Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware - All Media Players, Java, Others = CPU Overload


  • This topic is locked This topic is locked
18 replies to this topic

#1 Dinosaur58

Dinosaur58

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 December 2010 - 11:03 AM

Symptoms:
All media players [MPC, MPC-HC, Zoom, WMP, Realplayer] Push the system to 50%-100% on All media files [flv, avi, mp3, etc]. The same is true for ConvertX2DVD. For the aformentioned it is possible [with patience] to recover the system by using TaskManager to stop the process. When viewing Java intensive websites [eg. http://www.java.com/en/download/installed.jsp -Java Test page] or Trying to open the Java console from Control Panel, System Freezes completely requiring Manual reboot. Temporary system hang [Cursor funtional] and/or Explorer CPU 50%[Stays until Explorer restarted with TaskManager] when Highlighting media files.
Problems Reproduceable Always
Other Info:
This is a 'seasoned' system, running smoothly until a reboot on 12/18. I am neither a power user nor a noob. No new problem hardware in Hardware Manager. No Memory overload. No new Services. No new .dlls found by Explorer. No Error Messages. Other sofware [including Still image viewers for .jpg, .pdf, etc] works fine with no system bog-down for indefinite up time. Tower case is kept open and blown out with 'canned air' regularly. Processor fins and power supply box warm but not HOT.
Recent changes:
Added Firefox extensions - Illimitux [Streaming video timeout remover - requires Cacaoweb P2P app], and Karbon [Streaming Media downloader]. All removed [didn't work + found better alternate source]. Problem occurred 1st reboot after removal.
Actions taken:
Restore with System Restore Point before problems [successful restore, but didn't help], Scan with: AdAware, Spybot, MBAM, TrendMicro Housecall, Sophos Antirootkit, HijackThis (I scan regularly to watch changes), Avira AntiV, RootkitReveal (scan Only -aborted @ Cleanup stage)], CHCDSK [Autorun on Manual Reboot], Run JavaRa and install latest Jre, Run RKill, Defrag.
All scans essentially clean - no new hits, no serious hits. I have searched the Web, but cannot find this particular problem or any solution that is not already implemented or inapplicable.
WWWWWWWWWWWWWWWWWWWWWWWWWWWWW

DDS (Ver_10-12-12.02) - FAT32x86
Run by Administrator at 3:34:17.57 on Tue 12/21/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1237 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Administrator.COMPUTER\My Documents\Temp\AntiV\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
mRun: [nwiz] nwiz.exe /install
mRun: [atwtusb] atwtusb.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoLogoff = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: authentication packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.com\applic~1\mozilla\firefox\profiles\bvvl5608.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-21 64288]
R1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-7-1 22528]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-12-13 3968]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-30 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-30 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-30 61960]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2007-12-20 3744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2007-12-20 3904]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-8-31 36224]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-9-22 50944]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S2 MDP100;MDP100 Video Capture;c:\windows\system32\drivers\MDP100_XP.sys [2007-4-15 611360]
S2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys --> c:\windows\system32\drivers\portd2k.sys [?]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-8-31 134912]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]

=============== Created Last 30 ================

2010-12-21 09:29:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-21 09:29:03 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 09:25:16 -------- d-----w- c:\docume~1\admini~1.com\locals~1\applic~1\Sunbelt Software
2010-12-21 09:24:42 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-21 09:24:28 -------- d-----w- c:\program files\Lavasoft
2010-12-19 22:13:35 -------- d-----w- c:\docume~1\admini~1.com\applic~1\Avira
2010-12-19 21:03:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-19 21:03:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-16 19:03:06 -------- d-----w- c:\docume~1\admini~1.com\applic~1\CACAOWEB

==================== Find3M ====================

2010-12-20 04:34:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-20 04:34:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 09:41:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-10 09:41:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2004-04-09 22:13:00 114688 ----a-w- c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe

============= FINISH: 3:34:59.06 ===============

WWWWWWWWWWWWWWWWWWWWWWWWW
I know it's close to Christmas and this really only interferes with my A/V hobby, so I'll understand if it takes a while to get back to me. Thanks Mole

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 30 December 2010 - 06:28 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 30 December 2010 - 01:57 PM

Elise, Thank you for your help with these problems. The original post on 12/21 had a good description of my problems and actions taken [at end of Quote find NEW symptoms and actions].
"--------------------
Symptoms:
All media players [MPC, MPC-HC, Zoom, WMP, Realplayer] Push the system to 50%-100% on All media files [flv, avi, mp3, etc]. The same is true for ConvertX2DVD. For the aformentioned it is possible [with patience] to recover the system by using TaskManager to stop the process. When viewing Java intensive websites [eg. http://www.java.com/en/download/installed.jsp -Java Test page] or Trying to open the Java console from Control Panel, System Freezes completely requiring Manual reboot. Temporary system hang [Cursor funtional] and/or Explorer CPU 50%[Stays until Explorer restarted with TaskManager] when Highlighting media files.
Problems Reproduceable Always
Other Info:
This is a 'seasoned' system, running smoothly until a reboot on 12/18. I am neither a power user nor a noob. No new problem hardware in Hardware Manager. No Memory overload. No new Services. No new .dlls found by Explorer. No Error Messages. Other sofware [including Still image viewers for .jpg, .pdf, etc] works fine with no system bog-down for indefinite up time. Tower case is kept open and blown out with 'canned air' regularly. Processor fins and power supply box warm but not HOT.
Recent changes:
Added Firefox extensions - Illimitux [Streaming video timeout remover - requires Cacaoweb P2P app], and Karbon [Streaming Media downloader]. All removed [didn't work + found better alternate source]. Problem occurred 1st reboot after removal.
Actions taken:
Restore with System Restore Point before problems [successful restore, but didn't help], Scan with: AdAware[update Version], Spybot, MBAM, TrendMicro Housecall, Sophos Antirootkit, HijackThis (I scan regularly to watch changes), Avira AntiV, RootkitReveal (scan Only -aborted @ Cleanup stage)], CHCDSK [Autorun on Manual Reboot], Run JavaRa and install latest Jre, Run RKill, Defrag.
All scans essentially clean - no new hits, no serious hits. I have searched the Web, but cannot find this particular problem or any solution that is not already implemented or inapplicable.
---------------------"
New Symptoms: On most recent boot Explorer.exe did not load properly, leaving some icons appearing as 'Generic' and taskbar non-functional. Explorer.exe did not appear in Taskmanager processes. Avira [my primary/realtime protection] does not appear in the quicklaunch box, although the following processes DO appear in Taskmanager: avshadow.exe, avguard.exe, sched.exe. Avira avcenter.exe will NOT load.

