Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smart engine virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 totallyterry

totallyterry

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 01 November 2010 - 07:02 PM

I've posted and attached 2 of the reports requested. The gmer file could not be attached because it is 1 megabyte and exceeds the attachment capacity.



DDS (Ver_10-10-21.02) - NTFSx86
Run by Terry Buse at 16:16:09.53 on Sun 10/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.47 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\WEB Framework\wbfrmwrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Terry Buse\Desktop\Defogger.exe
C:\Documents and Settings\Terry Buse\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.live.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: {0001222d-7613-4b51-80dd-e15e5892ee61} - c:\windows\system32\camocx32.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: 18577ff4: {735dcfb2-b6a1-08ca-8f23-226391244ba7} - c:\windows\system32\divx_xx1132.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-908B-27FCD4A32E85} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
mRun: [WEB Framework] c:\program files\web framework\wbfrmwrk.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mExplorerRun: [RTHDBPL] c:\docume~1\terryb~1\locals~1\temp\13.tmp
StartupFolder: c:\docume~1\terryb~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\terry buse\application data\dropbox\bin\Dropbox.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272910660906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.126,93.188.160.206
TCP: {654B109E-4F4A-4409-BB6E-01F7F3B25ABD} = 93.188.164.126,93.188.160.206
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.55.76.231 www.google.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-10-24 01:13:44 -------- d-----w- c:\docume~1\terryb~1\applic~1\AVG8
2010-10-24 01:13:38 -------- d-----w- c:\program files\WEB Framework
2010-10-24 01:13:08 1386496 ----a-w- c:\program files\avgsetup.exe
2010-10-24 00:48:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-24 00:47:43 4290744 ----a-w- c:\program files\avg_avct_stb_all_2011_1136_cnet.exe
2010-10-23 01:55:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-23 01:55:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-23 01:55:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-23 01:55:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-22 00:33:25 -------- d-----w- c:\docume~1\terryb~1\locals~1\applic~1\Threat Expert
2010-10-19 02:54:50 -------- d-sh--w- c:\docume~1\terryb~1\applic~1\Smart Engine
2010-10-19 02:47:51 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMRGHE
2010-10-19 02:35:22 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\a792b9
2010-10-19 00:45:45 200704 ----a-w- c:\windows\Vbelya.exe
2010-10-18 03:40:21 6084944 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{d17c40ec-9778-4632-8bd6-33ce2f6e7c39}\mpengine.dll
2010-10-15 23:21:05 -------- d-----w- c:\docume~1\terryb~1\applic~1\HTSK
2010-10-15 23:16:48 11017752 ----a-w- c:\program files\InstallHTSK.exe
2010-10-13 01:07:03 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:07:00 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:03:00 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-10-27 19:10:24 13063352 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-20 02:15:56 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 01:49:09 16847824 ----a-w- c:\program files\avc-free.exe
2010-08-07 01:47:06 44468672 ----a-w- c:\program files\Evernote_3.5.5.2672.exe
2010-07-10 03:32:34 24225048 ----a-w- c:\program files\TuneUpInst-1.6.9.exe
2010-06-26 17:15:32 19356934 ----a-w- c:\program files\videora-xbox360-504-setup.exe
2010-06-26 00:05:15 818200 ----a-w- c:\program files\RealPlayerSPGold.exe
2010-06-25 02:16:04 9393167 ----a-w- c:\program files\fhvc.exe
2010-06-19 22:06:58 10112919 ----a-w- c:\program files\free-dvd-ripper-setup.exe
2010-06-19 20:51:49 18540656 ----a-w- c:\program files\agree-free-rip-dvd-to-avi-wmv-ripper.exe
2010-06-19 20:22:57 10381184 ----a-w- c:\program files\CheetahDVDBurner.exe
2010-06-19 20:01:14 2977913 ----a-w- c:\program files\FlyDVDCopier49.exe
2010-06-19 19:20:11 6499666 ----a-w- c:\program files\VDownloaderSetup.exe
2010-06-19 18:43:39 2967978 ----a-w- c:\program files\Topviewsoft_FreeDVDRipper.exe
2010-05-15 00:18:56 2592840 ----a-w- c:\program files\OrbitDownloaderSetup3005.exe
2010-03-18 02:14:05 2577824 ----a-w- c:\program files\OrbitDownloaderSetup.exe
2010-02-06 23:18:35 498296 ----a-w- c:\program files\BitZipperH2009.v4521364.TrialSetup-en-pl-techpro.exe
2009-12-05 03:17:19 3096366 ----a-w- c:\program files\YouTubeDownloaderSetup253b.exe
2009-11-22 22:20:03 1990904 ----a-w- c:\program files\setup_basketball_playbook_010.exe
2009-09-09 20:57:59 4114552 ----a-w- c:\program files\extensionfile.v5_10501.exe
2009-09-06 19:52:03 3096261 ----a-w- c:\program files\youtubedownloader.exe
2009-08-17 18:59:58 4181608 ----a-w- c:\program files\abiword_8798.exe
2009-08-01 21:18:38 421346 ----a-w- c:\program files\Lame_v3.98.2_for_Audacity_on_Windows.exe
2009-08-01 21:08:40 7989419 ----a-w- c:\program files\audacity-win-unicode-1.3.8.exe
2009-05-23 01:06:44 106942640 ----a-w- c:\program files\SMC_4_256.exe
2009-05-16 15:38:03 11655023 ----a-w- c:\program files\TVersitySetup_1_5_0_0.exe
2009-05-15 00:46:34 9601912 ----a-w- c:\program files\videoraxbox360converter_Installer.exe
2009-04-11 00:34:15 25569440 ----a-w- c:\program files\setup.exe
2009-03-28 16:23:13 7722680 ----a-w- c:\program files\fcrsetup.exe
2009-02-19 23:21:42 10001469 ----a-w- c:\program files\tvc.exe
2009-01-06 01:17:02 2131320 ----a-w- c:\program files\wzipse31.exe
2009-01-06 00:59:17 10511712 ----a-w- c:\program files\winzip120.exe
2008-09-25 02:00:01 240536 ----a-w- c:\program files\k9-webprotection.exe
2008-08-12 03:58:52 46995544 ----a-w- c:\program files\mm4wm_lite_enu.exe
2008-08-09 21:00:03 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2008-07-08 14:31:22 14287528 ----a-w- c:\program files\Install_AIM.exe
2008-06-28 14:04:45 9722720 ----a-w- c:\program files\spybotsd152.exe
2007-08-10 17:39:50 972730 ----a-w- c:\program files\bvort42.exe
2006-09-17 02:31:18 449727 ----a-w- c:\program files\aspi_v470.exe
2006-09-17 02:25:08 288433 ----a-w- c:\program files\aspi.exe
2006-09-17 01:42:59 1110148 ----a-w- c:\program files\cdtomp3freeware.exe
2006-09-17 01:27:38 1184625 ----a-w- c:\program files\AltoMP3_install.exe
2006-09-09 17:35:43 1573203 ----a-w- c:\program files\waveatmp3_setup.exe
2006-09-09 01:36:24 745744 ----a-w- c:\program files\smartwavconvertersetup.exe
2006-06-27 23:07:52 1813986 ----a-w- c:\program files\jppcrtr.exe
2006-03-22 00:45:44 15487432 ----a-w- c:\program files\DivXPlay.exe
2006-02-04 05:11:07 2028640 ----a-w- c:\program files\sp1aexpress_usa.exe
2005-11-17 23:02:37 9055312 ----a-w- c:\program files\ssfsetup1_1830093517.exe
2005-11-10 22:54:10 6860424 ----a-w- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-11-06 20:26:33 1258905 ----a-w- c:\program files\aresp2psetup.exe
2005-10-31 03:05:20 5460528 ----a-w- c:\program files\sdsetup.exe
2005-08-02 19:13:53 8879336 ----a-w- c:\program files\RAM_3513d_E.exe
2005-02-19 23:49:50 3818184 -c--a-w- c:\program files\agentenu200-652.exe
2005-01-31 02:10:48 7741352 -c--a-w- c:\program files\DivX521XP2K.exe
2004-07-21 21:52:37 10864355 -c--a-w- c:\program files\smsv3.exe
2004-07-13 00:24:01 1372160 -c--a-w- c:\program files\ChknFt.exe
2004-06-17 00:20:46 2377178 -c--a-w- c:\program files\WinDom362.exe
2004-06-01 20:46:56 484984 -c--a-w- c:\program files\msgr6suite.exe
2003-11-30 05:04:07 9134648 -c--a-w- c:\program files\AdbeRdr60_enu.exe
2010-07-29 03:03:18 203776 --sh--w- c:\windows\system32\unrar.exe

