.sys -> [2008/06/25 15:56:11 | 000,012,424 | ---- | M] (GRISOFT, s.r.o.)
(AvgWfpX) AVG8 Firewall Driver x86 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\avgwfpx.sys -> [2008/06/25 15:56:09 | 000,068,104 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2008/06/25 15:56:06 | 000,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Stopped] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2008/06/25 15:56:04 | 000,026,184 | ---- | M] (GRISOFT, s.r.o.)
(atksgt) atksgt [Kernel | Auto | Running] -> C:\Windows\System32\drivers\atksgt.sys -> [2008/06/14 23:16:33 | 000,278,728 | ---- | M] ()
(lirsgt) lirsgt [Kernel | Auto | Running] -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/06/14 23:16:33 | 000,025,416 | ---- | M] ()
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2008/05/02 05:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            )
(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2008/01/26 23:15:42 | 000,716,272 | ---- | M] ()
(SCDEmu) SCDEmu [Kernel | System | Running] -> C:\Windows\System32\drivers\scdemu.sys -> [2007/08/07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.)
(UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lgusbdiag.sys -> [2007/07/11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.)
(USBModem) LGE Mobile USB Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lgusbmodem.sys -> [2007/07/11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.)
(usbbus) LGE Mobile Composite USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lgusbbus.sys -> [2007/07/11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.)
(RtlProt) Realtke RtlProt WLAN Utility Protocol Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\RtlProt.sys -> [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(TBPanel) TBPanel [Kernel | Auto | Running] -> C:\Windows\System32\drivers\TBPanel.sys -> [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider)
(Cardex) Cardex [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\TBPanel.sys -> [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider)
(xusb21) Xbox 360 Wireless Receiver Driver Service 21 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\xusb21.sys -> [2007/02/26 19:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/22 15:58:10 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/22 15:58:10 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(UMPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\umpass.sys -> [2006/11/02 09:55:22 | 000,007,168 | ---- | M] (Microsoft Corporation)
(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\winusb.sys -> [2006/11/02 09:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2006/11/02 09:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation)
(xnacc) XBOX 360 Controller For Windows Driver Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\xnacc.sys -> [2006/11/02 09:51:31 | 000,514,560 | ---- | M] (Microsoft Corporation)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ASACPI.sys -> [2004/08/13 10:56:20 | 000,005,810 | ---- | M] ()
(PID_08A0) Labtec WebCam Pro(PID_08A0) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\LV302AV.SYS -> [2004/01/21 02:14:42 | 000,271,360 | ---- | M] (Labtec Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.co.uk/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: URLSearchHooks\\"" [HKLM] -> Reg Error: Key error. [] -> File not found
HKEY_CURRENT_USER\: URLSearchHooks\\"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] -> C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2009/06/01 23:20:14 | 000,962,808 | ---- | M] (ICQ)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> ->
< FireFox Settings [Prefs.js] > -> C:\Users\Zak\AppData\Roaming\Mozilla\FireFox\Profiles\pgvawrwe.default\prefs.js ->
browser.search.defaultenginename -> "ICQ Search" ->
browser.search.selectedEngine -> "ICQ Search" ->
browser.startup.homepage -> "http://www.google.co.uk/" ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.5.4 ->
extensions.enabledItems -> {0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}:5.8.809.8522 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 ->
extensions.enabledItems -> {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 ->
extensions.enabledItems -> {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 ->
extensions.enabledItems -> LogMeInClient@logmein.com:1.0.0.608 ->
extensions.enabledItems -> {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {23256f20-0d9b-4323-b005-6e5de569c4b7}:2.7.2.0 ->
extensions.enabledItems -> {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 ->
network.proxy.socks_remote_dns -> true ->
< FireFox Settings [User.js] > -> C:\Users\Zak\AppData\Roaming\Mozilla\FireFox\Profiles\pgvawrwe.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/09/16 19:38:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/09/16 19:38:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions ->  ->
HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/02/04 17:42:50 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  ->
HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2010/09/02 23:58:28 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Users\Zak\AppData\Roaming\Mozilla\Extensions -> [2009/12/10 20:15:58 | 000,000,000 | ---D | M]
No name found   -> C:\Users\Zak\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2009/12/10 20:15:58 | 000,000,000 | ---D | M]
  -> C:\Users\Zak\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org -> [2009/03/18 16:44:54 | 000,000,000 | ---D | M]
  -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions -> [2010/10/01 18:08:17 | 000,000,000 | ---D | M]
Vista-aero   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} -> [2010/05/31 19:00:18 | 000,000,000 | ---D | M]
Google Gadget Plugin   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9} -> [2009/02/23 17:18:48 | 000,000,000 | ---D | M]
TranslatorBar 5.2 Toolbar   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7} -> [2010/09/05 20:52:28 | 000,000,000 | ---D | M]
BloodFire   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1} -> [2008/06/24 15:17:45 | 000,000,000 | ---D | M]
Aquatint Black   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66} -> [2008/06/24 12:44:54 | 000,000,000 | ---D | M]
iMacros for Firefox   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} -> [2010/05/31 19:00:15 | 000,000,000 | ---D | M]
Live HTTP Headers   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} -> [2010/02/10 19:18:43 | 000,000,000 | ---D | M]
The Pirate Bay Toolbar   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6} -> [2009/12/01 18:17:03 | 000,000,000 | ---D | M]
Greasemonkey   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2010/05/31 19:00:05 | 000,000,000 | ---D | M]
  -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\firebug@software.joehewitt.com -> [2010/05/31 18:59:54 | 000,000,000 | ---D | M]
  -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\LogMeInClient@logmein.com -> [2010/07/10 13:38:36 | 000,000,000 | ---D | M]
  -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\OberonGameHost@OberonGames.com -> [2008/10/11 00:16:24 | 000,000,000 | ---D | M]
No name found   -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions -> [2010/05/31 19:00:21 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
icqplugin-1.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-1.xml -> [2010/09/25 18:42:43 | 000,000,950 | ---- | M] ()
icqplugin-2.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-2.xml -> [2010/02/21 12:22:53 | 000,000,961 | ---- | M] ()
icqplugin-3.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-3.xml -> [2010/03/31 22:55:17 | 000,000,961 | ---- | M] ()
icqplugin-4.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-4.xml -> [2010/06/24 23:30:02 | 000,000,961 | ---- | M] ()
icqplugin-5.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-5.xml -> [2010/07/18 11:36:09 | 000,000,950 | ---- | M] ()
icqplugin-6.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-6.xml -> [2010/08/05 12:51:17 | 000,000,950 | ---- | M] ()
icqplugin-7.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-7.xml -> [2010/09/10 16:45:53 | 000,000,950 | ---- | M] ()
icqplugin-8.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin-8.xml -> [2010/09/16 19:39:04 | 000,000,950 | ---- | M] ()
icqplugin.gif -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin.gif -> [2008/03/31 10:52:00 | 000,000,168 | ---- | M] ()
icqplugin.src -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin.src -> [2008/03/31 10:52:00 | 000,000,618 | ---- | M] ()
icqplugin.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\icqplugin.xml -> [2010/01/07 16:53:06 | 000,000,955 | ---- | M] ()
siteadvisor.gif -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\siteadvisor.gif -> [2008/06/25 15:37:56 | 000,001,406 | ---- | M] ()
siteadvisor.src -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\siteadvisor.src -> [2008/06/25 15:37:56 | 000,000,276 | ---- | M] ()
siteadvisor.xml -> C:\Users\Zak\AppData\Roaming\Mozilla\Firefox\Profiles\pgvawrwe.default\searchplugins\siteadvisor.xml -> [2008/06/25 15:37:37 | 000,002,386 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/09/03 00:37:04 | 000,000,000 | ---D | M]
No name found   -> C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} -> [2009/12/23 01:20:05 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/09/03 00:37:04 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 22:41:30 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1       localhost
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/02/01 18:22:12 | 001,377,576 | ---- | M] (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [AVG Safe Search] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 21:33:52 | 000,198,136 | ---- | M] (Yahoo! Inc.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] -> C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2009/06/01 23:20:14 | 000,962,808 | ---- | M] (ICQ)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2787EA8E-8D87-48AF-88AD-B30246C917AB}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{620395C9-5C2B-4474-89B6-D2A63CEA2EF8}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{855F3B16-6D32-4FE6-8A56-BBB695989046}" [HKLM] -> C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2009/06/01 23:20:14 | 000,962,808 | ---- | M] (ICQ)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/09/29 13:02:52 | 002,054,360 | ---- | M] (ESET)