New Actions taken: Start Explorer.exe manually from Taskmanager [restores most Explorer realted funtion- tooltip balloons on taskbar for quicklaunch box items and Start Button appear Behind Taskbar]. Slipstream Win XP install disk with SP2 and Run 'SFC /SCANNOW' [results: no improvement in system funtion].
Note: I have not rebooted system since for fear of providing additional opportunity for spread of malware.
Thanks again for your help. Logs follow.
WWWWWWWWWWWWWWWWWWWWWWWWWWWWW
OTL logfile created on: 12/30/2010 10:52:21 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 65.40 Gb Free Space | 58.52% Space Free | Partition Type: FAT32
Drive D: | 465.65 Gb Total Space | 150.80 Gb Free Space | 32.39% Space Free | Partition Type: FAT32
Drive E: | 149.05 Gb Total Space | 34.77 Gb Free Space | 23.33% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 193.19 Gb Free Space | 20.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/21 09:27:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/19 08:58:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\OTL-12.19.10.exe
PRC - [2010/12/03 02:05:34 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/30 18:13:28 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 18:13:18 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/13 03:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/20 17:43:50 | 000,315,392 | ---- | M] () -- C:\WINDOWS\system32\Atwtusb.exe
PRC - [2007/01/30 09:52:42 | 000,065,184 | ---- | M] (WALTOP International Corp.) -- C:\WINDOWS\system32\TBLMOUSE.EXE
PRC - [2006/04/29 06:21:30 | 000,094,208 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\VirtualCloneDrive\VCDDaemon.exe


========== Modules (SafeList) ==========

MOD - [2010/12/19 08:58:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\OTL-12.19.10.exe
MOD - [2010/11/10 02:41:40 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 01:00:00 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2004/08/04 01:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\WWMZYS.exe -- (WWMZYS)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/12/03 02:05:34 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/30 18:13:28 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 18:13:18 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) [On_Demand | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\portd2k.sys -- (portD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\1E.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.COM\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc)
DRV - [2010/12/03 02:05:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 02:05:34 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/30 18:48:26 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/30 18:13:40 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/09/22 03:59:08 | 000,050,944 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2009/09/12 13:58:08 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/09/12 13:58:08 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/09/12 13:58:04 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/09/12 13:58:02 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/08/05 12:01:36 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/17 11:11:32 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/17 01:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/16 14:16:40 | 000,031,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/15 20:17:58 | 000,611,360 | ---- | M] (MIT, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\MDP100_XP.sys -- (MDP100)
DRV - [2007/02/15 17:56:50 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/31 06:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 05:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/06/06 09:51:06 | 000,022,528 | ---- | M] (WALTOP International Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2006/02/17 11:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 11:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/02 14:11:40 | 003,841,856 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/11/20 22:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/15 00:01:14 | 000,824,512 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys -- (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2002/05/31 02:35:02 | 000,076,976 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680r.sys -- (Pnp680r)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1454471165-1979792683-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/10 02:41:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/10/23 01:12:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/10/23 01:12:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2007/10/23 01:13:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007/10/23 12:20:24 | 000,000,000 | ---D | M]