============= FINISH: 16:19:23.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:37 PM

Posted 09 November 2010 - 04:44 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 totallyterry

totallyterry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 10 November 2010 - 09:21 PM

OTL logfile created on: 11/10/2010 7:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Terry Buse\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 31.00 Mb Available Physical Memory | 12.00% Memory free
626.00 Mb Paging File | 221.00 Mb Available in Paging File | 35.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 8.46 Gb Free Space | 22.13% Space Free | Partition Type: NTFS

Computer Name: DG4D1T31 | User Name: Terry Buse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/10 19:37:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry Buse\Desktop\OTL.exe
PRC - [2010/06/25 18:33:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/14 10:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/28 21:42:32 | 000,354,304 | ---- | M] () -- C:\Program Files\WEB Framework\wbfrmwrk.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/04/13 18:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/09/14 12:43:00 | 000,061,440 | ---- | M] (Canon Inc) -- C:\Program Files\Canon\MultiPASS4\mpservic.exe


========== Modules (SafeList) ==========

MOD - [2010/11/10 19:37:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry Buse\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 18:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
MOD - [2008/04/13 18:11:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\dinput.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/01 20:21:52 | 000,065,536 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand | Stopped] -- C:\WINDOWS\System32\MRobeService.exe -- (MrobeService)
SRV - [2004/09/14 12:43:00 | 000,061,440 | ---- | M] (Canon Inc) [Auto | Running] -- C:\Program Files\Canon\MultiPASS4\mpservic.exe -- (MpService)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/17 15:48:28 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iviaspi.sys -- (Iviaspi)
DRV - [2004/08/03 23:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 01:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 01:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 01:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 03:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 11:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 11:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/02 15:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/02/11 12:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\stv680.sys -- (STV680)
DRV - [2002/02/11 12:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\stv680m.sys -- (STV680m)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/06/26 21:00:14 | 000,048,408 | ---- | M] (Canon) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cis1284.sys -- (cis1284)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 22 01 00 13 76 51 4B 80 DD E1 5E 58 92 EE 61 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 22 01 00 13 76 51 4B 80 DD E1 5E 58 92 EE 61 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 22 01 00 13 76 51 4B 80 DD E1 5E 58 92 EE 61 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 22 01 00 13 76 51 4B 80 DD E1 5E 58 92 EE 61 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 22 01 00 13 76 51 4B 80 DD E1 5E 58 92 EE 61 [binary data]
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 02:41:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/25 18:36:49 | 000,000,000 | ---D | M]

