Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fatal System Error after winlogon.exe virus


  • This topic is locked This topic is locked
28 replies to this topic

#1 budeman

budeman

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 03 January 2011 - 05:05 PM

A few days ago I had a warning on my Avira saying that I had a winlogon.exe threat/virus, an explorer.exe threat/virus and one other that I can't remember.

I rebooted and started in safe mode, ran a full Malwarebytes scan - it found a couple of viruses and so I removed them.
When I restarted there were no icons, taskbar or start button on my desktop so I decided to try a system restore to a date a week ago.
Once this took place I then got the blue screen and the fatal system error – I get the same when I start in Safe mode and Last known good configuration.

So far all I can do is load with Hirens boot CD (I don’t have a Windows CD as I bought the Laptop – Thinkpad T43 secondhand) and can boot Mini Windows XP from that.

From this I ran SuperAntiSpyware and it found a few items that I have got rid of. When I try and run Malwarebytes I get a 'Run-time error '0'' and then RTE 440.

I have also ran CCleaner and this found a number of dodgy registry items which I cleaned (and backed up)

Restarted again but still nothing in normal mode, safe mode or last known good configuration.

Any help would be greatly appreciated.

Thanks,

Mark.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 04:14 AM

Hi Mark,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more. Thank you.

The failed system restore has complicated the problem. In fact it was easier to restore the desktop. Please make sure you don't use any registry cleaner on this computer. Because the registry cleaners remove the registry entries when there is no actual file on the system. In case a system file is removed or missing (which here probably was the case when the desktop didn't load) the vital registry entry gets removed and leaves the system none bootable.

Download Farbar Recovery Scan Tool from: http://download.bleepingcomputer.com/farbar/FRST.exe and save it to a flash drive.
  • Boot into the boot CD.
  • Either go to My Computer, open the flash drive and run FRST.exe or open the command prompt or run box, type e:\frst and press Enter.
    (Note: If the drive letter of flash drive is something else replace e with the drive letter of your flash drive).
  • When the tool opens click Yes to disclaimer.
  • Press Scan and wait.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#3 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 08:02 AM

Hi Farbar,

Many thanks for your reply regarding this. Apologies for the amendments that I have that seem to have compound the problem, I was acting from advice from a (now ex!) friend.

As mentioned in my previous post I did run the CCleaner registry cleaner - I did do a back up for this so I hope its still ok?? Ovbiously seeing your post I will not do this any more.

I have now downloaded the Recovery Scan Tool and will follow the steps mentioned when I get home (currently I am at work)

Again thanks for your assistance on this.

Regards,

Mark.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 09:09 AM

Hi Marc,

I understand many people go for system restore and I don't blame you or your friend. See if you can restore all the entries removed by CCleaner before running the tool.

#5 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 10:03 AM

Hi Farbar,

Many thanks - could you advise how to do this?

Regards,

Mark.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 11:16 AM

How did you remove those registry entries? I mean before running CCleaner did you do anything to load the registry?

#7 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 12:05 PM

No I don't think so - when I opened CCleaner I just clicked on the registry button and then 'Scan for issues' which brought up a list of items to fix which I did.

Not sure if it helps but here is a link to the conversation I had with the guy that was helping me previously.

http://forums.moneysavingexpert.com/showthread.php?t=2956408

Thanks,

Mark.

#8 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 02:04 PM

Hi Farbar,

So far I ran the scan and the log is below - although I have not restored the registry items back to the registry as I am not 100% sure how to. If you could advise if the below is correct I will do that and then re-run the scan and re-post the log.

1. Go to the folder where the cleaned up registry items were backed up and double click on them
2. It asks 'Are you sure you want to add the information in C:\programeFiles\'nameoffile'.reg to the registry?'
If I click yes then will I need to do anything else? - I am mindful of not doing anything until you say it is safe to do so.

Many thanks,

Mark.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 1.6
Ran by SYSTEM at 2011-01-04 18:34:52
Running from E:\
Microsoft Windows XP (X86) OS Language:
The current controlset is ControlSet002

========================== Registry ==========================

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)[266497 2008-06-12]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)[35760 2010-09-23]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (Adobe Systems Incorporated)[932288 2010-09-21]
HKLM\...\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)[110592 2003-08-19]
HKLM\...\Run: [TpShocks] TpShocks.exe
HKLM\...\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (IBM Corp.)[897024 2004-02-05]
HKLM\...\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()[94208 2005-04-04]
HKLM\...\Run: [TP4EX] tp4ex.exe
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)[202256 2010-08-24]
HKLM\...\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)[110592 2004-11-08]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)[512000 2004-11-08]
HKLM\...\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
HKLM\...\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)[86016 2005-03-18]
HKLM\...\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)[745472 2005-03-18]
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (IBM Corp.)[139264 2005-04-13]
HKLM\...\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe (IBM Corp.)[90112 2005-04-27]
HKLM\...\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (IBM Corp.)[217088 2005-03-23]
HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)[122939 2005-03-07]
HKLM\...\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup (UPEK Inc.)[286821 2005-04-12]
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\...\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()[208896 2005-04-13]
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)[1388544 2004-10-14]
HKLM\...\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)[860160 2004-08-06]
HKLM\...\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
HKLM\...\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe (IBM)[442368 2004-08-06]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" (Sun Microsystems, Inc.)[248552 2010-05-14]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)[421888 2010-09-08]
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)[421160 2010-09-24]
HKU\Chris Brown\...\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (Microsoft Corporation)[15360 2008-04-14]
HKU\Chris Brown\...\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)[442368 2004-08-06]
HKU\Chris Brown\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)[39408 2009-03-08]
HKU\Chris Brown\...\Winlogon: [Shell] EXPLORER.EXE
HKU\Default User\...\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)[442368 2004-08-06]
HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)[1695232 2008-04-14]
HKU\postgres\...\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)[442368 2004-08-06]
HKU\postgres\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)[1695232 2008-04-14]
HKU\postgres.IBM-25CDA5A7027\...\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)[442368 2004-08-06]
HKU\postgres.IBM-25CDA5A7027\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)[1695232 2008-04-14]
HKLM\...\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\windows\system32\sti_ci.dll,WiaCreateWizardMenu (Microsoft Corporation)[136704 2008-04-14]
HKLM\...\RunOnce: [*Restore] C:\windows\system32\restore\rstrui.exe -c (Microsoft Corporation)[380416 2008-04-14]
Winlogon: [Shell] Explorer.exe ()[x x]
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\psfus: C:\Program Files\IBM fingerprint software\psfus.dll [X]
Winlogon\Notify\QConGina: QConGina.dll (IBM Corp.)
Winlogon\Notify\tphotkey: tphklock.dll ()
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer]
Lsa: [Authentication Packages] msv1_0
urstsr.dll
Lsa: [Notification Packages] scecli
pwdmon
C:\windows\system32\srrstr.dll