[2010/06/30 01:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Extensions
[2007/10/23 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions
[2009/09/08 00:18:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/12/19 14:41:10 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/16 11:42:28 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/12/19 14:41:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/16 11:42:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2010/12/16 11:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\extensions\flvripper@harsha(2)
[2007/10/23 17:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\OLD-dy7s965h.defalt\extensions
[2007/10/23 01:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 21:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/19 21:34:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/19 14:15:48 | 000,428,020 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 14751 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\Atwtusb.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe File not found
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-T7OQT.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = BF FF FF 03 [binary data]
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206762645578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.COMPUTER\My Documents\1A-MontyWallpaper4.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.COMPUTER\My Documents\1A-MontyWallpaper4.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/23 00:49:12 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 02:21:45 | 000,000,000 | ---D | C] -- C:\_XP
[2010/12/22 01:37:21 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/12/22 01:37:17 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/12/22 01:36:49 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/12/22 01:36:45 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/12/22 01:36:32 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/12/22 01:36:28 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/12/22 01:36:14 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/12/22 01:36:00 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/12/22 01:35:51 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/12/22 01:35:48 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/12/22 01:35:44 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/12/22 01:35:39 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/12/22 01:35:35 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/12/22 01:35:31 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/12/22 01:35:27 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/12/22 01:35:14 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/12/22 01:34:59 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/12/22 01:34:55 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/12/22 01:34:52 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/12/22 01:34:50 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/12/22 01:34:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/12/22 01:34:16 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/12/22 01:34:12 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/12/22 01:34:00 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/12/22 01:33:56 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/12/22 01:33:53 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/12/22 01:33:49 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/12/22 01:33:46 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/12/22 01:33:42 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/12/22 01:33:13 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/12/22 01:33:08 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/12/22 01:33:05 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/12/22 01:33:04 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/12/22 01:33:00 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/12/22 01:32:57 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/12/22 01:32:45 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/12/22 01:32:42 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/12/22 01:32:02 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/12/22 01:31:58 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/12/22 01:31:55 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/12/22 01:31:52 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/12/22 01:31:47 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/12/22 01:31:28 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/12/22 01:30:57 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/12/22 01:30:53 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/12/22 01:30:50 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/12/22 01:30:47 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/12/22 01:30:44 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/12/22 01:30:23 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/12/22 01:30:20 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/12/22 01:30:17 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/12/22 01:30:11 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/12/22 01:29:44 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/12/22 01:29:41 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/12/22 01:29:38 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/12/22 01:29:35 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/12/22 01:29:07 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/12/22 01:29:00 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/12/22 01:28:57 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/12/22 01:28:43 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/12/22 01:28:40 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/12/22 01:28:37 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/12/22 01:28:34 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/12/22 01:28:31 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/12/22 01:28:28 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/12/22 01:28:25 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/12/22 01:28:22 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/12/22 01:28:19 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/12/22 01:28:05 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/12/22 01:28:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/12/22 01:27:58 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/12/22 01:27:55 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/12/22 01:27:44 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/12/22 01:27:40 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/12/22 01:27:36 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/12/22 01:27:33 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/12/22 01:27:21 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/12/22 01:27:18 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/12/22 01:26:51 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/12/22 01:26:48 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/12/22 01:26:45 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/12/22 01:26:36 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/12/22 01:25:50 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/12/22 01:25:38 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/12/22 01:25:38 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/12/22 01:25:35 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/12/22 01:24:31 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/12/22 01:24:28 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/12/22 01:24:25 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/12/22 01:24:22 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/12/22 01:24:05 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/12/22 01:23:54 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/12/22 01:23:52 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/12/22 01:23:48 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/12/22 01:23:39 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/12/22 01:23:36 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/12/22 01:23:30 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/12/22 01:23:27 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/12/22 01:23:24 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/12/22 01:23:21 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/12/22 01:23:18 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/12/22 01:23:16 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/12/22 01:23:07 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/12/22 01:23:04 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/12/22 01:23:01 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/12/22 01:22:59 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/12/22 01:22:56 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/12/22 01:22:17 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/12/22 01:21:49 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/12/22 01:21:30 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/12/22 01:21:28 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/12/22 01:21:27 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/12/22 01:21:25 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/12/22 01:21:24 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/12/22 01:21:22 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/12/22 01:21:15 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/12/22 01:21:12 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/12/22 01:21:10 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/12/22 01:21:07 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/12/22 01:21:04 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/12/22 01:21:01 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/12/22 01:20:14 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/12/22 01:19:41 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/12/22 01:18:00 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/12/22 01:17:51 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/12/22 01:17:21 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/12/22 01:17:19 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/12/22 01:17:17 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/12/22 01:17:05 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/12/22 01:16:57 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/12/22 01:16:55 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/12/22 01:16:52 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/12/22 01:16:50 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/12/22 01:16:48 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/12/22 01:16:47 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/12/22 01:16:34 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/12/22 01:16:30 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/12/22 01:16:28 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/12/22 01:15:14 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/12/22 01:15:10 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/12/22 01:15:04 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/12/22 01:15:02 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/12/22 01:15:01 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/12/22 01:14:57 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/12/22 01:14:56 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/12/22 01:14:55 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/12/22 01:14:54 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/12/22 01:14:52 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/12/22 01:14:34 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/12/22 01:14:33 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/12/22 01:14:30 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/12/22 01:14:10 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/12/22 01:14:09 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/12/22 01:14:08 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/12/22 01:14:07 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/12/22 01:14:06 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/12/22 01:14:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/12/22 01:14:04 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/12/22 01:14:03 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/12/22 01:13:57 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/12/22 01:13:46 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/12/22 01:13:40 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/12/21 19:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
[2010/12/21 05:44:54 | 000,000,000 | ---D | C] -- C:\SP2
[2010/12/21 04:37:58 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/12/21 04:37:57 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/12/21 04:37:57 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/12/21 04:37:56 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/12/21 04:37:55 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/12/21 04:37:52 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/12/21 04:37:51 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/12/21 04:37:51 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/12/21 04:37:50 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/12/21 04:37:48 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/12/21 04:37:47 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/12/21 04:37:14 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/12/21 04:37:13 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/12/21 04:37:13 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/12/21 04:37:11 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/12/21 04:37:10 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/12/21 04:37:09 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/12/21 04:37:08 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/12/21 04:37:08 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/12/21 04:37:06 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/12/21 04:37:05 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/12/21 04:37:04 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/12/21 04:37:03 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/12/21 04:37:03 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/12/21 04:37:02 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/12/21 04:37:02 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/12/21 04:37:01 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/12/21 04:37:01 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/12/21 04:37:00 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/12/21 04:36:56 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/12/21 04:36:52 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/12/21 04:36:52 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/12/21 04:36:51 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/12/21 04:36:50 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/12/21 04:36:50 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/12/21 04:36:49 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/12/21 04:36:48 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/12/21 04:36:08 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/12/21 04:35:59 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/12/21 04:35:42 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/12/21 04:35:40 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/12/21 04:35:40 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/12/21 04:35:39 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/12/21 04:35:39 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/12/21 04:35:36 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/12/21 04:35:32 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/12/21 04:35:32 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/12/21 04:35:30 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/12/21 04:35:29 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/12/21 04:35:29 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/12/21 02:29:25 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/21 02:29:03 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/21 02:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER\Local Settings\Application Data\Sunbelt Software
[2010/12/21 02:24:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/21 02:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/21 02:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/12/19 15:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Avira
[2009/03/02 23:43:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\pcouffin.sys
[2007/10/23 16:35:58 | 000,114,688 | ---- | C] (Analog Devices.) -- C:\Program Files\NETGEAR DG632 USB Driveruninstalldrv.exe