[2009/03/16 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Mozilla\Extensions
[2009/03/16 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/03/22 20:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Mozilla\Firefox\extensions
[2009/03/22 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry Buse\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/10/20 18:21:49 | 000,393,301 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13603 more lines...
O2 - BHO: (no name) - {0001222D-7613-4B51-80DD-E15E5892EE61} - C:\WINDOWS\System32\camocx32.dll File not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (18577ff4) - {735DCFB2-B6A1-08CA-8F23-226391244BA7} - C:\WINDOWS\System32\divx_xx1132.dll File not found
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\DOCUME~1\TERRYB~1\LOCALS~1\Temp\13.tmp File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\..Trusted Domains: doginhispen.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1700913343-547502954-1843179153-1007\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272910660906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.126,93.188.160.206
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - C:\Program Files\Messenger\rtere.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Terry Buse\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terry Buse\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O27 - HKLM IFEO\_avp32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\_avpcc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\_avpm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\a.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AAWTray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\About.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ackwin32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\adaware.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\anti-trojan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\apvxdwin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\au.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\autodown.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avconsol.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ave32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgctrl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avkserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avp32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avpcc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avpdos32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avpm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avptc32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avpupd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avsched32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwin95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwupd32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\b.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\blackd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\blackice.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\c.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfiadmin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfiaudit.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfinet.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfinet32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\claw95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\claw95cf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cleaner.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cleaner3.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\click.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\control: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\d.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dvp95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\dvp95_0.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ecengine.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\esafe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\f-agnt95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\findviru.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fprot.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\f-prot.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\f-prot95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fp-win.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\frw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\f-stopw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\History.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iamapp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iamserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ibmasn.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ibmavsp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\icload95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\icloadnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\icmon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\icsupp95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\icsuppnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iface.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\init.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe File not found
O27 - HKLM IFEO\install.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\install[1].exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\install[2].exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\install[3].exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\install[4].exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\install[5].exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\iomon98.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\jedi.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lockdown2000.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lookout.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\luall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\md.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\moolive.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mpftray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msconfig: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msfwsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\n32scanw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navapsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navapw32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navlu32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navw32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\navwnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nisum.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nmain.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\normist.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nupgrade.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nvc95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\OcHealthMon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pavcl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pavsched.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pavw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pccwin98.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\persfw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\personalguard: Debugger - svchost.exe File not found
O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rav7.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rav7win.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rav8win32eng.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rb32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rcsync.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\realmon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\reged.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\regedt32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rescue.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rescue32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rrguard.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rscdwld.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rshell.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rtvscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rtvscn95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rulaunch.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rwg: Debugger - svchost.exe File not found
O27 - HKLM IFEO\rwg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\safeweb.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sahagent.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Save.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\SaveArmor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\SaveDefense.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\SaveKeep.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\savenow.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sbserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\scam32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\scan32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\scan95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\scanpm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\scrscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\seccenter.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Secure Veteran.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\secureveteran.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\Security Center.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\SecurityFighter.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\securitysoldier.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\serv95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\setloadorder.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\setupvameeval.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sgssfw32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sh.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\shellspyinstall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\shield.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\shn.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\showbehind.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\signcheck.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\smart.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\smartprotector.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\smc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\smrtdefp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sms.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\smss32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\snetcfg.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\soap.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sofi.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\SoftSafeness.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sperm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\spf.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sphinx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\spoler.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\spoolcv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\spoolsv32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\spywarexpguard.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\spyxx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\srexe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\srng.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ss3edit.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ssg_4104.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\ssgrate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\st2.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\start.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\stcloader.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\supftrl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\support.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\supporter5.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\svc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\svchostc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\svchosts.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\svshost.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sweep95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\symlcsvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\symproxysvc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\symtray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\system.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\system32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\sysupd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tapinstall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\taumon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tbscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tca.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tcm.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tds2-98.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tds2-nt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tds-3.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\teekids.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tfak.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tfak5.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tgbob.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\titanin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\titaninxp.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\TPSrv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\trickler.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\trjscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\trjsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\trojantrap3.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\TrustWarrior.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tsadbot.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tsc.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tvmd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\tvtmd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\uiscan.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\undoboot.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\updat.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\upgrad.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\upgrepl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\utpost.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vbcmserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vbcons.