"Gainward" -> C:\Program Files\VDOTool\TBPanel.exe [C:\Program Files\VDOTool\TBPanel.exe /A] -> [2007/06/26 15:58:14 | 002,165,272 | ---- | M] (Palit Microsystems, Inc.)
"LifeCam" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"] -> [2010/03/12 19:41:16 | 000,119,152 | ---- | M] (Microsoft Corporation)
"MSConfig" -> C:\Windows\System32\msconfig.exe ["C:\Windows\system32\msconfig.exe" /auto] -> [2006/11/02 10:45:25 | 000,222,208 | ---- | M] (Microsoft Corporation)
"VX1000" -> C:\Windows\vVX1000.exe [C:\Windows\vVX1000.exe] -> [2010/03/12 19:41:16 | 000,762,736 | ---- | M] (Microsoft Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/06/26 16:11:36 | 001,006,264 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> [2008/01/17 17:51:02 | 000,486,856 | ---- | M] (DT Soft Ltd)
"Pando Media Booster" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe] -> [2010/10/01 17:30:32 | 002,969,496 | ---- | M] ()
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/09/28 15:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222] -> [2007/05/31 09:21:16 | 000,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223] -> [2007/05/31 09:21:16 | 000,176,520 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 21:33:52 | 000,198,136 | ---- | M] (Yahoo! Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/02/01 18:22:12 | 001,377,576 | ---- | M] (Skype Technologies S.A.)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}:{17A84966-F1E9-4645-AA9E-5E771EE1C859} [HKLM] -> C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Button: Add to VideoGet] -> [2008/08/25 20:51:30 | 000,450,048 | ---- | M] (Nuclear Coffee Software)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}:{17A84966-F1E9-4645-AA9E-5E771EE1C859} [HKLM] -> C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Menu: Add to &VideoGet] -> [2008/08/25 20:51:30 | 000,450,048 | ---- | M] (Nuclear Coffee Software)
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6.5\ICQ.exe [Button: ICQ6] -> [2009/03/01 11:59:42 | 000,172,792 | ---- | M] (ICQ, LLC.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6.5\ICQ.exe [Menu: ICQ6] -> [2009/03/01 11:59:42 | 000,172,792 | ---- | M] (ICQ, LLC.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{49312E18-AA92-4CC2-BB97-55DEA7BCADD6} [HKLM] -> http://support.dell.com/systemprofiler/SysProExe.CAB [WMI Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Java Plug-in 1.6.0_04] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{BDC1A65E-E939-4329-932F-191A67E4201D}\\NameServer -> 8.8.8.8,8.8.4.4   (Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.0)) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe ->  -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL "sysdm.cpl" ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe ->  -> File not found
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
credssp.dll ->  -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\Windows\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\Windows\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [REM Dummy file for NTVDM | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/09/18 22:43:36 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\G
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\shell
\G\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\shell\AutoRun\command
\G\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe] -> File not found
\{05dbce94-4046-11dd-82b3-001d60548566}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05dbce94-4046-11dd-82b3-001d60548566}\shell
\{05dbce94-4046-11dd-82b3-001d60548566}\shell\\"" ->  [AutoRun] -> File not found
\{1b5463d7-cdd7-11dd-b935-000060548566}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b5463d7-cdd7-11dd-b935-000060548566}\shell
\{1b5463d7-cdd7-11dd-b935-000060548566}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b5463d7-cdd7-11dd-b935-000060548566}\shell\AutoRun\command
\{1b5463d7-cdd7-11dd-b935-000060548566}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe] -> File not found
\{853d5c34-4611-11de-bbeb-001d60548566}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853d5c34-4611-11de-bbeb-001d60548566}\shell
\{853d5c34-4611-11de-bbeb-001d60548566}\shell\\"" ->  [AutoRun] -> File not found
\{9fd92eb7-5a5b-11dd-b970-001d60548566}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fd92eb7-5a5b-11dd-b970-001d60548566}\shell
\{9fd92eb7-5a5b-11dd-b970-001d60548566}\shell\\"" ->  [AutoRun] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Users\Zak\Desktop\OTS.exe -> [2010/10/01 20:36:46 | 000,641,536 | ---- | C] (OldTimer Tools)
SysProt -> C:\Users\Zak\Desktop\SysProt -> [2010/10/01 20:11:54 | 000,000,000 | ---D | C]
RootRepeal.exe -> C:\Users\Zak\Desktop\RootRepeal.exe -> [2010/10/01 20:03:35 | 000,472,064 | ---- | C] ( )
SUPERAntiSpyware.com -> C:\Users\Zak\AppData\Roaming\SUPERAntiSpyware.com -> [2010/10/01 18:43:48 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2010/10/01 18:43:48 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/10/01 18:43:27 | 000,000,000 | ---D | C]
SUPERAntiSpyware.exe -> C:\Users\Zak\Desktop\SUPERAntiSpyware.exe -> [2010/10/01 18:39:33 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com)
PMB Files -> C:\ProgramData\PMB Files -> [2010/10/01 17:30:36 | 000,000,000 | ---D | C]
LOTRO -> C:\Program Files\LOTRO -> [2010/10/01 17:29:50 | 000,000,000 | ---D | C]
32788R22FWJFW -> C:\32788R22FWJFW -> [2010/10/01 16:04:09 | 000,000,000 | R--D | C]
ComboFix -> C:\ComboFix -> [2010/10/01 15:37:21 | 000,000,000 | --SD | C]
LOTROEU_Mirkwood_Installer_ENGB -> C:\Program Files\LOTROEU_Mirkwood_Installer_ENGB -> [2010/09/30 23:36:21 | 000,000,000 | ---D | C]
PMB Files -> C:\Users\Zak\AppData\Local\PMB Files -> [2010/09/30 23:35:50 | 000,000,000 | ---D | C]
Pando Networks -> C:\Program Files\Pando Networks -> [2010/09/30 23:35:39 | 000,000,000 | ---D | C]
ComboFix.txt -> C:\ComboFix.txt -> [2010/09/30 19:39:09 | 000,000,000 | --SD | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2010/09/30 19:05:17 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/09/30 17:22:04 | 000,000,000 | ---D | C]
Plugins -> C:\Users\Zak\Desktop\Plugins -> [2010/09/18 18:44:34 | 000,000,000 | ---D | C]
Game Maker 8 Pro -> C:\Program Files\Game Maker 8 Pro -> [2010/09/11 17:15:40 | 000,000,000 | ---D | C]
Softwrap -> C:\Users\Public\Documents\Softwrap -> [2010/09/11 16:47:49 | 000,000,000 | ---D | C]
Fonts -> C:\Users\Public\Documents\Fonts -> [2010/09/11 16:47:49 | 000,000,000 | ---D | C]
Config -> C:\Users\Public\Documents\Config -> [2010/09/11 16:47:49 | 000,000,000 | ---D | C]
Game_Maker8 -> C:\Program Files\Game_Maker8 -> [2010/09/11 16:47:01 | 000,000,000 | ---D | C]
DfSdkBt.exe -> C:\Windows\System32\DfSdkBt.exe -> [2010/09/06 13:39:11 | 000,028,160 | ---- | C] (mst software GmbH, Germany)
Ashampoo -> C:\Program Files\Ashampoo -> [2010/09/06 13:38:59 | 000,000,000 | ---D | C]
WoodsideAve -> C:\Users\Zak\Documents\WoodsideAve -> [2010/09/05 23:45:45 | 000,000,000 | ---D | C]
intelliScore -> C:\Users\Zak\Documents\intelliScore -> [2010/09/05 21:16:00 | 000,000,000 | ---D | C]
intelliScore Ensemble WAV to MIDI Converter Demo -> C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo -> [2010/09/05 21:15:37 | 000,000,000 | ---D | C]
Music Recognition -> C:\Users\Zak\AppData\Roaming\Music Recognition -> [2010/09/05 20:58:19 | 000,000,000 | ---D | C]
TallStick -> C:\Program Files\TallStick -> [2010/09/05 20:35:26 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Zak\AppData\Roaming\Malwarebytes -> [2010/09/05 17:45:03 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/09/05 17:44:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/09/05 17:44:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/09/05 17:44:34 | 000,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/09/05 17:44:33 | 000,000,000 | ---D | C]
ESET -> C:\Users\Zak\AppData\Local\ESET -> [2010/09/03 16:00:56 | 000,000,000 | ---D | C]
ESET -> C:\ProgramData\ESET -> [2010/09/02 23:58:27 | 000,000,000 | ---D | C]
{F3A61F01-76BD-4F66-BC2A-7F78E7E22214} -> C:\Users\Zak\AppData\Local\{F3A61F01-76BD-4F66-BC2A-7F78E7E22214} -> [2010/09/02 23:11:34 | 000,000,000 | ---D | C]
Windows Server -> C:\Users\Zak\AppData\Local\Windows Server -> [2010/09/02 23:09:37 | 000,000,000 | ---D | C]
TablEdit -> C:\Program Files\TablEdit -> [2010/09/02 15:13:08 | 000,000,000 | ---D | C]
ACAMPREF -> C:\Users\Zak\AppData\Roaming\ACAMPREF -> [2010/09/02 15:09:25 | 000,000,000 | ---D | C]
Client -> C:\Users\Zak\Desktop\Client -> [2010/08/31 15:55:08 | 000,000,000 | ---D | C]
School Work -> C:\Users\Zak\Desktop\School Work -> [2010/08/31 15:11:32 | 000,000,000 | ---D | C]
bootdelete.exe -> C:\Windows\System32\bootdelete.exe -> [2010/08/31 13:49:36 | 000,012,872 | ---- | C] (SurfRight B.V.)
Hitman Pro -> C:\ProgramData\Hitman Pro -> [2010/08/31 13:33:25 | 000,000,000 | ---D | C]
Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2010/08/31 13:33:22 | 000,000,000 | ---D | C]
Download Manager -> C:\Users\Zak\AppData\Roaming\Download Manager -> [2010/08/15 19:52:42 | 000,000,000 | ---D | C]
World of Warcraft1 - Copy -> C:\Program Files\World of Warcraft1 - Copy -> [2010/08/07 13:16:59 | 000,000,000 | ---D | C]
WildWestMMo -> C:\Users\Zak\Documents\WildWestMMo -> [2010/08/06 14:21:17 | 000,000,000 | ---D | C]
LogMeIn -> C:\Users\Zak\AppData\Local\LogMeIn -> [2010/08/05 17:29:41 | 000,000,000 | ---D | C]
LogMeIn -> C:\ProgramData\LogMeIn -> [2010/08/05 17:29:41 | 000,000,000 | ---D | C]
Merge Modules -> C:\Program Files\Common Files\Merge Modules -> [2010/08/05 15:19:38 | 000,000,000 | ---D | C]
Trinity Core -> C:\Trinity Core -> [2010/08/05 13:29:32 | 000,000,000 | ---D | C]
Wow Stuff -> C:\Users\Zak\Desktop\Wow Stuff -> [2010/07/04 20:50:25 | 000,000,000 | ---D | C]
4 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->