========== Files - Modified Within 30 Days ==========

[2010/12/28 12:32:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER\defogger_reenable
[2010/12/28 12:25:34 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 02:37:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/26 22:14:26 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-T7OQT.exe
[2010/12/26 22:14:26 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-T7OQT.msg
[2010/12/26 22:14:26 | 000,000,407 | ---- | M] () -- C:\WINDOWS\is-T7OQT.lst
[2010/12/26 10:13:02 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1979792683-725345543-500.job
[2010/12/24 23:49:08 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/24 23:48:48 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1979792683-725345543-500.job
[2010/12/24 23:48:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/21 23:26:08 | 000,001,233 | ---- | M] () -- C:\XPSETUP.ibb
[2010/12/21 11:00:04 | 000,000,375 | RHS- | M] () -- C:\boot.ini
[2010/12/21 06:38:56 | 000,002,048 | ---- | M] () -- C:\Microsoft Corporation.img
[2010/12/21 02:29:04 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 08:43:02 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER\Desktop\Word 2K.lnk
[2010/12/19 22:04:48 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\vso_ts_preview.xml
[2010/12/19 14:13:54 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/19 14:13:54 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER\default.pls
[2010/12/19 11:46:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/08 05:46:38 | 002,392,764 | ---- | M] () -- C:\Documents and Settings\Administrator.COMPUTER\My Documents\toyota_camry_owners_manual_2001.rar
[2010/12/03 02:05:36 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/03 02:05:34 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/30 18:48:26 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/30 18:13:40 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2010/12/28 12:31:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\defogger_reenable
[2010/12/26 22:14:24 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-T7OQT.exe
[2010/12/26 22:14:24 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-T7OQT.msg
[2010/12/26 22:14:24 | 000,000,407 | ---- | C] () -- C:\WINDOWS\is-T7OQT.lst
[2010/12/22 01:37:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/12/22 01:37:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/12/22 01:26:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/12/22 01:26:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/12/22 01:26:23 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/22 01:22:23 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/12/22 01:20:58 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/22 01:19:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/22 01:19:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/22 01:19:47 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/22 01:18:57 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/22 01:17:58 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/12/22 01:17:54 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/12/22 01:17:49 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/12/22 01:17:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/12/22 01:17:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/12/22 01:17:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/22 01:15:00 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/12/22 01:14:59 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/12/22 01:14:58 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/12/22 01:13:40 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/21 23:22:10 | 000,001,233 | ---- | C] () -- C:\XPSETUP.ibb
[2010/12/21 22:50:24 | 000,002,048 | ---- | C] () -- C:\w2ksect.bin
[2010/12/21 22:31:40 | 000,002,048 | ---- | C] () -- C:\Microsoft Corporation.img
[2010/12/21 06:14:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/21 06:14:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/12/21 04:36:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/12/21 04:36:37 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/12/21 04:36:36 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/12/21 04:36:33 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/12/21 04:36:33 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/12/21 04:36:32 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/12/21 04:36:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/12/21 04:36:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/12/21 04:36:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/12/21 04:36:21 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/12/08 05:47:32 | 003,046,787 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\My Documents\toyota_camry_owners_manual_2001.pdf
[2010/12/08 05:46:55 | 002,392,764 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\My Documents\toyota_camry_owners_manual_2001.rar
[2010/08/31 05:25:23 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2010/08/31 03:57:14 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2010/07/20 03:12:05 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/02 01:30:38 | 000,000,128 | ---- | C] () -- C:\WINDOWS\Muxman.ini
[2010/06/02 01:22:33 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\DVDSubEdit.ini
[2010/06/01 15:23:55 | 000,018,991 | ---- | C] () -- C:\WINDOWS\System32\Vmscnt3.dll
[2010/03/24 10:54:54 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 05:51:42 | 000,072,442 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Local Settings\Application Data\updater.log
[2010/01/13 05:51:42 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Local Settings\Application Data\UserProducts.xml
[2009/09/15 06:50:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\pro DVD To MKV Converter.ini
[2009/09/15 06:48:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\DVD To MKV Converter.ini
[2009/09/15 06:43:57 | 000,000,084 | ---- | C] () -- C:\WINDOWS\AVAideDVDtomkv.ini
[2009/09/15 06:42:27 | 000,000,087 | ---- | C] () -- C:\WINDOWS\DVDtomkvconverter.ini
[2009/09/14 12:40:10 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2009/09/13 10:41:13 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2009/08/25 07:21:17 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\AutoGK.ini
[2009/08/03 23:27:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/06/17 04:20:50 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2009/06/17 03:27:52 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDIFOFilter.dll
[2009/06/06 09:37:17 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009/06/06 09:37:17 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll
[2009/06/06 09:37:17 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/05/11 11:32:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/06 01:40:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/05/06 00:56:17 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/03/02 23:45:27 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\vso_ts_preview.xml
[2009/03/02 23:44:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\pcouffin.log
[2009/03/02 23:43:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\pcouffin.cat
[2009/03/02 23:43:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\pcouffin.inf
[2009/02/18 07:34:24 | 000,001,056 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/01/28 12:50:44 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/28 12:50:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/18 05:24:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/05/28 14:01:21 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/12 07:51:24 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/17 22:29:19 | 000,001,383 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2008/03/07 10:50:28 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\counter.cfg
[2008/02/26 19:11:29 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/02/26 19:11:29 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2008/02/26 19:11:26 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2008/02/26 19:11:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2008/02/26 19:11:26 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2008/02/26 19:11:15 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2008/02/15 12:13:04 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2008/02/04 09:45:43 | 000,000,281 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2007/12/28 17:04:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/12/28 17:04:00 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/12/28 17:03:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/12/28 17:03:48 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/12/28 17:03:38 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/12/20 07:56:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2007/12/11 15:34:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/24 22:41:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/23 22:49:44 | 003,211,264 | ---- | C] () -- C:\WINDOWS\System32\d3dx9_35.dll
[2007/10/23 20:41:44 | 000,005,511 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2007/10/23 20:15:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007/10/23 20:15:25 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2007/10/23 18:40:37 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/23 17:03:27 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/10/23 15:52:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/20 04:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 04:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 04:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 04:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 04:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 04:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 04:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 04:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 04:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 04:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 04:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 04:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 04:27:16 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 04:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 04:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 04:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 04:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 04:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/09/17 01:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 01:07:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 01:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 01:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 01:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/29 11:29:36 | 001,271,296 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2006/12/29 11:29:36 | 001,015,128 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2006/12/29 11:29:36 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/12/29 11:29:34 | 000,369,152 | ---- | C] () -- C:\WINDOWS\System32\cygfreetype-6.dll