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vbust.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vbwin9x.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vbwinntw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vcsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vet32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vet95.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vettray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vfsetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vir-help.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\VisthAux.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\VisthLic.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\VisthUpd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vnlan300.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vnpc3000.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vpc32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vpc42.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vpfw30s.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vptray.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vscan40.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsched.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsecomr.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vshwin32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsisetup.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsmain.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsmon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsserv.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vsstat.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vswin9xe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vswinntse.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\vswinperse.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\w32dsm89.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\W3asbas.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\w9x.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\watchdog.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\webdav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\WebProxy.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\webscanx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\webtrap.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wfindv32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\whoswatchingme.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wimmun32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\win32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\win32us.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winactive.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\win-bugsfix.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\windll32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\window.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\windows Police Pro.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\windows.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wininetd.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wininitx.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winlogin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winmain.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winppr32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winrecon.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winservn.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winss.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winssk32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winssnotify.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\WinSSUI.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winstart.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winstart001.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wintsk32.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\winupdate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wkufind.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wnad.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wnt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wradmin.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wrctrl.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wsbgate.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wscfxas.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wscfxav.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wscfxfw.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wsctool.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wupdater.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wupdt.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\xp_antispyware.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\xpdeluxe.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\xpf202en.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\zapro.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\zapsetup3001.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\zatutor.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\zonalm2601.exe: Debugger - svchost.exe File not found
O27 - HKLM IFEO\zonealarm.exe: Debugger - svchost.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/25 12:31:23 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ea34fbe-66d0-11df-8ef1-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea34fbe-66d0-11df-8ef1-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ea34fbe-66d0-11df-8ef1-000cf17cde9f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4e4a203e-c71b-11de-8e7d-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{4e4a203e-c71b-11de-8e7d-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e4a203e-c71b-11de-8e7d-000cf17cde9f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4e4a203f-c71b-11de-8e7d-000cf17cde9f}\Shell\AutoRun\command - "" = NEXT\FILES\NEXT.exe
O33 - MountPoints2\{4e4a203f-c71b-11de-8e7d-000cf17cde9f}\Shell\open\command - "" = NEXT\FILES\NEXT.exe
O33 - MountPoints2\{5ce591d9-c6e4-11dd-9fb9-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{5ce591d9-c6e4-11dd-9fb9-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60c1fb92-5107-11dc-9d2d-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{60c1fb92-5107-11dc-9d2d-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60c1fb92-5107-11dc-9d2d-000cf17cde9f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{60efc085-8926-11de-8e2c-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{60efc085-8926-11de-8e2c-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3050244-cbfe-11dd-9fc1-000cf17cde9f}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{c3050244-cbfe-11dd-9fc1-000cf17cde9f}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{c3050244-cbfe-11dd-9fc1-000cf17cde9f}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{c3050244-cbfe-11dd-9fc1-000cf17cde9f}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{c3050244-cbfe-11dd-9fc1-000cf17cde9f}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{de9fd794-76a1-11dd-9f44-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{de9fd794-76a1-11dd-9f44-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de9fd794-76a1-11dd-9f44-000cf17cde9f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e1565f21-de3b-11df-8f5f-000cf17cde9f}\Shell\Auto\command - "" = F:\Start.exe -- File not found
O33 - MountPoints2\{e1565f21-de3b-11df-8f5f-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f20065b8-0b41-11dd-9e7d-000cf17cde9f}\Shell - "" = AutoRun
O33 - MountPoints2\{f20065b8-0b41-11dd-9e7d-000cf17cde9f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f20065b8-0b41-11dd-9e7d-000cf17cde9f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 19:37:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terry Buse\Desktop\OTL.exe
[2010/10/31 11:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry Buse\Desktop\movies
[2010/10/23 19:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry Buse\Application Data\AVG8
[2010/10/23 19:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\WEB Framework
[2010/10/23 19:13:08 | 001,386,496 | ---- | C] (AVG Technologies) -- C:\Program Files\avgsetup.exe
[2010/10/23 18:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 18:47:43 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1136_cnet.exe
[2010/10/22 19:55:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/22 19:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/22 19:55:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/22 19:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/21 18:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry Buse\Local Settings\Application Data\Threat Expert
[2010/10/20 19:13:19 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Terry Buse\Desktop\mbam-setup-1.46.exe
[2010/10/18 20:54:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Terry Buse\Application Data\Smart Engine
[2010/10/18 20:47:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMRGHE
[2010/10/18 20:35:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\a792b9
[2010/10/18 18:45:45 | 000,200,704 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\Vbelya.exe
[2010/10/15 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry Buse\Application Data\HTSK
[2010/10/15 17:16:48 | 011,017,752 | ---- | C] (Sun River Systems, Inc. ) -- C:\Program Files\InstallHTSK.exe
[2010/08/15 19:47:30 | 016,847,824 | ---- | C] (Any-Video-Converter.com ) -- C:\Program Files\avc-free.exe
[2010/08/03 11:43:26 | 013,063,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mssefullinstall-x86fre-en-us-xp.exe
[2010/07/09 21:32:22 | 024,225,048 | ---- | C] (TuneUp Media, Inc.) -- C:\Program Files\TuneUpInst-1.6.9.exe
[2010/06/25 18:04:50 | 000,818,200 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayerSPGold.exe
[2010/06/24 20:15:29 | 009,393,167 | ---- | C] (Filehog.com ) -- C:\Program Files\fhvc.exe
[2010/06/19 14:51:15 | 018,540,656 | ---- | C] (Agree Software, Inc. ) -- C:\Program Files\agree-free-rip-dvd-to-avi-wmv-ripper.exe
[2010/06/19 14:22:57 | 010,381,184 | ---- | C] (Cheetah Websites Corporation) -- C:\Program Files\CheetahDVDBurner.exe
[2010/06/19 14:01:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Terry Buse\Application Data\pcouffin.sys
[2010/06/19 13:59:45 | 002,977,913 | ---- | C] (Magic DVD Software, Inc. ) -- C:\Program Files\FlyDVDCopier49.exe
[2010/06/19 13:19:28 | 006,499,666 | ---- | C] (Vitzo Limited ) -- C:\Program Files\VDownloaderSetup.exe
[2010/06/19 12:40:30 | 002,967,978 | ---- | C] (Topviewsoft, Inc. ) -- C:\Program Files\Topviewsoft_FreeDVDRipper.exe
[2010/05/14 18:18:44 | 002,592,840 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup3005.exe
[2010/03/17 20:13:56 | 002,577,824 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe
[2010/02/06 17:18:08 | 000,498,296 | ---- | C] (W3i, LLC) -- C:\Program Files\BitZipperH2009.v4521364.TrialSetup-en-pl-techpro.exe
[2009/11/22 16:19:39 | 001,990,904 | ---- | C] (Jes-Soft ) -- C:\Program Files\setup_basketball_playbook_010.exe
[2009/09/09 14:57:44 | 004,114,552 | ---- | C] (W3i, LLC) -- C:\Program Files\extensionfile.v5_10501.exe
[2009/08/17 12:59:22 | 004,181,608 | ---- | C] (W3i, LLC) -- C:\Program Files\abiword_8798.exe
[2009/08/01 15:18:37 | 000,421,346 | ---- | C] ( ) -- C:\Program Files\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2009/08/01 15:08:19 | 007,989,419 | ---- | C] (Audacity Team ) -- C:\Program Files\audacity-win-unicode-1.3.8.exe
[2009/05/22 19:01:56 | 106,942,640 | ---- | C] (InterVideo Inc. ) -- C:\Program Files\SMC_4_256.exe
[2009/03/28 10:23:06 | 007,722,680 | ---- | C] (Focussoft.net ) -- C:\Program Files\fcrsetup.exe
[2009/03/02 16:35:48 | 010,001,469 | ---- | C] (EffectMatrix Inc. ) -- C:\Program Files\tvc.exe
[2008/08/11 21:58:12 | 046,995,544 | ---- | C] (Sony Creative Software Inc.) -- C:\Program Files\mm4wm_lite_enu.exe
[2008/08/09 15:00:02 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2008/07/08 08:31:22 | 014,287,528 | ---- | C] (AOL LLC.) -- C:\Program Files\Install_AIM.exe
[2008/06/28 08:04:45 | 009,722,720 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd152.exe
[2007/08/10 11:38:53 | 000,972,730 | ---- | C] (SB-Software ) -- C:\Program Files\bvort42.exe
[2007/07/22 22:04:38 | 025,569,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setup.exe
[2006/09/16 20:24:59 | 000,288,433 | ---- | C] (Adaptec) -- C:\Program Files\aspi.exe
[2006/09/16 19:27:00 | 001,184,625 | ---- | C] (YuanSoft, Inc. ) -- C:\Program Files\AltoMP3_install.exe
[2006/09/08 19:36:17 | 000,745,744 | ---- | C] (SmartSoft ) -- C:\Program Files\smartwavconvertersetup.exe
[2006/03/21 18:45:42 | 015,487,432 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe
[2005/11/17 17:02:30 | 009,055,312 | ---- | C] (Webroot Software, Inc. ) -- C:\Program Files\ssfsetup1_1830093517.exe
[2005/11/10 16:54:10 | 006,860,424 | ---- | C] (Microsoft Corporation ) -- C:\Program Files\MicrosoftAntiSpywareInstall.exe
[2005/11/06 14:26:27 | 001,258,905 | ---- | C] ( ) -- C:\Program Files\aresp2psetup.exe
[2005/10/30 21:05:19 | 005,460,528 | ---- | C] (PC Tools Research Pty. Ltd. ) -- C:\Program Files\sdsetup.exe
[2005/08/02 13:13:49 | 008,879,336 | ---- | C] (RioPort ) -- C:\Program Files\RAM_3513d_E.exe
[2003/11/29 22:25:27 | 009,134,648 | ---- | C] (Netopsystems AG) -- C:\Program Files\AdbeRdr60_enu.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Terry Buse\*.tmp files -> C:\Documents and Settings\Terry Buse\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 19:45:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/11/10 19:44:03 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/10 19:37:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry Buse\Desktop\OTL.exe
[2010/11/10 19:26:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/09 18:28:49 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1700913343-547502954-1843179153-1007.job
[2010/11/09 18:28:31 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1700913343-547502954-1843179153-1007.job
[2010/11/08 19:40:54 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/11/07 18:48:23 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 18:48:23 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/07 18:44:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/11/07 18:44:52 | 267,440,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 02:11:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/05 15:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/31 12:01:03 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 15:58:35 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\Personel Committee2.doc