[Files/Folders - Modified Within 90 Days]
User_Feed_Synchronization-{34FF92BF-6DF5-4771-98BE-119A43F2B347}.job -> C:\Windows\tasks\User_Feed_Synchronization-{34FF92BF-6DF5-4771-98BE-119A43F2B347}.job -> [2010/10/01 20:45:00 | 000,000,414 | -H-- | M] ()
ntuser.dat -> C:\Users\Zak\ntuser.dat -> [2010/10/01 20:40:42 | 007,340,032 | -HS- | M] ()
OTS.exe -> C:\Users\Zak\Desktop\OTS.exe -> [2010/10/01 20:37:21 | 000,641,536 | ---- | M] (OldTimer Tools)
settings.dat -> C:\Users\Zak\Desktop\settings.dat -> [2010/10/01 20:10:04 | 000,000,015 | ---- | M] ()
RootRepeal.exe -> C:\Users\Zak\Desktop\RootRepeal.exe -> [2010/10/01 20:04:06 | 000,472,064 | ---- | M] ( )
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/01 19:49:12 | 000,002,368 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/10/01 19:49:12 | 000,002,368 | -H-- | M] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/10/01 18:43:32 | 000,001,800 | ---- | M] ()
SUPERAntiSpyware.exe -> C:\Users\Zak\Desktop\SUPERAntiSpyware.exe -> [2010/10/01 18:40:36 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com)
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/10/01 18:14:06 | 000,034,709 | ---- | M] ()
Norton Security Scan.job -> C:\Windows\tasks\Norton Security Scan.job -> [2010/10/01 18:00:00 | 000,000,404 | ---- | M] ()
LOTRO_Mirkwood_ENGB_Downloader_2.exe -> C:\Users\Zak\Desktop\LOTRO_Mirkwood_ENGB_Downloader_2.exe -> [2010/10/01 17:29:42 | 001,909,104 | ---- | M] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/10/01 16:51:11 | 000,034,709 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/10/01 16:49:12 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/10/01 16:49:08 | 000,067,584 | --S- | M] ()
IconCache.db -> C:\Users\Zak\AppData\Local\IconCache.db -> [2010/10/01 16:35:27 | 002,893,236 | -H-- | M] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/09/26 01:19:29 | 000,000,012 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Zak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/09/12 20:48:50 | 000,238,592 | ---- | M] ()
Global.sw2 -> C:\Users\Public\Documents\Global.sw2 -> [2010/09/11 16:48:04 | 000,002,645 | ---- | M] ()
SwSys2.bmp -> C:\Windows\SwSys2.bmp -> [2010/09/11 16:47:50 | 000,000,000 | -H-- | M] ()
SwSys1.bmp -> C:\Windows\SwSys1.bmp -> [2010/09/11 16:47:50 | 000,000,000 | -H-- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/09/07 13:23:48 | 000,626,738 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/09/07 13:23:47 | 000,107,508 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/09/07 13:23:46 | 000,729,436 | ---- | M] ()
hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2010/09/03 00:06:20 | 000,015,944 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/09/02 23:37:30 | 000,305,648 | ---- | M] ()
Qxekivuluyetofiw.dat -> C:\Users\Zak\AppData\Local\Qxekivuluyetofiw.dat -> [2010/09/02 23:11:35 | 000,000,120 | ---- | M] ()
Yfetoyow.bin -> C:\Users\Zak\AppData\Local\Yfetoyow.bin -> [2010/09/02 23:11:35 | 000,000,000 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Zak\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/09/02 22:01:28 | 000,082,936 | ---- | M] ()
tabled32.ini -> C:\Windows\tabled32.ini -> [2010/09/02 15:13:12 | 000,000,022 | ---- | M] ()
games.lnk -> C:\Users\Zak\Desktop\games.lnk -> [2010/08/31 15:06:13 | 000,000,431 | ---- | M] ()
Game+General work.lnk -> C:\Users\Zak\Desktop\Game+General work.lnk -> [2010/08/31 15:06:03 | 000,000,443 | ---- | M] ()
Tools.lnk -> C:\Users\Zak\Desktop\Tools.lnk -> [2010/08/31 15:05:54 | 000,000,419 | ---- | M] ()
bootdelete.exe -> C:\Windows\System32\bootdelete.exe -> [2010/08/31 13:49:36 | 000,012,872 | ---- | M] (SurfRight B.V.)
clip0033.avi.sfk -> C:\Users\Zak\Documents\clip0033.avi.sfk -> [2010/08/08 21:58:16 | 000,378,720 | ---- | M] ()
clip0032.avi.sfk -> C:\Users\Zak\Documents\clip0032.avi.sfk -> [2010/08/08 21:58:16 | 000,110,400 | ---- | M] ()
Wow.exe - Shortcut.lnk -> C:\Users\Zak\Desktop\Wow.exe - Shortcut.lnk -> [2010/08/07 20:06:40 | 000,000,892 | ---- | M] ()
WoWEmuHacker5.exe - Shortcut.lnk -> C:\Users\Zak\Desktop\WoWEmuHacker5.exe - Shortcut.lnk -> [2010/08/07 20:06:28 | 000,000,948 | ---- | M] ()
map.jpg -> C:\Users\Zak\Documents\map.jpg -> [2010/08/06 15:41:37 | 000,085,111 | ---- | M] ()
clip0025.avi -> C:\Users\Zak\Documents\clip0025.avi -> [2010/07/06 15:56:17 | 000,105,958 | ---- | M] ()
4 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->
22 C:\Users\Zak\AppData\Local\Temp\*.tmp files -> C:\Users\Zak\AppData\Local\Temp\*.tmp ->
22 C:\Users\Zak\AppData\Local\Temp\*.tmp files -> C:\Users\Zak\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
settings.dat -> C:\Users\Zak\Desktop\settings.dat -> [2010/10/01 20:04:39 | 000,000,015 | ---- | C] ()
SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/10/01 18:43:32 | 000,001,800 | ---- | C] ()
LOTRO_Mirkwood_ENGB_Downloader_2.exe -> C:\Users\Zak\Desktop\LOTRO_Mirkwood_ENGB_Downloader_2.exe -> [2010/10/01 17:29:25 | 001,909,104 | ---- | C] ()
Global.sw2 -> C:\Users\Public\Documents\Global.sw2 -> [2010/09/11 16:47:50 | 000,002,645 | ---- | C] ()
SwSys2.bmp -> C:\Windows\SwSys2.bmp -> [2010/09/11 16:47:50 | 000,000,000 | -H-- | C] ()
SwSys1.bmp -> C:\Windows\SwSys1.bmp -> [2010/09/11 16:47:50 | 000,000,000 | -H-- | C] ()
imsfchk.dll -> C:\Windows\System32\imsfchk.dll -> [2010/09/05 21:15:40 | 000,090,112 | ---- | C] ()
Qxekivuluyetofiw.dat -> C:\Users\Zak\AppData\Local\Qxekivuluyetofiw.dat -> [2010/09/02 23:11:35 | 000,000,120 | ---- | C] ()
Yfetoyow.bin -> C:\Users\Zak\AppData\Local\Yfetoyow.bin -> [2010/09/02 23:11:35 | 000,000,000 | ---- | C] ()
tabled32.ini -> C:\Windows\tabled32.ini -> [2010/09/02 15:13:12 | 000,000,022 | ---- | C] ()
games.lnk -> C:\Users\Zak\Desktop\games.lnk -> [2010/08/31 15:06:13 | 000,000,431 | ---- | C] ()
Game+General work.lnk -> C:\Users\Zak\Desktop\Game+General work.lnk -> [2010/08/31 15:06:03 | 000,000,443 | ---- | C] ()
Tools.lnk -> C:\Users\Zak\Desktop\Tools.lnk -> [2010/08/31 15:05:54 | 000,000,419 | ---- | C] ()
hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2010/08/31 13:33:41 | 000,015,944 | ---- | C] ()
clip0033.avi.sfk -> C:\Users\Zak\Documents\clip0033.avi.sfk -> [2010/08/08 21:43:04 | 000,378,720 | ---- | C] ()
clip0032.avi.sfk -> C:\Users\Zak\Documents\clip0032.avi.sfk -> [2010/08/08 21:43:04 | 000,110,400 | ---- | C] ()
map.jpg -> C:\Users\Zak\Documents\map.jpg -> [2010/08/06 15:41:36 | 000,085,111 | ---- | C] ()
nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/07/17 18:41:00 | 000,034,709 | ---- | C] ()
nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/07/17 18:39:54 | 000,034,709 | ---- | C] ()