[2006/12/29 11:29:34 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\cygpng12.dll
[2006/04/19 08:19:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/11/19 15:33:48 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/11/14 14:09:16 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\op4.dll
[2005/11/14 13:09:16 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2005/11/14 13:09:06 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2005/11/14 13:08:58 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2005/11/14 13:07:18 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2005/11/14 13:07:06 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2005/11/14 13:07:02 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2003/01/24 23:26:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\zstream.dll
[2002/12/14 14:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 14:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 14:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 13:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 05:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/07/05 08:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[2002/05/17 16:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2007/10/23 01:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2007/10/23 01:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/10/23 13:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/10/23 13:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/10/23 15:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2007/10/23 01:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\montyl\Application Data\AVG7
[2007/10/23 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\montyl\Application Data\Thunderbird
[2007/10/23 14:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\montyl\Application Data\Hulubulu
[2007/10/23 14:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\montyl\Application Data\Uniblue
[2007/10/23 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\montyl\Application Data\MSNInstaller
[2007/10/23 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2007/10/23 18:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2007/10/25 20:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Film Tools
[2007/12/05 07:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2007/12/11 23:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
[2008/03/11 20:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
[2008/07/01 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tablet
[2009/05/20 16:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vsosdk
[2009/06/17 04:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/07/15 04:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2009/08/15 09:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2009/08/15 09:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VideoSpin
[2009/08/15 09:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle VideoSpin
[2009/09/12 13:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2010/01/12 02:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickMediaConverter
[2010/06/30 00:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
[2010/06/30 00:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
[2010/11/10 01:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2010/12/21 02:24:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2009/09/13 09:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Acronis
[2010/07/01 04:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Thunderbird
[2007/10/23 17:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thunderbird
[2007/12/19 23:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Propellerhead Software
[2008/03/08 20:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\SystemRequirementsLab
[2008/09/19 20:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\TeraCopy
[2009/03/02 23:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Vso
[2009/03/15 12:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/28 11:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\avidemux
[2009/05/29 10:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\ImgBurn
[2009/06/06 10:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\gtk-2.0
[2009/07/14 05:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Gaupol
[2009/07/14 06:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Jubler
[2009/07/15 03:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Photodex
[2009/07/19 08:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\IN-MEDIAKG
[2009/07/25 08:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\FontCreator
[2009/08/19 10:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\PgcEdit
[2009/08/25 07:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\AVI ReComp
[2009/09/12 08:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Leadertech
[2009/09/15 06:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\GetRightToGo
[2009/09/23 01:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Audacity
[2009/11/04 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Acronis
[2009/11/10 06:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Thinstall
[2010/01/12 02:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\CocoonSoftware
[2010/03/02 13:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Auslogics
[2010/06/09 11:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COMPUTER\Application Data\Topaz Moment
[2010/12/28 02:37:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 12/30/2010 10:52:21 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 65.40 Gb Free Space | 58.52% Space Free | Partition Type: FAT32
Drive D: | 465.65 Gb Total Space | 150.80 Gb Free Space | 32.39% Space Free | Partition Type: FAT32
Drive E: | 149.05 Gb Total Space | 34.77 Gb Free Space | 23.33% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 193.19 Gb Free Space | 20.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE" = C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\MyHD\MyIRC.exe" = C:\Program Files\MyHD\MyIRC.exe:*:Disabled:MyIRC_ALL -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22F1A5D0-A4E2-4DEE-88FB-7752B1244FFB}" = Topaz Moment PE
"{25AF1FAE-0C98-4F9A-A103-BC8CA50450A1}" = BeHappy
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}" = Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5CB3DDA0-F143-4E65-A2FA-3C95F82139D2}_is1" = Movie Story 4.5.0.1
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{648B1DD6-66BA-4048-AA07-6E849DE54795}" = ArcSoft TotalMedia Extreme
"{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67421967-2CF9-4465-968D-D4E2ABB16A65}" = EasyMPEG MX
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC5BCC32-7EAB-4555-B7DC-E7B9BF927C5C}" = NETGEAR DG632 ADSL Modem
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8B3F7C-3D31-4EF3-9E71-C37E753FB8C5}_is1" = ConvertXtoDVD 3 english manual
"abcavi_tag_editor_is1" = abcAVI
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Aiseesoft Total Video Converter_is1" = Aiseesoft Total Video Converter
"AnyDVD" = AnyDVD
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audio Video Synchronizer_is1" = Audio Video Synchronizer version 1.0.2.0
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AVI ReComp" = AVI ReComp 1.4.6
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.20
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.165
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video ReMaker_is1" = AVS Video ReMaker 2.4
"BIMPLite" = BIMP Lite 1.62
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"Bookshelf 2k" = Bookshelf 2000
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CheckIt Diagnostics" = CheckIt Diagnostics
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 3.0
"DC-Bass Source" = DC-Bass Source 1.1.1
"DirectVobSub" = DirectVobSub (remove only)
"DIVXCodec" = DivX Codec 3.1alpha release
"DivXLand Bitrate Calculator" = DivXLand Bitrate Calculator
"DropBox Image Processor" = DropBox Image Processor
"DVD Audio Ripper" = DVD Audio Ripper
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements" = EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FontCreator6_is1" = High-Logic FontCreator 6.0
"Free FLV to AVI Converter_is1" = Free FLV to AVI Converter V1.5
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"IconArt" = IconArt
"ImgBurn" = ImgBurn
"ImTOO Audio Maker" = ImTOO Audio Maker
"ImTOO DVD Ripper Platinum" = ImTOO DVD Ripper Platinum
"ImTOO DVD Subtitle Ripper" = ImTOO DVD Subtitle Ripper
"ImTOO Video Editor" = ImTOO Video Editor
"ImTOO Video Joiner" = ImTOO Video Joiner
"InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"IsoBuster_is1" = IsoBuster 2.3
"Jubler" = Jubler subtitle editor
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 2.9.8
"mmswitch" = Morgan Stream Switcher
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Movkit Batch Video Converter_is1" = Movkit Batch Video Converter 2.8.8
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (2.0.0.6)" = Mozilla Thunderbird (2.0.0.6)
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OneTouch Version 3.0" = OneTouch Version 3.0
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PaperPort 7.02" = PaperPort 7.02
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"RmTablet" = USB Tablet Manager
"SLD Codec Pack" = SLD Codec Pack
"Slideshow pro_is1" = Slideshow pro
"Slideshow XL_is1" = Slideshow XL
"SMPlayer" = SMPlayer 0.6.7
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = UnZixWin
"SubtitleCreator" = SubtitleCreator
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 1.22 Pro
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.7
"Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
"VirtualCloneDrive" = VirtualCloneDrive
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wondershare Movie Story Update trial to full_is1" = Wondershare Movie Story 4.5.0.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1
"ZoomPlayer" = Zoom Player (remove only)
"ZSoft Uninstaller" = ZSoft Uninstaller 2.4.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = QMC
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2010 07:00:12 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application avipreview.exe, version 0.0.0.2111, faulting
module avipreview.exe, version 0.0.0.2111, fault address 0x0000dfb5.