[2010/10/27 13:10:48 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/24 12:16:38 | 002,433,440 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\For this drill 6 or more players can be used.doc
[2010/10/23 19:13:24 | 001,386,496 | ---- | M] (AVG Technologies) -- C:\Program Files\avgsetup.exe
[2010/10/23 18:47:55 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_avct_stb_all_2011_1136_cnet.exe
[2010/10/22 15:43:36 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\gmer.zip
[2010/10/22 15:24:12 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\dds.scr
[2010/10/22 15:09:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Terry Buse\defogger_reenable
[2010/10/22 15:09:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\Defogger.exe
[2010/10/20 19:24:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Terry Buse\Desktop\mbam-setup-1.46.exe
[2010/10/20 18:47:24 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\rkill.com
[2010/10/20 18:22:53 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/10/20 18:22:51 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\Smart Engine.lnk
[2010/10/20 18:21:49 | 000,393,301 | RHS- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/10/20 18:10:20 | 000,005,036 | ---- | M] () -- C:\Documents and Settings\Terry Buse\Desktop\Document.rtf
[2010/10/19 04:24:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/18 18:45:18 | 000,200,704 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Vbelya.exe
[2010/10/17 20:14:22 | 000,100,492 | ---- | M] () -- C:\Program Files\NOITIDEDLOGKEESTAEHNOITIDEDLOGKEESTAEH1343.rar
[2010/10/15 17:19:41 | 011,017,752 | ---- | M] (Sun River Systems, Inc. ) -- C:\Program Files\InstallHTSK.exe
[2010/10/14 20:08:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/10/13 02:13:32 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 02:10:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Terry Buse\*.tmp files -> C:\Documents and Settings\Terry Buse\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 15:58:33 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\Personel Committee2.doc
[2010/10/24 12:16:35 | 002,433,440 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\For this drill 6 or more players can be used.doc
[2010/10/22 15:43:29 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\gmer.zip
[2010/10/22 15:24:12 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\dds.scr
[2010/10/22 15:09:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Terry Buse\defogger_reenable
[2010/10/22 15:09:16 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\Defogger.exe
[2010/10/20 18:46:00 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\rkill.com
[2010/10/20 18:10:20 | 000,005,036 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\Document.rtf
[2010/10/19 19:54:12 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Desktop\Smart Engine.lnk
[2010/10/19 00:41:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/18 20:58:30 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
[2010/10/18 20:35:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1700913343-547502954-1843179153-1007.job
[2010/10/18 18:46:21 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/10/18 18:46:04 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/18 18:45:30 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/17 18:27:05 | 000,100,492 | ---- | C] () -- C:\Program Files\NOITIDEDLOGKEESTAEHNOITIDEDLOGKEESTAEH1343.rar
[2010/08/19 20:11:47 | 013,525,424 | ---- | C] () -- C:\Program Files\Dropbox 0.7.110.exe
[2010/08/16 17:37:31 | 000,126,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/06 19:32:48 | 044,468,672 | ---- | C] () -- C:\Program Files\Evernote_3.5.5.2672.exe
[2010/07/29 11:47:49 | 000,001,900 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010/06/26 11:06:27 | 019,356,934 | ---- | C] () -- C:\Program Files\videora-xbox360-504-setup.exe
[2010/06/19 16:00:12 | 010,112,919 | ---- | C] () -- C:\Program Files\free-dvd-ripper-setup.exe
[2010/06/19 14:02:43 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\pcouffin.log
[2010/06/19 14:01:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\inst.exe
[2010/06/19 14:01:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\pcouffin.cat
[2010/06/19 14:01:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\pcouffin.inf
[2010/06/19 12:46:34 | 006,664,208 | ---- | C] () -- C:\WINDOWS\System32\dvdripcore.dll
[2010/06/19 12:46:09 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/12/04 21:16:56 | 003,096,366 | ---- | C] () -- C:\Program Files\YouTubeDownloaderSetup253b.exe
[2009/09/20 07:12:23 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/05/16 09:37:36 | 011,655,023 | ---- | C] () -- C:\Program Files\TVersitySetup_1_5_0_0.exe
[2009/05/04 20:28:59 | 003,096,261 | ---- | C] () -- C:\Program Files\youtubedownloader.exe
[2009/03/28 10:23:44 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/04 17:59:11 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/03/04 17:59:11 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/03/04 17:59:11 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/03/04 17:59:11 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/01/05 19:16:54 | 002,131,320 | ---- | C] () -- C:\Program Files\wzipse31.exe
[2009/01/05 18:58:54 | 010,511,712 | ---- | C] () -- C:\Program Files\winzip120.exe
[2008/09/24 19:59:37 | 000,240,536 | ---- | C] () -- C:\Program Files\k9-webprotection.exe
[2008/07/18 14:23:20 | 000,063,322 | ---- | C] () -- C:\Program Files\sudoku.zip
[2008/04/19 20:09:10 | 004,114,037 | ---- | C] () -- C:\Program Files\mp3ts305L.zip
[2007/12/25 14:15:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/09/18 17:43:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\mavis15.INI
[2007/09/17 19:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2007/08/26 12:56:08 | 000,063,026 | ---- | C] () -- C:\Program Files\10103067.cab
[2007/08/04 10:35:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\bible.ini
[2007/07/03 13:01:58 | 009,601,912 | ---- | C] () -- C:\Program Files\videoraxbox360converter_Installer.exe
[2007/06/12 21:12:57 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/17 19:38:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2006/09/16 20:31:05 | 000,449,727 | ---- | C] () -- C:\Program Files\aspi_v470.exe
[2006/09/16 19:42:55 | 001,110,148 | ---- | C] () -- C:\Program Files\cdtomp3freeware.exe
[2006/09/09 11:35:38 | 001,573,203 | ---- | C] () -- C:\Program Files\waveatmp3_setup.exe
[2006/08/20 13:27:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/07/17 14:29:49 | 002,374,985 | ---- | C] () -- C:\Program Files\ttable1d.zip
[2006/06/27 17:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2006/06/27 17:07:38 | 001,813,986 | ---- | C] () -- C:\Program Files\jppcrtr.exe
[2006/06/02 20:02:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2006/02/05 12:23:11 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/02/03 23:11:02 | 002,028,640 | ---- | C] () -- C:\Program Files\sp1aexpress_usa.exe
[2006/01/24 12:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/11/17 17:03:21 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/17 17:03:21 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/27 18:10:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2005/07/28 12:53:59 | 000,000,155 | ---- | C] () -- C:\WINDOWS\Riorio.INI
[2005/07/11 08:40:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/02/19 17:49:36 | 003,818,184 | ---- | C] () -- C:\Program Files\agentenu200-652.exe
[2005/02/18 16:38:39 | 000,500,736 | ---- | C] () -- C:\WINDOWS\System32\mp3tsshx.dll
[2005/02/08 17:58:43 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/01/30 20:10:34 | 007,741,352 | ---- | C] () -- C:\Program Files\DivX521XP2K.exe
[2004/12/04 17:48:48 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Local Settings\Application Data\fusioncache.dat
[2004/10/26 16:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/13 18:16:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/07/21 15:52:37 | 010,864,355 | ---- | C] () -- C:\Program Files\smsv3.exe
[2004/07/16 12:00:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DGLEEHNL.ini
[2004/07/12 18:24:01 | 001,372,160 | ---- | C] () -- C:\Program Files\ChknFt.exe
[2004/07/08 12:55:24 | 000,000,155 | ---- | C] () -- C:\WINDOWS\sb_affiliate.ini
[2004/06/21 14:20:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2004/06/16 18:20:46 | 002,377,178 | ---- | C] () -- C:\Program Files\WinDom362.exe
[2004/06/10 14:45:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\eztw32.dll
[2004/06/01 14:46:56 | 000,484,984 | ---- | C] () -- C:\Program Files\msgr6suite.exe
[2004/04/11 08:32:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/03/22 15:16:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2004/02/07 13:03:30 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/02/07 13:02:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/12/09 16:52:29 | 000,000,160 | ---- | C] () -- C:\WINDOWS\JIXXA.INI
[2003/12/08 17:30:18 | 000,012,303 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/12/01 20:39:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/11/30 13:58:21 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/29 19:53:09 | 000,012,983 | ---- | C] () -- C:\WINDOWS\System32\MpUpMon.dll
[2003/11/29 15:58:15 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\PFP110JPR.{PB
[2003/11/29 15:58:15 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Terry Buse\Application Data\PFP110JCM.{PB
[2003/11/22 12:05:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2003/11/22 09:47:01 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/11/18 11:25:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/18 11:20:26 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/11/18 11:14:52 | 000,000,285 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/11/18 11:10:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/18 10:55:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/18 10:54:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/18 10:42:52 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 22:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/14 12:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 12:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 12:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 12:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 12:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/10/18 20:58:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a792b9
[2007/09/17 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2003/11/29 19:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2006/06/02 19:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2006/06/02 19:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/11/22 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft
[2008/04/05 21:39:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2010/10/23 18:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/25 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/11/27 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/18 20:47:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMRGHE
[2008/08/11 23:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/10/21 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/08 08:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/05 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/05 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/01/17 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/05/03 16:26:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2010/08/15 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\AnvSoft
[2009/12/23 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Audacity
[2010/02/06 17:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\BitZipper
[2007/09/17 19:38:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Broderbund
[2010/11/07 18:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Dropbox
[2010/05/13 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\FrostWire
[2006/04/27 18:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\G-Force
[2009/03/02 14:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\GrabPro
[2006/06/02 05:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\HotSync
[2010/10/29 20:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\HTSK
[2003/11/25 17:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Leadertech
[2010/07/09 20:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Music Organizer
[2006/08/08 19:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Musicmatch
[2009/01/23 21:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Netscape
[2009/09/27 21:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\NewzToolz-EZ
[2005/12/25 07:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\OLYMPUS
[2010/04/23 17:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\OpenOffice.org
[2010/10/17 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Orbit
[2010/04/01 21:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Parental Control FF
[2010/04/20 21:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\parentalcontrol
[2010/07/08 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Red Kawa
[2010/07/09 21:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\SanDisk
[2010/10/18 20:56:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Terry Buse\Application Data\Smart Engine
[2010/05/02 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Sony
[2008/08/11 21:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Sony Setup
[2008/06/27 11:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\sp1
[2008/08/02 15:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\sudoku9981
[2010/08/02 09:01:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Terry Buse\Application Data\SystemProc
[2008/07/18 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Viewpoint
[2010/06/19 14:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Vso
[2010/08/15 15:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry Buse\Application Data\Watermark Master
[2010/11/07 02:11:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/10 19:44:03 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/10 19:45:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/11/10 19:26:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538DC028
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40088782
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F