clip0025.avi -> C:\Users\Zak\Documents\clip0025.avi -> [2010/07/06 15:40:06 | 000,105,958 | ---- | C] ()
Wow.exe - Shortcut.lnk -> C:\Users\Zak\Desktop\Wow.exe - Shortcut.lnk -> [2010/07/05 14:03:14 | 000,000,892 | ---- | C] ()
imsised.dll -> C:\Windows\System32\imsised.dll -> [2010/06/15 20:59:20 | 000,110,592 | ---- | C] ()
UKCpInfo.sys -> C:\Windows\UKCpInfo.sys -> [2010/03/30 19:16:33 | 000,000,031 | -H-- | C] ()
nvRegDev.dll -> C:\Windows\System32\nvRegDev.dll -> [2009/12/31 00:51:27 | 000,151,552 | ---- | C] ()
libmysql_d.dll -> C:\Windows\System32\libmysql_d.dll -> [2009/07/30 23:26:39 | 001,589,248 | ---- | C] ()
WPE PRO - modified.INI -> C:\Windows\WPE PRO - modified.INI -> [2009/07/28 14:45:40 | 000,000,318 | ---- | C] ()
WPE PRO.INI -> C:\Windows\WPE PRO.INI -> [2009/07/28 01:59:23 | 000,000,261 | ---- | C] ()
$_hpcst$.hpc -> C:\Users\Zak\AppData\Roaming\$_hpcst$.hpc -> [2009/05/23 16:48:16 | 000,002,508 | ---- | C] ()
systemfl.$dk -> C:\Users\Zak\AppData\Roaming\systemfl.$dk -> [2009/05/11 19:13:46 | 000,000,990 | -HS- | C] ()
hash.dat -> C:\ProgramData\hash.dat -> [2009/03/05 14:11:48 | 000,000,032 | R--- | C] ()
ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2009/01/28 19:30:05 | 000,057,344 | ---- | C] ()
com.kennettnet.MusicRescue4.Profiles.plist -> C:\Users\Zak\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist -> [2008/12/11 13:27:24 | 000,000,259 | ---- | C] ()
com.kennettnet.MusicRescue4.plist -> C:\Users\Zak\AppData\Roaming\com.kennettnet.MusicRescue4.plist -> [2008/12/11 12:53:20 | 000,000,207 | ---- | C] ()
qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/09/19 22:57:34 | 003,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\Windows\System32\dtu100.dll.manifest -> [2008/09/19 22:55:10 | 000,000,416 | ---- | C] ()
dpl100.dll.manifest -> C:\Windows\System32\dpl100.dll.manifest -> [2008/09/19 22:55:10 | 000,000,416 | ---- | C] ()
DivXWMPExtType.dll -> C:\Windows\System32\DivXWMPExtType.dll -> [2008/09/19 22:54:18 | 000,012,288 | ---- | C] ()
wininit.ini -> C:\Windows\wininit.ini -> [2008/09/05 21:11:16 | 000,000,353 | ---- | C] ()
fusioncache.dat -> C:\Users\Zak\AppData\Local\fusioncache.dat -> [2008/08/08 17:54:00 | 000,000,091 | ---- | C] ()
zlib.dll -> C:\Windows\System32\zlib.dll -> [2008/07/01 22:20:20 | 000,053,248 | ---- | C] ()
COMSocketServer.dll -> C:\Windows\System32\COMSocketServer.dll -> [2008/07/01 22:20:16 | 000,221,184 | ---- | C] ()
BM2f63c08b.xml -> C:\ProgramData\BM2f63c08b.xml -> [2008/06/25 14:45:17 | 000,110,321 | ---- | C] ()
BM2f63c08b.txt -> C:\ProgramData\BM2f63c08b.txt -> [2008/06/25 14:45:17 | 000,103,715 | ---- | C] ()
pskt.ini -> C:\ProgramData\pskt.ini -> [2008/06/25 14:45:17 | 000,000,022 | ---- | C] ()
dice.ini -> C:\Windows\dice.ini -> [2008/06/16 19:25:49 | 000,000,035 | ---- | C] ()
atksgt.sys -> C:\Windows\System32\drivers\atksgt.sys -> [2008/06/14 23:16:33 | 000,278,728 | ---- | C] ()
lirsgt.sys -> C:\Windows\System32\drivers\lirsgt.sys -> [2008/06/14 23:16:33 | 000,025,416 | ---- | C] ()
Irremote.ini -> C:\Windows\Irremote.ini -> [2008/06/07 11:44:37 | 000,000,000 | ---- | C] ()
NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2008/05/05 21:33:07 | 000,000,069 | ---- | C] ()
icecast2.ini -> C:\Windows\icecast2.ini -> [2008/05/04 13:51:52 | 000,000,171 | ---- | C] ()
suppdll.dll -> C:\Windows\System32\suppdll.dll -> [2008/05/01 16:03:26 | 000,110,592 | ---- | C] ()
windrvNT.sys -> C:\Windows\System32\windrvNT.sys -> [2008/05/01 16:03:26 | 000,035,363 | ---- | C] ()
29BD5DC0B9.sys -> C:\ProgramData\29BD5DC0B9.sys -> [2008/04/19 22:32:02 | 000,000,088 | RHS- | C] ()
KGyGaAvL.sys -> C:\ProgramData\KGyGaAvL.sys -> [2008/04/19 22:32:01 | 000,001,682 | -HS- | C] ()
ezsid.dat -> C:\ProgramData\ezsid.dat -> [2008/03/25 22:12:06 | 000,000,032 | ---- | C] ()
d3dx9.dll -> C:\Windows\System32\d3dx9.dll -> [2008/03/12 20:28:24 | 001,970,176 | ---- | C] ()
lvcoinst.ini -> C:\Windows\System32\lvcoinst.ini -> [2008/02/18 16:45:35 | 000,017,191 | ---- | C] ()
sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2008/01/26 23:15:42 | 000,716,272 | ---- | C] ()
DFC.INI -> C:\Windows\DFC.INI -> [2008/01/11 22:38:47 | 000,000,558 | ---- | C] ()
PnkBstrK.sys -> C:\Windows\System32\drivers\PnkBstrK.sys -> [2007/12/30 13:46:52 | 000,138,832 | ---- | C] ()
PnkBstrK.sys -> C:\Users\Zak\AppData\Roaming\PnkBstrK.sys -> [2007/12/30 13:46:51 | 000,022,328 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Zak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/12/26 18:18:08 | 000,238,592 | ---- | C] ()
IconCache.db -> C:\Users\Zak\AppData\Local\IconCache.db -> [2007/12/26 14:12:36 | 002,893,236 | -H-- | C] ()
d3d8caps.dat -> C:\Users\Zak\AppData\Local\d3d8caps.dat -> [2007/12/26 13:35:01 | 000,000,552 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Zak\AppData\Local\GDIPFONTCACHEV1.DAT -> [2007/12/26 12:43:32 | 000,082,936 | ---- | C] ()
d3d9caps.dat -> C:\Users\Zak\AppData\Local\d3d9caps.dat -> [2007/12/26 12:40:25 | 000,000,680 | ---- | C] ()
VX1000.ini -> C:\Windows\VX1000.ini -> [2007/04/10 22:46:52 | 000,015,498 | ---- | C] ()
MD5.dll -> C:\Windows\System32\MD5.dll -> [2007/02/05 01:38:16 | 000,032,768 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 13:49:43 | 000,000,174 | -HS- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 13:35:51 | 000,030,808 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 13:35:51 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 13:35:51 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 13:35:51 | 000,026,040 | ---- | C] ()
manage-bde.ini.en -> C:\Windows\System32\manage-bde.ini.en -> [2006/11/02 13:34:23 | 000,080,010 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 13:34:20 | 000,005,632 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 08:40:29 | 000,013,750 | ---- | C] ()
RGSS102J.dll -> C:\Windows\System32\RGSS102J.dll -> [2005/08/30 00:00:00 | 000,781,312 | ---- | C] ()
RGSS102E.dll -> C:\Windows\System32\RGSS102E.dll -> [2005/08/30 00:00:00 | 000,778,752 | ---- | C] ()
RGSS100J.dll -> C:\Windows\System32\RGSS100J.dll -> [2005/08/30 00:00:00 | 000,771,584 | ---- | C] ()
zlib1.dll -> C:\Windows\System32\zlib1.dll -> [2005/05/08 17:56:00 | 000,055,808 | ---- | C] ()
ASACPI.sys -> C:\Windows\System32\drivers\ASACPI.sys -> [2004/08/13 10:56:20 | 000,005,810 | ---- | C] ()
smp32.dll -> C:\Windows\smp32.dll -> [2004/03/17 18:15:00 | 000,000,117 | ---- | C] ()
indounin.dll -> C:\Windows\System32\indounin.dll -> [1999/01/27 14:39:06 | 000,065,024 | ---- | C] ()
iyvu9_32.dll -> C:\Windows\System32\iyvu9_32.dll -> [1997/06/14 03:56:08 | 000,056,832 | ---- | C] ()