Error - 12/19/2010 02:38:27 PM | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator.COMPUTER\Application
Data\Sun\Java\jre1.6.0_23\jre1.6.0_23-pfrom20.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 12/19/2010 03:24:08 PM | Computer Name = COMPUTER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/19/2010 03:24:08 PM | Computer Name = COMPUTER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/20/2010 12:32:03 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

Error - 12/20/2010 01:31:00 AM | Computer Name = COMPUTER | Source = ESENT | ID = 490
Description = svchost (1284) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 12/21/2010 05:25:12 AM | Computer Name = COMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/21/2010 11:12:27 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application WWMZYS.exe, version 1.71.0.0, faulting module
WWMZYS.exe, version 1.71.0.0, fault address 0x0003f5fe.

Error - 12/22/2010 07:05:24 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module browseui.dll, version 6.0.2900.3698, fault address 0x0002a6a2.

Error - 12/22/2010 07:05:30 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ System Events ]
Error - 12/22/2010 06:08:17 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/22/2010 06:09:11 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/22/2010 06:09:11 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/23/2010 10:35:18 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The MDP100 Video Capture service failed to start due to the following
error: %%1058

Error - 12/23/2010 10:35:18 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The CMS PortIO Service service failed to start due to the following
error: %%2

Error - 12/24/2010 10:41:48 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The MDP100 Video Capture service failed to start due to the following
error: %%1058

Error - 12/24/2010 10:41:48 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The CMS PortIO Service service failed to start due to the following
error: %%2

Error - 12/25/2010 02:48:49 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The MDP100 Video Capture service failed to start due to the following
error: %%1058

Error - 12/25/2010 02:48:49 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The CMS PortIO Service service failed to start due to the following
error: %%2

Error - 12/28/2010 03:31:16 PM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 12
Description = The device 'ELBY CLONEDRIVE SCSI CdRom Device' (SCSI\CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.1\1&2afd7d61&0&000)
disappeared from the system without first being prepared for removal.


< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xB95FF000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6856704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 163.71 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5783552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 163.71 )
0xB91BB000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3842048 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB646F000 C:\WINDOWS\System32\Drivers\Ntfs.SYS 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB65EA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9DDC000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB9D83000 tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xB66EF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB57A6000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB914C000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB53F2000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9115000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xB8D4A000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB8DA6000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9E47000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5C4A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB35A3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB6659000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB66C7000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB65C4000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB9197000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9E8B000 Fastfat.sys 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB958D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB95C8000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6684000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB35DF000 C:\WINDOWS\System32\Drivers\ArcUdfs.SYS 135168 bytes (ArcSoft Inc., ArcSoft UDF File System Driver)
0xB66A6000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EC0000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D64000 snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0xB9D49000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB95B0000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 98304 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xB9EE0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB642F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EF8000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E74000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB90EA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5DDE000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB5B6D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9101000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB95EB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB6747000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9F10000 pnp680r.sys 77824 bytes (Silicon Image, Inc, DMA capable ATA RAID miniport driver )
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EAE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB90D9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB35CE000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA2B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA178000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB5CD6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA228000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA198000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys 53248 bytes (Eugene V. Muzychenko, Kernel-mode WDM driver)
0xBA1F8000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA138000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA218000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA208000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB9049000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xBA168000 C:\WINDOWS\System32\Drivers\ArcCD.SYS 36864 bytes (ArcSoft Inc., ArcCD.sys ReadOnly)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA288000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA268000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3A89000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xBA128000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\VClone.sys 32768 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\aiptektp.sys 24576 bytes (WALTOP International Corp., Kernel Mode Tablet Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBA3E0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA450000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA410000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA3E8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA428000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9CCD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9CF1000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB9CED000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB8D26000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB8D8A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9CE9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB957D000 C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5BE000 C:\WINDOWS\System32\Drivers\ArcRec.SYS 8192 bytes (ArcSoft Inc., File System Recognizer for ArcUdfs)
0xBA5AC000 avgarkt.sys 8192 bytes (GRISOFT, s.r.o., AVG Anti-Rootkit Driver)
0xBA5C2000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA5B8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5B0000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xBA5B6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5BA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5FE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5BC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5B4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7D3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6C9000 C:\WINDOWS\System32\DRIVERS\AvgArCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0xB8DE3000 C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys 4096 bytes
0xBA7CE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8DE1000 C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys 4096 bytes
0xBA68F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 30 December 2010 - 02:50 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 30 December 2010 - 03:33 PM

Elise,
As Avira control center would not run, and the Icon was missing from the Quicklaunch tray I tried restarting in Safe Mode to shut it down. There were no processes for Avira, but I still got a warning message from Combofix, and got This Error Message @ Stage 2 [PEV.cfxxe has encountered a problem and needs to close...]. I clicked 'OK' and Combofix continued to run. I realized afterward that I should have shut down Avira through MMC.
Here's the Log:

ComboFix 10-12-30.01 - Administrator 12/30/2010 13:11:44.17.2 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1682 [GMT -7:00]
Running from: c:\documents and settings\Administrator.COMPUTER\My Documents\Anti-Smitfraud\ComboFix12.30.10.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-22 10:45 . 2006-12-12 17:48 1440560 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-12-22 09:21 . 2010-12-22 09:21 -------- d-----w- C:\_XP
2010-12-22 08:37 . 2004-08-04 07:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-22 08:37 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-22 08:37 . 2001-08-18 05:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-22 08:37 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-22 08:37 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-22 08:35 . 2004-08-04 05:29 25471 ----a-w- c:\windows\system32\dllcache\watv10nt.sys
2010-12-22 08:34 . 2001-08-17 20:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-12-22 08:33 . 2001-08-18 05:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-12-22 08:32 . 2001-08-17 19:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-12-22 08:31 . 2001-08-18 05:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-12-22 08:30 . 2001-08-17 19:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-12-22 08:29 . 2001-08-17 19:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-12-22 08:28 . 2001-08-17 20:51 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-12-22 08:27 . 2001-08-18 05:36 26624 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2010-12-22 08:26 . 2001-08-17 20:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-12-22 08:25 . 2001-08-17 21:07 5504 ----a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-12-22 08:24 . 2001-08-17 21:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-12-22 08:23 . 2004-08-04 06:00 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2010-12-22 08:22 . 2001-08-18 05:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-12-22 08:21 . 2001-08-17 21:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2010-12-22 08:20 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\dllcache\korwbrkr.dll
2010-12-22 08:19 . 2001-08-17 20:52 16000 ----a-w- c:\windows\system32\dllcache\ini910u.sys
2010-12-22 08:18 . 2004-08-04 12:00 13463552 ----a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-12-22 08:17 . 2001-08-18 05:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2010-12-22 08:16 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-12-22 08:15 . 2001-08-18 05:36 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe
2010-12-22 08:14 . 2001-08-18 05:36 37962 ----a-w- c:\windows\system32\dllcache\divaprop.dll
2010-12-22 08:13 . 2001-08-18 05:36 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2010-12-22 05:50 . 2000-07-21 17:40 2048 ----a-w- C:\w2ksect.bin
2010-12-22 02:33 . 2010-12-22 02:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2010-12-21 13:14 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-21 12:44 . 2010-12-21 12:44 -------- d-----w- C:\SP2
2010-12-21 11:43 . 2004-08-04 06:00 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-12-21 11:36 . 2001-08-18 05:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-12-21 11:35 . 2001-08-17 20:52 12032 ----a-w- c:\windows\system32\dllcache\amsint.sys
2010-12-21 11:34 . 2001-08-17 21:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-12-21 09:29 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-21 09:29 . 2010-12-21 09:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 09:25 . 2010-12-21 09:25 -------- d-----w- c:\documents and settings\Administrator.COMPUTER\Local Settings\Application Data\Sunbelt Software
2010-12-21 09:24 . 2010-12-21 09:24 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-21 09:24 . 2010-12-21 09:24 -------- d-----w- c:\program files\Lavasoft
2010-12-21 09:24 . 2010-12-21 09:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-12-19 22:13 . 2010-12-19 22:13 -------- d-----w- c:\documents and settings\Administrator.COMPUTER\Application Data\Avira
2010-12-19 21:03 . 2010-12-19 21:03 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2008-07-20 16:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2008-07-20 16:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 04:34 . 2010-07-04 16:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 04:34 . 2009-01-12 15:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-01 01:48 . 2010-06-30 09:30 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-01 01:13 . 2010-06-30 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-10 09:41 . 2007-10-24 01:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-10 09:41 . 2007-10-24 01:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2004-04-09 22:13 . 2007-10-23 23:35 114688 ----a-w- c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-09-17 1626112]
"atwtusb"="atwtusb.exe" [2007-03-21 315392]
"Tweak UI"="TWEAKUI.CPL" [1997-11-08 87312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk.disabled]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MyIRC.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\MyIRC.lnk
backup=c:\windows\pss\MyIRC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^DOCUME~1^ADMINI~1.COM^Start Menu^Programs^Startup^QuickShelf 2000.lnk]
path=c:\docume~1\ADMINI~1.COM\Start Menu\Programs\Startup\QuickShelf 2000.lnk
backup=c:\windows\pss\QuickShelf 2000.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-10 03:14 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-04-10 03:23 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 09:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 18:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-01-16 23:31 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-10 03:11 2595792 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" /s
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"SoundMan"=SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/21/2010 02:29 AM 64288]
R1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [7/1/2008 10:33 PM 22528]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/30/2010 02:30 AM 135336]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [12/20/2007 04:11 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CHECKIT\DIAGNO~1\MAPMEM.sys [12/20/2007 04:11 AM 3904]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [8/31/2010 03:43 AM 36224]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [9/22/2009 03:59 AM 50944]
S2 MDP100;MDP100 Video Capture;c:\windows\system32\drivers\MDP100_XP.sys [4/15/2007 08:17 PM 611360]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 02:05 AM 1389400]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 02:05 AM 15264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1E.tmp --> c:\windows\system32\1E.tmp [?]
S3 WWMZYS;WWMZYS;c:\docume~1\ADMINI~1.COM\LOCALS~1\Temp\WWMZYS.exe --> c:\docume~1\ADMINI~1.COM\LOCALS~1\Temp\WWMZYS.exe [?]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [8/31/2010 03:43 AM 134912]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 04:31 PM 161064]