< End of report >



OTL Extras logfile created on: 11/10/2010 7:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Terry Buse\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 31.00 Mb Available Physical Memory | 12.00% Memory free
626.00 Mb Paging File | 221.00 Mb Available in Paging File | 35.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 8.46 Gb Free Space | 22.13% Space Free | Partition Type: NTFS

Computer Name: DG4D1T31 | User Name: Terry Buse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Desktop Doppler Plus\TrueWeather.exe" = C:\Program Files\Common Files\Desktop Doppler Plus\TrueWeather.exe:*:Enabled:TrueWeather -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\yDecode\yDecode.exe" = C:\Program Files\yDecode\yDecode.exe:*:Enabled:yDecode -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe" = C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe:*:Enabled:Media Manager for PSP 2.0 -- (Sony Media Software, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"H:\meWire\meWire\LimeWire.exe" = H:\meWire\meWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"H:\Frostwire\FrostWire.exe" = H:\Frostwire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- File not found
"F:\Frostwire\FrostWire.exe" = F:\Frostwire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"G:\Frostwire\FrostWire.exe" = G:\Frostwire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"H:\Music\New\FrostWire\FrostWire.exe" = H:\Music\New\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"G:\FrostWire-1\FrostWire.exe" = G:\FrostWire-1\FrostWire.exe:*:Enabled:FrostWire -- File not found
"F:\FrostWire-1\FrostWire.exe" = F:\FrostWire-1\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"F:\LimeWire\LimeWire.exe" = F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Documents and Settings\Terry Buse\Application Data\U3\00001564CB6109A8\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and Settings\Terry Buse\Application Data\U3\00001564CB6109A8\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
"C:\Documents and Settings\Terry Buse\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Terry Buse\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Documents and Settings\All Users\Application Data\a792b9\SMa79_302.exe" = C:\Documents and Settings\All Users\Application Data\a792b9\SMa79_302.exe:*:Enabled:Smart Engine -- ()
"C:\Program Files\WEB Framework\wbfrmwrk.exe" = C:\Program Files\WEB Framework\wbfrmwrk.exe:*:Enabled:WEBFramework -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}" = Sony Media Manager for PSP 2.0
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D4CB93C-65F8-4B7D-B1D9-2F926490A461}" = Mp3/Tag Studio 3.5 (beta 8)
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{600CF34A-89F8-4A30-9039-BF5C20C5E84E}" = MP4-based Video Downloader
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A508AAA-3B69-4326-B89E-A6166FA05D3C}" = Canon MultiPASS Suite 4.00
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.8.387
"{A9C89180-E3B6-4451-A788-0BDC8A5EF34A}_is1" = HTSK
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D104DF00-D172-11D2-BBA5-00104B218045}" = RioPort Audio Manager
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FABFD4E4-9216-4CF8-A594-F63AC74FEC3C}" = m:trip
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF4A64B8-1AA6-4AA9-9544-54A7ECF0CE22}" = muvee autoProducer 3.5 magicMoments
"AbiWord2" = AbiWord 2.6.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm Clock_is1" = Alarm Clock v1.0
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Basketball Playbook 010_is1" = Basketball Playbook 010
"Basketball Playbook_is1" = Basketball Playbook 008
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BitZipper_is1" = BitZipper 2009
"Chickenfoot" = Chickenfoot
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Digital Images Manager" = Digital Images Manager
"Eraser" = Eraser
"Free CD Ripper_is1" = Free CD Ripper 3.1
"FreeStar Free DVD Ripper" = FreeStar Free DVD Ripper 3.0.1
"FrostWire" = FrostWire 4.20.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Orbit_is1" = Orbit Downloader
"Panda ActiveScan" = Panda ActiveScan
"Photodex Presenter" = Photodex Presenter
"Product_Name" = SpyKiller
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"SHRThinkingGamesDeluxe" = Schoolhouse Rock Thinking Games Deluxe
"ST5UNST #1" = BibleMem
"ST6UNST #1" = NewsShark
"USB Dual-mode Camera v200 Installation Files" = USB Dual-mode Camera v200 Installation Files
"Video Converter_is1" = Video Converter 1.0.0.1
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"WEB Framework" = WEB Framework
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1700913343-547502954-1843179153-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2010 7:47:32 PM | Computer Name = DG4D1T31 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 8/17/2010 8:23:34 AM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application free-dvd-ripper.exe, version 8.5.2.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2010 9:07:01 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application free-dvd-ripper.exe, version 8.5.2.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2010 9:07:01 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application free-dvd-ripper.exe, version 8.5.2.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2010 9:33:05 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/18/2010 10:19:28 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application free-dvd-ripper.exe, version 8.5.2.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/18/2010 10:19:50 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application free-dvd-ripper.exe, version 8.5.2.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2010 6:46:51 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application free-dvd-ripper.exe, version 8.5.2.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/20/2010 6:10:54 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/20/2010 6:10:56 PM | Computer Name = DG4D1T31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/10/2010 10:32:17 AM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 11:03:43 AM | Computer Name = DG4D1T31 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/10/2010 12:16:53 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 1:35:21 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 2:47:27 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 3:59:24 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 5:11:34 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 6:47:30 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 7:55:18 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.