[File - Lop Check]
.# -> C:\Users\Zak\AppData\Roaming\.# -> [2009/05/11 19:13:49 | 000,000,000 | -HSD | M]
ACAMPREF -> C:\Users\Zak\AppData\Roaming\ACAMPREF -> [2010/09/02 23:35:33 | 000,000,000 | ---D | M]
AidMaker -> C:\Users\Zak\AppData\Roaming\AidMaker -> [2008/12/09 18:25:52 | 000,000,000 | ---D | M]
AVG7 -> C:\Users\Zak\AppData\Roaming\AVG7 -> [2010/05/04 22:59:21 | 000,000,000 | ---D | M]
Azureus -> C:\Users\Zak\AppData\Roaming\Azureus -> [2010/09/02 23:55:30 | 000,000,000 | ---D | M]
DAEMON Tools -> C:\Users\Zak\AppData\Roaming\DAEMON Tools -> [2010/10/01 16:42:03 | 000,000,000 | ---D | M]
Darkfall -> C:\Users\Zak\AppData\Roaming\Darkfall -> [2009/04/14 16:58:32 | 000,000,000 | ---D | M]
FileZilla -> C:\Users\Zak\AppData\Roaming\FileZilla -> [2009/11/05 23:35:18 | 000,000,000 | ---D | M]
Filter Forge -> C:\Users\Zak\AppData\Roaming\Filter Forge -> [2008/09/21 11:45:28 | 000,000,000 | ---D | M]
Filter Forge Freepack 1 - Metals -> C:\Users\Zak\AppData\Roaming\Filter Forge Freepack 1 - Metals -> [2010/02/21 16:07:18 | 000,000,000 | ---D | M]
Filter Forge Freepack 2 - Photo Effects -> C:\Users\Zak\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects -> [2010/02/21 16:09:29 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Users\Zak\AppData\Roaming\GetRightToGo -> [2008/11/30 16:56:09 | 000,000,000 | ---D | M]
Grig Software -> C:\Users\Zak\AppData\Roaming\Grig Software -> [2009/05/05 16:44:36 | 000,000,000 | ---D | M]
HiYo -> C:\Users\Zak\AppData\Roaming\HiYo -> [2008/12/07 23:35:27 | 000,000,000 | ---D | M]
ICQ -> C:\Users\Zak\AppData\Roaming\ICQ -> [2009/12/23 01:23:20 | 000,000,000 | ---D | M]
ICQ Toolbar -> C:\Users\Zak\AppData\Roaming\ICQ Toolbar -> [2008/01/14 17:56:45 | 000,000,000 | ---D | M]
LG Electronics -> C:\Users\Zak\AppData\Roaming\LG Electronics -> [2008/10/10 23:35:17 | 000,000,000 | ---D | M]
LimeWire -> C:\Users\Zak\AppData\Roaming\LimeWire -> [2010/09/07 00:50:20 | 000,000,000 | ---D | M]
Mount&Blade -> C:\Users\Zak\AppData\Roaming\Mount&Blade -> [2008/07/10 19:32:18 | 000,000,000 | ---D | M]
Music Recognition -> C:\Users\Zak\AppData\Roaming\Music Recognition -> [2010/09/05 20:58:19 | 000,000,000 | ---D | M]
Notepad++ -> C:\Users\Zak\AppData\Roaming\Notepad++ -> [2008/11/09 17:33:23 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Users\Zak\AppData\Roaming\PACE Anti-Piracy -> [2010/06/27 12:20:30 | 000,000,000 | ---D | M]
Pandora's Box 2 -> C:\Users\Zak\AppData\Roaming\Pandora's Box 2 -> [2010/01/08 20:57:28 | 000,000,000 | ---D | M]
Pandora's Box 3 -> C:\Users\Zak\AppData\Roaming\Pandora's Box 3 -> [2010/01/08 21:00:08 | 000,000,000 | ---D | M]
Poser Pro -> C:\Users\Zak\AppData\Roaming\Poser Pro -> [2008/06/16 22:15:35 | 000,000,000 | ---D | M]
Publish Providers -> C:\Users\Zak\AppData\Roaming\Publish Providers -> [2010/08/08 21:58:01 | 000,000,000 | ---D | M]
Sony -> C:\Users\Zak\AppData\Roaming\Sony -> [2008/07/09 16:59:11 | 000,000,000 | ---D | M]
SQLyog -> C:\Users\Zak\AppData\Roaming\SQLyog -> [2009/07/15 17:55:11 | 000,000,000 | ---D | M]
Subversion -> C:\Users\Zak\AppData\Roaming\Subversion -> [2009/05/05 17:10:07 | 000,000,000 | ---D | M]
TeamViewer -> C:\Users\Zak\AppData\Roaming\TeamViewer -> [2010/06/03 16:19:27 | 000,000,000 | ---D | M]
The Path -> C:\Users\Zak\AppData\Roaming\The Path -> [2009/09/05 15:34:31 | 000,000,000 | ---D | M]
Thinstall -> C:\Users\Zak\AppData\Roaming\Thinstall -> [2008/07/02 18:39:37 | 000,000,000 | ---D | M]
Three Rings Design -> C:\Users\Zak\AppData\Roaming\Three Rings Design -> [2010/03/20 16:46:28 | 000,000,000 | ---D | M]
Thunderbird -> C:\Users\Zak\AppData\Roaming\Thunderbird -> [2009/12/10 20:15:57 | 000,000,000 | ---D | M]
TS3Client -> C:\Users\Zak\AppData\Roaming\TS3Client -> [2010/06/03 15:18:06 | 000,000,000 | ---D | M]
Unity -> C:\Users\Zak\AppData\Roaming\Unity -> [2009/08/13 16:47:55 | 000,000,000 | ---D | M]
Wings3D -> C:\Users\Zak\AppData\Roaming\Wings3D -> [2010/02/15 00:45:01 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2006/11/02 14:08:16 | 000,000,484 | ---- | M] ()
User_Feed_Synchronization-{34FF92BF-6DF5-4771-98BE-119A43F2B347}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{34FF92BF-6DF5-4771-98BE-119A43F2B347}.job -> [2010/10/01 20:45:00 | 000,000,414 | -H-- | M] ()