--- Other Services/Drivers In Memory ---

*Deregistered* - ArcRec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1979792683-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-21 01:32]

2010-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1979792683-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-21 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\bvvl5608.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\real\realplayer\update\realsched.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 13:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1979792683-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08437B63-CA86-7C11-1E25-5A214BD5C952}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnllihdbjplkgkdpkebpdfihejcgiaodb"=hex:61,62,6c,65,69,61,66,69,69,68,6d,65,
63,6d,6c,6e,63,67,63,66,6d,6a,6b,63,64,6d,67,61,68,66,62,70,65,61,00,00
"bbnllihdbjplkgkdpkfbdachibjdfkjonkac"=hex:61,62,67,67,63,64,64,61,65,69,68,62,
66,6d,63,70,63,64,65,68,6d,67,6e,6c,65,67,6a,6e,70,67,6e,6d,6f,63,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2010-12-30 13:21:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 20:21
ComboFix2.txt 2010-07-22 19:01

Pre-Run: 70,173,196,288 bytes free
Post-Run: 70,038,913,024 bytes free

- - End Of File - - 4207D0E4F0E382D3299ADAC789A7F9D8

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 30 December 2010 - 03:51 PM

How are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 December 2010 - 10:16 AM

Elise, Sorry about the delay. I tested my system relative to the problems that I had listed. A system 'hang' during testing required a Power Down. When I booted my system back up I found that I was unable to reach bleepingcomputer.com due to server response timeout. I checked with downforeveryoneorjustme.com which gave an error message "Huh? http://q doesn't look like a site on the interwho." It seems the malware was redirecting me away from bleepingcomputer.com. I assigned bleepingcomputer.com to the correct IP address in my HOSTS file, but I was still unable to connect. I left my system running. I just now returned from work to find that I can connect again [thank goodness]. The tests I ran on media files and JAVA showed no improvement. What next? Dinosaur

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 31 December 2010 - 10:43 AM

Since you mentioned things were running fine until 12/18, did you try to do a System Restore to before this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 December 2010 - 10:58 AM

As mentioned under 'Actions Taken' above I completed a successful system restore to 12/16, but this did not have any positive effect.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 31 December 2010 - 02:28 PM

Sorry, I must have overlooked that. I highly doubt this is malware, but better safe than sorry, lets do another rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 December 2010 - 03:55 PM

Elise, tdsskiller found nothing. I forgot to mention that since running Combofix Avira antivirus tray icon has returned and is funtional to disable realtime protection, but Avira control center still bogs system to 90-100% CPU. JAVA still hangs system at 100% CPU. All Media Players with all media [Audio and Video] Bog system 90-100% CPU. Adobe Photoshop still works fine.

#12 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 December 2010 - 05:04 PM

Gotta hit the sack. Back tomorrow after work [~9:30am EST]. Sure hope my Memory or CPU are not going out. Thanks, Dinosaur

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 01 January 2011 - 04:50 AM

Strange, I thought I posted a reply to this topic, but it seems to have disappeared. :o

Did you try to uninstall/reinstall avira? This often is the simplest solution to fix security software problems.

Can you boot in Safe mode with Networking and see how things are running there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Dinosaur58

Dinosaur58
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 01 January 2011 - 11:58 AM

Elise, Got It! Deleted Avira antivirus. Had to do it in Safe Mode. Just out of curiosity I tested the other broken components. They seemed to be working, so rebooted into normal mode and voila! Everything [media, JAVA, and ConvertX] worked normally. Reinstalled Avira and all problems returned. A while back Avira updated the program, and something must be incompatible with my system. Too bad, I switched from AVG to Avira when AVG became too system heavy and bogged down my system. Now I'll have to look elsewhere. I don't suppose you could recommend a free Antivirus [or pay antivirus that once purchased updates free indefinitely] that is light on the system the way AVG used to be and Avira still is [Avira protection currently runs fine but generates interoperability problems]. Dinosaur

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:42 AM

Posted 01 January 2011 - 12:28 PM

In that case you may want to try Avast, which is quite light on resources.

Link

I'm using Avira myself, and usually it runs pretty fine, but unfortunately sometimes things go wrong.

Please let me know if there is any problem left.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users