Error - 11/10/2010 9:31:14 PM | Computer Name = DG4D1T31 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARY-UA4RVEICZL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{654B109E-4F4. The master browser is stopping or an election is being
forced.


< End of report >


RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.505
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000
Size: 3182592 bytes

Driver: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000
Size: 2189952 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2189952 bytes

Driver: RAW
Address: 0x804D7000
Size: 2189952 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2189952 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xF87FB000
Size: 1253376 bytes

Driver: C:\WINDOWS\System32\DRIVERS\BCMSM.sys
Address: 0xF86B6000
Size: 1101824 bytes

Driver: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF85CD000
Size: 581632 bytes

Driver: Ntfs.sys
Address: 0xF90CB000
Size: 577536 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xEFCB4000
Size: 458752 bytes

Driver: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF8523000
Size: 385024 bytes

Driver: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xEFD99000
Size: 364544 bytes

Driver: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xED753000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEDBEC000
Size: 266240 bytes

Driver: ACPI.sys
Address: 0xF9211000
Size: 188416 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xED537000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xF909E000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEF09B000
Size: 176128 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xEFD24000
Size: 176128 bytes

Driver: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xEFD71000
Size: 163840 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xEFC8E000
Size: 155648 bytes

Driver: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xF866F000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF85A9000
Size: 147456 bytes

Driver: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF87C3000
Size: 147456 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF8693000
Size: 143360 bytes

Driver: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Address: 0xF227D000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEFD4F000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806EE000
Size: 131840 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000
Size: 131840 bytes

Driver: fltmgr.sys
Address: 0xF91A9000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF91E1000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xF9084000
Size: 106496 bytes

Driver: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xED6A3000
Size: 102400 bytes

Driver: atapi.sys
Address: 0xF91C9000
Size: 98304 bytes

Driver: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xED43C000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xF916B000
Size: 94208 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF8592000
Size: 94208 bytes

Driver: drvmcdb.sys
Address: 0xF9182000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xED454000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xED5B2000
Size: 86016 bytes

Driver: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF865B000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF87E7000
Size: 81920 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xEFDF2000
Size: 77824 bytes

Driver: WudfPf.sys
Address: 0xF9158000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF9197000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF9200000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF8581000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xEDA0F000
Size: 65536 bytes

Driver: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF94B0000
Size: 65536 bytes

Driver: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF94A0000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF92E0000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF94C0000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF2D46000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF9390000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF92A0000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF9490000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF92F0000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF9280000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xF89BD000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF9310000
Size: 49152 bytes

Driver: agp440.sys
Address: 0xF92C0000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF235A000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF94D0000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF9270000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF9300000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xF93D0000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xF9260000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF9330000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF89AD000
Size: 40960 bytes

Driver: disk.sys
Address: 0xF9290000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF2D66000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF9480000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF9320000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF2D56000
Size: 36864 bytes

Driver: PxHelp20.sys
Address: 0xF92B0000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xF004C000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xEDA2F000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF9590000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF9550000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF9588000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\drivers\cis1284.sys
Address: 0xF2B37000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF9598000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF9528000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF94E0000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xEDAAB000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF95A0000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF95C0000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xF9578000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF9538000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF9580000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF9540000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF9548000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\omci.sys
Address: 0xF95C8000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF94E8000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF95B0000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF95B8000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF95A8000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xEDAD3000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF96E8000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF00EE000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF8D9C000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xF23DB000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF9670000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEDB10000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF8503000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF9754000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\drivers\iviaspi.sys
Address: 0xF8D98000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xEDB2C000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF8D8C000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF84FF000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF84FB000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF97B4000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF9816000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Address: 0xF976A000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF9814000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF9760000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xF976E000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF9818000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF9826000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF981A000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF97B2000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF97B6000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xF97D4000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF97E4000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF9762000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF9882000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF988B000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xEFF16000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xF9828000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xF98AD000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xF98AB000
Size: 4096 bytes


!!!!!!!!!!!Hidden driver: ?_empty_?
Loaded from:
Address: 0x81E90AEA
Size: 1302 bytes

Driver: unknown_irp_handler
Address: 0x81E90EC5
Size: 315 bytes


!!!!!!!!!!!Hidden driver: ?_empty_?
Loaded from:
Address: 0x00000000
Size: 0 bytes

==============================================
>Stealth

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:37 PM

Posted 11 November 2010 - 03:09 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 totallyterry

totallyterry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 12 November 2010 - 09:00 PM

I downloaded the Combofix software but it would not run when I double clicked on it. I have uninstalled all of the anti-spyware programs I had.....AVG, Spybot Search and Destroy, Super Antispyware, and Microsoft Security Essentials.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:37 PM

Posted 13 November 2010 - 08:35 AM

Please try this: if anything is detected that cannot be cured, just skip, but post me the log. I will need the filenames.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 totallyterry

totallyterry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 13 November 2010 - 02:22 PM