[File - Purity Scan]


[HardLinks - Junction Points - Mount Points - Symbolic Links]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink

[Alternate Data Streams]
@Alternate Data Stream - 1077 bytes -> C:\ProgramData\Microsoft:ebxNMcY1zVTimwfOHjmWUeW8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AC707B50
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:RykCJS87hDnQKS8HBKYIyTR
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 64 bytes -> C:\Users\Zak\Documents\clip0025.avi:TOC.WMV
< End of report >


#3 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 02 October 2010 - 07:28 PM

anyone know whats up with combofix?

#4 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 03 October 2010 - 04:40 AM

what other programs should i post logs with?

#5 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 06 October 2010 - 11:24 AM

Bump

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:26 PM

Posted 08 October 2010 - 03:31 PM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#7 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 09 October 2010 - 06:16 AM

thank you for the response. I understand fully that you are very busy , to be honest , you have replied fast considering. I Scan with the first program, i tried gmer previously and it causes my machine to lose everything except the mouse icon. Previous programs should all be in the file attached to the original post.

DDS Log:
CODE
DDS (Ver_10-10-05.01) - NTFSx86  
Run by Zak at 12:11:07.50 on Sat 10/09/2010
Internet Explorer: 7.0.6000.16681 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.1.1033.18.2046.1016 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)   {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: AVG 7.5.524 *On-access scanning disabled* (Outdated)   {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.7.1098 [VPS 080207-0] *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vVX1000.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Zak\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
TB: {620395C9-5C2B-4474-89B6-D2A63CEA2EF8} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Gainward] c:\program files\vdotool\TBPanel.exe /A
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {BDC1A65E-E939-4329-932F-191A67E4201D} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\zak\appdata\roaming\mozilla\firefox\profiles\pgvawrwe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\users\zak\appdata\roaming\mozilla\firefox\profiles\pgvawrwe.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
FF - component: c:\users\zak\appdata\roaming\mozilla\firefox\profiles\pgvawrwe.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
FF - component: c:\users\zak\appdata\roaming\mozilla\firefox\profiles\pgvawrwe.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\zak\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\zak\appdata\roaming\mozilla\firefox\profiles\pgvawrwe.default\extensions\{0ffcc8d1-8198-4b2f-9a96-2b4d4a65ecc9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\zak\appdata\roaming\mozilla\firefox\profiles\pgvawrwe.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-6-25 12424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-25 96520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-29 96408]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-26 24652]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-25 26184]
S3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\system32\drivers\avgwfpx.sys [2008-6-25 68104]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2010-9-6 406016]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-16 185640]
S4 VisualSVNServer;VisualSVN Server;c:\program files\visualsvn server\httpd-wrapper.bat [2008-10-10 172]

=============== Created Last 30 ================

2010-10-09 10:39:21    --------    d-----w-    c:\users\zak\appdata\roaming\Guitar Pro 6
2010-10-09 10:39:21    --------    d-----w-    c:\progra~2\Guitar Pro 6
2010-10-04 21:19:16    --------    d-----w-    c:\program files\PLAYLOGIC
2010-10-04 20:29:35    65536    --sha-w-    c:\users\zak\ntuser.dat{e25afa2c-cff2-11df-804a-001d60548566}.TM.blf
2010-10-04 20:29:35    524288    --sha-w-    c:\users\zak\ntuser.dat{e25afa2c-cff2-11df-804a-001d60548566}.TMContainer00000000000000000002.regtrans-ms
2010-10-04 20:29:35    524288    --sha-w-    c:\users\zak\ntuser.dat{e25afa2c-cff2-11df-804a-001d60548566}.TMContainer00000000000000000001.regtrans-ms
2010-10-03 09:41:04    --------    d-----w-    c:\users\zak\appdata\local\Apple Computer
2010-10-02 11:20:40    --------    d-----w-    c:\users\zak\appdata\local\Apple
2010-10-01 22:30:08    --------    d-----w-    c:\users\zak\appdata\local\The Lord of the Rings Online
2010-10-01 21:48:32    --------    d-----w-    c:\users\zak\appdata\roaming\Turbine
2010-10-01 21:48:19    --------    d-----w-    c:\users\zak\appdata\local\Turbine
2010-10-01 20:55:49    --------    d-----w-    c:\program files\Codemasters
2010-10-01 17:43:48    --------    d-----w-    c:\users\zak\appdata\roaming\SUPERAntiSpyware.com
2010-10-01 17:43:48    --------    d-----w-    c:\progra~2\SUPERAntiSpyware.com
2010-10-01 17:43:27    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-10-01 16:30:36    --------    d-----w-    c:\progra~2\PMB Files
2010-10-01 16:29:50    --------    d-----w-    c:\program files\LOTRO
2010-09-30 22:35:50    --------    d-----w-    c:\users\zak\appdata\local\PMB Files
2010-09-30 22:35:39    --------    d-----w-    c:\program files\Pando Networks
2010-09-30 18:05:17    --------    d-----w-    c:\program files\Trend Micro
2010-09-11 16:15:40    --------    d-----w-    c:\program files\Game Maker 8 Pro
2010-09-11 15:47:01    --------    d-----w-    c:\program files\Game_Maker8

==================== Find3M  ====================

2010-10-02 11:22:05    258232    ----a-w-    c:\windows\system32\drivers\acpi.sys
2010-10-02 11:19:18    258232    ----a-w-    c:\windows\system32\drivers\acpi.sys.copy
2010-09-02 23:06:20    15944    ----a-w-    c:\windows\system32\drivers\hitmanpro35.sys
2010-08-31 12:49:36    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2010-08-05 14:29:57    73216    ----a-w-    c:\windows\system32\msiexec.exe
2010-08-05 14:29:57    332800    ----a-w-    c:\windows\system32\msihnd.dll
2010-08-05 14:29:57    2560    ----a-w-    c:\windows\system32\msimsg.dll
2010-08-05 14:29:57    2252288    ----a-w-    c:\windows\system32\msi.dll
2010-07-17 04:00:04    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2007-12-28 13:59:30    342528    ----a-w-    c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-12-28 13:58:30    289280    ----a-w-    c:\windows\inf\wg111v3\WG111v3.sys
2007-12-28 13:58:30    289280    ----a-w-    c:\windows\inf\wg111v3\vista\wg111v3.sys
2007-11-27 16:53:58    63488    ----a-w-    c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 16:52:44    32768    ----a-w-    c:\windows\inf\wg111v3\SetDrv.exe
2007-04-23 12:15:48    31016    ----a-w-    c:\windows\inf\wg111v3\vista64\RtlProt.sys
2007-04-23 09:50:50    25896    ----a-w-    c:\windows\inf\wg111v3\vista\RtlProt.sys
2007-04-19 20:22:44    75264    ----a-w-    c:\windows\inf\wg111v3\vista64\rtkbind.exe
2007-04-19 20:22:28    74752    ----a-w-    c:\windows\inf\wg111v3\vista\rtkbind.exe
2006-12-15 10:30:36    98304    ----a-w-    c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 10:30:36    315392    ----a-w-    c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 10:30:36    212992    ----a-w-    c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 10:30:36    20480    ----a-w-    c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 10:30:36    19968    ----a-w-    c:\windows\inf\wg111v3\RTWREFU.EXE

============= FINISH: 12:12:20.02 ===============


#8 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 10 October 2010 - 11:52 AM

ok , i have tried many times now but i cant get GMER to work. i run it with everything disabled or closed and it starts scanning then encounter's an error, giving me two options , close or search online. i then cant do anything as my computer freezes up. well everything except the mouse which lags. i think it is taking up 100% of my cpu for some reason.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 AM

Posted 12 October 2010 - 11:41 AM


welcome.gif to the Bleeping Computer Malware Removal Forum
, My name is Elise. I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 13 October 2010 - 12:39 PM

Thank you for your reply but as stated above , combofix does NOT work for me. or atleast i am having several issues with it. sad.gif

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 AM

Posted 13 October 2010 - 01:07 PM

Try the following instead.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 14 October 2010 - 10:04 AM

hi thanks for the quick reply. I realise how much of a mistake i have made not mentioning that the nod32 olmarik removaltool did state there was a rootkit on my atapi.sys. the reason i didnt think is because i had scanned it multiple times with different software and none of them picked anything up.

i had also gone against one of your instructions , as you will see and i am wandering if you would like me to do. the reason i did is because it is a locked file and im not sure if it would affect the computer by 'curing' it and wanted to get an OK from you first.

oh and no warning of the olmarik :D

thanks !


Log:
CODE
2010/10/14 15:54:33.0693    TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/14 15:54:33.0693    ================================================================================
2010/10/14 15:54:33.0693    SystemInfo:
2010/10/14 15:54:33.0693    
2010/10/14 15:54:33.0694    OS Version: 6.0.6000 ServicePack: 0.0
2010/10/14 15:54:33.0694    Product type: Workstation
2010/10/14 15:54:33.0694    ComputerName: COOPER
2010/10/14 15:54:33.0694    UserName: Zak
2010/10/14 15:54:33.0694    Windows directory: C:\Windows
2010/10/14 15:54:33.0694    System windows directory: C:\Windows
2010/10/14 15:54:33.0694    Processor architecture: Intel x86
2010/10/14 15:54:33.0694    Number of processors: 2
2010/10/14 15:54:33.0694    Page size: 0x1000
2010/10/14 15:54:33.0694    Boot type: Normal boot
2010/10/14 15:54:33.0694    ================================================================================
2010/10/14 15:54:45.0191    Initialize success
2010/10/14 15:54:50.0030    ================================================================================
2010/10/14 15:54:50.0030    Scan started
2010/10/14 15:54:50.0030    Mode: Manual;
2010/10/14 15:54:50.0030    ================================================================================
2010/10/14 15:54:53.0162    ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/10/14 15:54:53.0520    adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/14 15:54:53.0629    adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/14 15:54:53.0676    adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/14 15:54:53.0725    adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/14 15:54:53.0826    AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/10/14 15:54:53.0912    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/14 15:54:53.0970    aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2010/10/14 15:54:54.0035    amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/14 15:54:54.0227    amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2010/10/14 15:54:54.0272    AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/14 15:54:54.0293    AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/14 15:54:54.0502    arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/14 15:54:54.0577    arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/14 15:54:54.0655    AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/14 15:54:54.0716    atapi           (42269eea95bc38653dd51bd8f8a0538f) C:\Windows\system32\drivers\atapi.sys
2010/10/14 15:54:54.0717    Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: 42269eea95bc38653dd51bd8f8a0538f, Fake md5: b35cfcef838382ab6490b321c87edf17
2010/10/14 15:54:54.0724    atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/14 15:54:54.0816    atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
2010/10/14 15:54:55.0009    AvgLdx86        (2903d25016f12415834d4ec88901d258) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/14 15:54:55.0384    AvgMfx86        (1068d68bb3180e16b32985e329e474cd) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/14 15:54:55.0483    AvgRkx86        (3b4496a1cd57a63adaaebf5a04274392) C:\Windows\system32\Drivers\avgrkx86.sys
2010/10/14 15:54:55.0549    AvgWfpX         (208f73e441d8c9da84ec23a0b11e361f) C:\Windows\System32\Drivers\avgwfpx.sys
2010/10/14 15:54:55.0619    Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/10/14 15:54:55.0698    bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/14 15:54:55.0744    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/14 15:54:55.0793    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/14 15:54:55.0876    Bridge          (2ac8f5b88771c31c4211a11be6bffe14) C:\Windows\system32\DRIVERS\bridge.sys
2010/10/14 15:54:55.0911    BridgeMP        (2ac8f5b88771c31c4211a11be6bffe14) C:\Windows\system32\DRIVERS\bridge.sys
2010/10/14 15:54:56.0023    Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/14 15:54:56.0209    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/14 15:54:56.0256    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/14 15:54:56.0295    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/14 15:54:56.0376    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/14 15:54:56.0458    Cardex          (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPANEL.SYS
2010/10/14 15:54:56.0504    cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/14 15:54:56.0556    cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/14 15:54:56.0607    circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/14 15:54:56.0676    CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/10/14 15:54:56.0739    cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2010/10/14 15:54:56.0791    Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/10/14 15:54:56.0884    crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/14 15:54:56.0927    Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/14 15:54:57.0024    CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2010/10/14 15:54:57.0207    DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/10/14 15:54:57.0307    disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/10/14 15:54:57.0390    drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/10/14 15:54:57.0473    DXGKrnl         (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/14 15:54:57.0551    E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/14 15:54:57.0614    eamon           (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
2010/10/14 15:54:57.0681    Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/10/14 15:54:57.0747    ehdrv           (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/10/14 15:54:57.0840    elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/14 15:54:57.0892    epfwtdir        (367a97a632ec5e8521f68ffa2c700610) C:\Windows\system32\DRIVERS\epfwtdir.sys
2010/10/14 15:54:57.0953    fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/10/14 15:54:58.0020    fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/14 15:54:58.0118    FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/10/14 15:54:58.0211    Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/10/14 15:54:58.0259    flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/14 15:54:58.0301    FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/10/14 15:54:58.0368    Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/14 15:54:58.0402    fvevol          (06a1cf72fbe3b50035fbff428c8d84b4) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/14 15:54:58.0458    gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/14 15:54:58.0544    GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/10/14 15:54:58.0618    hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2010/10/14 15:54:58.0678    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/14 15:54:58.0739    HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/14 15:54:58.0781    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/14 15:54:58.0822    HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/14 15:54:58.0881    HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/14 15:54:58.0925    HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/14 15:54:58.0968    HTTP            (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2010/10/14 15:54:59.0027    i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/14 15:54:59.0105    i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/14 15:54:59.0274    iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/14 15:54:59.0360    iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/14 15:54:59.0471    intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2010/10/14 15:54:59.0534    intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/14 15:54:59.0627    IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/14 15:54:59.0699    IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/14 15:54:59.0737    IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/14 15:54:59.0812    IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/10/14 15:54:59.0855    isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/14 15:54:59.0986    iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/14 15:55:00.0059    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/14 15:55:00.0330    iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/14 15:55:00.0455    ivusb           (b14577cd7495f55996b17ab2938252cb) C:\Windows\system32\DRIVERS\ivusb.sys
2010/10/14 15:55:00.0752    kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/14 15:55:00.0828    kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/10/14 15:55:00.0903    KSecDD          (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/14 15:55:01.0030    lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/10/14 15:55:01.0070    lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/14 15:55:01.0148    LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/14 15:55:01.0188    LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/14 15:55:01.0375    LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/14 15:55:01.0421    luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/10/14 15:55:01.0508    megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/14 15:55:01.0553    Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/10/14 15:55:01.0625    monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/14 15:55:01.0693    mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/14 15:55:01.0749    mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/14 15:55:01.0783    MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/10/14 15:55:01.0827    mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/14 15:55:01.0900    mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/14 15:55:01.0937    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/14 15:55:01.0963    MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/10/14 15:55:02.0028    mrxsmb          (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/14 15:55:02.0124    mrxsmb10        (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/14 15:55:02.0154    mrxsmb20        (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/14 15:55:02.0251    msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2010/10/14 15:55:02.0456    msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/14 15:55:02.0537    Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/10/14 15:55:02.0585    msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2010/10/14 15:55:02.0665    MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/14 15:55:02.0692    MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/14 15:55:02.0727    MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/10/14 15:55:02.0776    MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/10/14 15:55:02.0839    mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/14 15:55:02.0890    MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/10/14 15:55:02.0986    MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/10/14 15:55:03.0011    Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/10/14 15:55:03.0089    NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/14 15:55:03.0190    NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/10/14 15:55:03.0270    NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/14 15:55:03.0454    Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/14 15:55:03.0543    NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/14 15:55:03.0607    NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/10/14 15:55:03.0725    NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/14 15:55:03.0810    netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/14 15:55:03.0933    nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/14 15:55:03.0982    Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/10/14 15:55:04.0076    nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/14 15:55:04.0171    Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/10/14 15:55:04.0217    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/14 15:55:04.0298    Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/10/14 15:55:04.0719    nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/14 15:55:04.0912    nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/14 15:55:04.0978    nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/14 15:55:05.0164    nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/14 15:55:05.0462    ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/14 15:55:05.0550    Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2010/10/14 15:55:05.0614    partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/10/14 15:55:05.0641    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/14 15:55:05.0674    pci             (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2010/10/14 15:55:05.0739    pciide          (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
2010/10/14 15:55:05.0778    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/14 15:55:06.0130    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/14 15:55:06.0292    PID_08A0        (642bfb100d0a7693355fe01b256e349a) C:\Windows\system32\DRIVERS\LV302AV.SYS
2010/10/14 15:55:06.0473    PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/14 15:55:06.0516    Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/14 15:55:06.0631    PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/14 15:55:06.0831    ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/14 15:55:06.0894    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/14 15:55:06.0995    QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/14 15:55:07.0063    RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/14 15:55:07.0103    Rasl2tp         (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/14 15:55:07.0192    RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/14 15:55:07.0265    rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/14 15:55:07.0303    RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/14 15:55:07.0373    rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/10/14 15:55:07.0500    RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/14 15:55:07.0553    RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/10/14 15:55:07.0636    rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/14 15:55:07.0704    RTL8169         (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/10/14 15:55:07.0766    RtlProt         (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2010/10/14 15:55:07.0922    SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/14 15:55:07.0980    SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/14 15:55:08.0036    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/14 15:55:08.0135    SCDEmu          (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2010/10/14 15:55:08.0242    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/14 15:55:08.0334    Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/14 15:55:08.0552    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2010/10/14 15:55:08.0627    sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/10/14 15:55:08.0718    sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/14 15:55:08.0753    sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/14 15:55:08.0783    sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/14 15:55:08.0822    sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/14 15:55:08.0961    SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/14 15:55:09.0024    SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/14 15:55:09.0081    Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/10/14 15:55:09.0138    spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/10/14 15:55:09.0213    sptd            (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
2010/10/14 15:55:09.0213    Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2010/10/14 15:55:09.0222    sptd - detected Locked file (1)
2010/10/14 15:55:09.0287    srv             (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2010/10/14 15:55:09.0361    srv2            (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/14 15:55:09.0467    srvnet          (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/14 15:55:09.0553    swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/14 15:55:09.0609    Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/14 15:55:09.0662    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/14 15:55:09.0732    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/14 15:55:09.0834    TBPanel         (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
2010/10/14 15:55:09.0925    Tcpip           (52a8bd6294f7d1443c6184c67ae13af4) C:\Windows\system32\drivers\tcpip.sys
2010/10/14 15:55:10.0005    Tcpip6          (52a8bd6294f7d1443c6184c67ae13af4) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/14 15:55:10.0077    tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/14 15:55:10.0134    TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/10/14 15:55:10.0164    TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/14 15:55:10.0200    tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/14 15:55:10.0277    TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/14 15:55:10.0543    tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/14 15:55:10.0621    tunmp           (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/14 15:55:10.0661    tunnel          (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/14 15:55:10.0734    uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/14 15:55:10.0800    udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/14 15:55:10.0887    uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/14 15:55:10.0953    uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/14 15:55:10.0999    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/14 15:55:11.0048    ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/14 15:55:11.0138    umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/14 15:55:11.0664    UMPass          (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/14 15:55:11.0772    USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/14 15:55:11.0826    usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2010/10/14 15:55:11.0889    usbbus          (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/10/14 15:55:11.0986    usbccgp         (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/14 15:55:12.0069    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/14 15:55:12.0146    UsbDiag         (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2010/10/14 15:55:12.0200    usbehci         (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/14 15:55:12.0345    usbhub          (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/14 15:55:12.0561    USBModem        (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2010/10/14 15:55:12.0597    usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/14 15:55:12.0684    usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/14 15:55:12.0746    USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/14 15:55:12.0796    usbuhci         (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/14 15:55:12.0862    vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/14 15:55:12.0890    VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/10/14 15:55:12.0959    viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/14 15:55:13.0019    ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/14 15:55:13.0131    viaide          (48c9b50cddd51a205f7aa1639b3d4822) C:\Windows\system32\drivers\viaide.sys
2010/10/14 15:55:13.0214    volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2010/10/14 15:55:13.0277    volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/10/14 15:55:13.0515    volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/10/14 15:55:13.0643    vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/14 15:55:13.0770    VX1000          (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
2010/10/14 15:55:13.0869    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/14 15:55:13.0958    Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/14 15:55:13.0998    Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/14 15:55:14.0083    Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/14 15:55:14.0147    Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/14 15:55:14.0525    winusb          (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\winusb.sys
2010/10/14 15:55:14.0603    WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/10/14 15:55:14.0751    WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/14 15:55:14.0822    ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/14 15:55:14.0956    WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/14 15:55:15.0072    xnacc           (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys
2010/10/14 15:55:15.0141    xusb21          (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
2010/10/14 15:55:15.0227    ================================================================================
2010/10/14 15:55:15.0227    Scan finished
2010/10/14 15:55:15.0227    ================================================================================
2010/10/14 15:55:15.0250    Detected object count: 2
2010/10/14 15:55:32.0023    atapi           (42269eea95bc38653dd51bd8f8a0538f) C:\Windows\system32\drivers\atapi.sys
2010/10/14 15:55:32.0023    Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: 42269eea95bc38653dd51bd8f8a0538f, Fake md5: b35cfcef838382ab6490b321c87edf17
2010/10/14 15:55:32.0234    Backup copy found, using it..
2010/10/14 15:55:32.0281    C:\Windows\system32\drivers\atapi.sys - will be cured after reboot
2010/10/14 15:55:32.0281    Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Cure
2010/10/14 15:55:32.0286    Locked file(sptd) - User select action: Skip
2010/10/14 15:55:37.0319    Deinitialize success