2010/11/13 13:17:50.0406 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 13:17:50.0406 ================================================================================
2010/11/13 13:17:50.0406 SystemInfo:
2010/11/13 13:17:50.0406
2010/11/13 13:17:50.0406 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 13:17:50.0406 Product type: Workstation
2010/11/13 13:17:50.0406 ComputerName: DG4D1T31
2010/11/13 13:17:50.0406 UserName: Terry Buse
2010/11/13 13:17:50.0406 Windows directory: C:\WINDOWS
2010/11/13 13:17:50.0406 System windows directory: C:\WINDOWS
2010/11/13 13:17:50.0406 Processor architecture: Intel x86
2010/11/13 13:17:50.0406 Number of processors: 1
2010/11/13 13:17:50.0406 Page size: 0x1000
2010/11/13 13:17:50.0406 Boot type: Normal boot
2010/11/13 13:17:50.0406 ================================================================================
2010/11/13 13:17:52.0078 Initialize success
2010/11/13 13:17:58.0593 ================================================================================
2010/11/13 13:17:58.0593 Scan started
2010/11/13 13:17:58.0593 Mode: Manual;
2010/11/13 13:17:58.0593 ================================================================================
2010/11/13 13:18:07.0000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/13 13:18:07.0593 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 13:18:08.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/13 13:18:08.0640 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/13 13:18:09.0218 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/11/13 13:18:09.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 13:18:10.0406 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 13:18:11.0000 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/11/13 13:18:11.0609 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/13 13:18:12.0156 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/13 13:18:12.0687 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/13 13:18:13.0171 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/13 13:18:13.0703 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/13 13:18:14.0234 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/13 13:18:14.0765 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/13 13:18:15.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/13 13:18:15.0828 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/13 13:18:16.0359 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/13 13:18:16.0875 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/13 13:18:17.0500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 13:18:18.0000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 13:18:19.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 13:18:19.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 13:18:20.0578 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/11/13 13:18:21.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 13:18:22.0218 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/13 13:18:22.0593 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 13:18:23.0046 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/13 13:18:23.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/13 13:18:23.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 13:18:24.0281 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 13:18:24.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 13:18:25.0593 cis1284 (7e1d1616c7e2fbba784e5dbd05d88eca) C:\WINDOWS\System32\drivers\cis1284.sys
2010/11/13 13:18:26.0062 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/13 13:18:26.0500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/13 13:18:27.0000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/13 13:18:27.0437 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/13 13:18:27.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 13:18:28.0625 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 13:18:29.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 13:18:29.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 13:18:30.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 13:18:30.0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/13 13:18:31.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 13:18:31.0750 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/11/13 13:18:32.0234 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/11/13 13:18:32.0609 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/11/13 13:18:33.0203 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/11/13 13:18:33.0734 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/13 13:18:34.0250 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/13 13:18:34.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 13:18:35.0515 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/13 13:18:36.0093 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 13:18:36.0531 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/13 13:18:37.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/13 13:18:37.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 13:18:37.0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 13:18:38.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 13:18:39.0015 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 13:18:39.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/13 13:18:39.0953 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 13:18:40.0390 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/13 13:18:40.0875 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/13 13:18:41.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 13:18:41.0906 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/11/13 13:18:42.0359 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/11/13 13:18:42.0781 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/11/13 13:18:43.0203 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/11/13 13:18:43.0703 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/11/13 13:18:44.0140 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/11/13 13:18:44.0578 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/11/13 13:18:45.0000 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/11/13 13:18:45.0421 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/11/13 13:18:45.0875 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/11/13 13:18:46.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 13:18:46.0843 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/13 13:18:47.0265 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/11/13 13:18:47.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/13 13:18:48.0265 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/13 13:18:48.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 13:18:49.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 13:18:49.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 13:18:50.0109 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 13:18:50.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 13:18:51.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 13:18:51.0640 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/11/13 13:18:52.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 13:18:52.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 13:18:53.0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 13:18:54.0421 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/11/13 13:18:54.0843 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 13:18:55.0312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 13:18:55.0718 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/13 13:18:56.0156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 13:18:56.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 13:18:57.0109 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 13:18:57.0578 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/13 13:18:58.0078 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/13 13:18:58.0531 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 13:18:59.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 13:18:59.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 13:19:00.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 13:19:00.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 13:19:01.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 13:19:01.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 13:19:02.0062 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/13 13:19:02.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 13:19:03.0078 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/13 13:19:03.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 13:19:04.0078 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/13 13:19:04.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 13:19:05.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 13:19:05.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 13:19:05.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 13:19:06.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 13:19:06.0953 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 13:19:07.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 13:19:08.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 13:19:08.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 13:19:09.0562 nv (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/13 13:19:10.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 13:19:10.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 13:19:11.0359 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/13 13:19:11.0828 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/13 13:19:12.0781 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/13 13:19:13.0250 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 13:19:13.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 13:19:14.0093 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 13:19:14.0984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 13:19:15.0703 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/13 13:19:16.0546 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/11/13 13:19:18.0265 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/13 13:19:18.0687 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/13 13:19:19.0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 13:19:19.0609 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/13 13:19:20.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 13:19:20.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 13:19:20.0937 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/13 13:19:21.0406 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/13 13:19:21.0828 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/13 13:19:22.0328 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/13 13:19:22.0750 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/13 13:19:23.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/13 13:19:23.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 13:19:24.0046 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 13:19:24.0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 13:19:24.0937 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 13:19:25.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 13:19:25.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 13:19:26.0312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/13 13:19:26.0906 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 13:19:27.0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 13:19:28.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 13:19:29.0031 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/13 13:19:29.0468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/13 13:19:29.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 13:19:30.0812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/13 13:19:31.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/13 13:19:31.0875 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/13 13:19:32.0562 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/13 13:19:33.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 13:19:33.0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 13:19:34.0078 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 13:19:34.0625 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/11/13 13:19:35.0093 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/11/13 13:19:35.0546 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/13 13:19:36.0046 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
2010/11/13 13:19:36.0546 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
2010/11/13 13:19:37.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 13:19:37.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 13:19:37.0953 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/13 13:19:38.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/13 13:19:38.0828 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/13 13:19:39.0265 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/13 13:19:39.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 13:19:40.0359 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 13:19:40.0890 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 13:19:41.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 13:19:41.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 13:19:42.0250 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/11/13 13:19:42.0687 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/11/13 13:19:43.0140 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/11/13 13:19:43.0578 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2010/11/13 13:19:43.0984 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/11/13 13:19:44.0453 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/11/13 13:19:44.0812 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/11/13 13:19:45.0218 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/11/13 13:19:45.0687 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/11/13 13:19:46.0156 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/13 13:19:46.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 13:19:47.0078 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/13 13:19:47.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 13:19:48.0234 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/13 13:19:48.0703 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 13:19:49.0234 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 13:19:49.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 13:19:50.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/13 13:19:50.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 13:19:51.0078 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 13:19:51.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 13:19:51.0968 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/13 13:19:52.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/13 13:19:52.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 13:19:53.0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 13:19:54.0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 13:19:54.0906 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/13 13:19:55.0406 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/13 13:19:55.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/13 13:19:56.0703 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 13:19:57.0046 ================================================================================
2010/11/13 13:19:57.0046 Scan finished
2010/11/13 13:19:57.0046 ================================================================================

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:37 PM

Posted 13 November 2010 - 02:43 PM

Can you please rerun Rootkit Unhooker and post me the new log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:37 PM

Posted 22 November 2010 - 06:38 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users