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 AM

Posted 14 October 2010 - 11:16 AM

You did okay on that. smile.gif However, this cured a nasty rootkit.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Now please run Combofix and post me the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 14 October 2010 - 11:36 AM

Well i didnt see any signs of remote access and i rarely use anything online. they would however had been able to see me compiling some programs tongue.gif damn, they could ask for a tutorial. The first time i noticed this was when it began downloading loads of malware and other stuff. Apart from that , iv had multiple times when the computer hasnt worked for days because it didnt pass its POST and slow startup times.

i will post a log after combofix is done.

EDIT: Cant reformat it as i have nearly 300gb worth of data, passwords and no windows cd.

Edited by ZakDank, 14 October 2010 - 11:38 AM.


#15 ZakDank

ZakDank
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 14 October 2010 - 12:01 PM

combofix did the usual 'error' box before restarting , on restart it popped up and said creating restore point, another popup with a bar showing the creation followed by it saying preparing to run then just exiting.

i went to check for the combofix.txt and found 2 things, theres a file which when double clicked take me straight to 'my computer' and thats called combofix, i also have a strange folder called Qoobox which is a virus ??

EDIT :

there is also a file inside one of the folders called Catchme.txt with simply :
CODE
-------- 2010-09-30 - 17:25:51  -------------


-------- 2010-09-30 - 17:51:58  -------------


-------- 2010-09-30 - 18:08:53  -------------


-------- 2010-09-30 - 19:39:11  -------------


-------- 2010-10-01 - 15:24:29  -------------


-------- 2010-10-01 - 15:37:25  -------------


-------- 2010-10-14 - 17:48:35  -------------

Edited by ZakDank, 14 October 2010 - 12:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users