==================== Drivers and Services ====================

4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
0 ACPIEC; C:\Windows\System32\DRIVERS\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation)
4 adpu160m; C:\Windows\System32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation)
3 aeaudio; C:\Windows\System32\drivers\aeaudio.sys [133200 2004-05-17] (Andrea Electronics Corporation)
3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17119 2008-05-01] (Meetinghouse Data Communications)
1 AFD; C:\Windows\System32\drivers\afd.sys [138496 2008-08-14] (Microsoft Corporation)
4 agp440; C:\Windows\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation)
4 agpCPQ; C:\Windows\System32\DRIVERS\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation)
4 Aha154x; C:\Windows\System32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation)
4 aic78u2; C:\Windows\System32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation)
4 aic78xx; C:\Windows\System32\DRIVERS\aic78xx.sys [56960 2001-08-17] (Microsoft Corporation)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
4 AliIde; C:\Windows\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.)
4 alim1541; C:\Windows\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation)
4 amdagp; C:\Windows\System32\DRIVERS\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.)
4 amsint; C:\Windows\System32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation)
1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-03-18] (IBM Corp.)
2 AntiVirScheduler; "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [68865 2008-10-15] (Avira GmbH)
2 AntiVirService; "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" [151297 2008-10-15] (Avira GmbH)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [144672 2010-08-13] (Apple Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
4 asc; C:\Windows\System32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.)
4 asc3350p; C:\Windows\System32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation)
4 asc3550; C:\Windows\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [454656 2007-04-05] (ATI Technologies Inc.)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1989120 2007-04-05] (ATI Technologies Inc.)
3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
1 avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-05-27] (Avira GmbH)
3 avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-05-27] (Avira GmbH)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-05-27] (Avira GmbH)
3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [132608 2005-03-17] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation)
2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [345376 2010-07-27] (Apple Inc.)
2 Browser; C:\Windows\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
3 btaudio; C:\Windows\System32\drivers\btaudio.sys [17408 2005-05-25] (Broadcom Corporation)
3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30299 2005-05-25] (Broadcom Corporation)
0 BTKRNL; C:\Windows\System32\drivers\btkrnl.sys [1241818 2005-05-25] (Broadcom Corporation)
2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [163840 2005-05-25] (Broadcom Corporation)
3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148040 2005-05-25] (Broadcom Corporation)
3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [55288 2005-05-25] (Broadcom Corporation)
4 cbidf; C:\Windows\System32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation)
4 cd20xrnt; C:\Windows\System32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation)
4 Cdfs; C:\Windows\System32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
1 Cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
3 CmdIde; C:\Windows\System32\DRIVERS\cmdide.sys [6656 2001-08-17] (CMD Technology, Inc.)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [5120 2008-04-14] (Microsoft Corporation)
4 Cpqarray; C:\Windows\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
4 dac2w2k; C:\Windows\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation)
4 dac960nt; C:\Windows\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-14] (Microsoft Corp., Veritas Software)
4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
0 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.)
2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [45568 2008-04-14] (Microsoft Corporation)
3 Dot3svc; C:\Windows\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
4 dpti2o; C:\Windows\System32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
0 drvmcdb; C:\Windows\System32\drivers\drvmcdb.sys [88080 2005-02-02] (Sonic Solutions)
2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions)
3 E100B; C:\Windows\System32\DRIVERS\e100b325.sys [117760 2001-08-17] (Intel Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
2 EGATHDRV; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5427 2005-04-27] (IBM Corporation)
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [86016 2005-02-18] (Intel Corporation)
4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
3 Fdc; C:\Windows\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
3 Flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
2 gupdate1c9f807ce2011bc; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-06-28] (Google Inc.)
3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [137200 2009-03-08] (Google)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
4 hpn; C:\Windows\System32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation)
3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [207616 2005-01-25] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1038208 2005-01-25] (Conexant Systems, Inc.)
3 HTTP; C:\Windows\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
1 i2omgmt; C:\Windows\System32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation)
4 i2omp; C:\Windows\System32\DRIVERS\i2omp.sys [18560 2008-04-13] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
2 IBM Rapid Restore Ultra Service; "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe" [385024 2005-04-27] ()
2 ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys [63616 2005-04-27] (IBM)
3 IBMPMDRV; C:\Windows\System32\DRIVERS\ibmpmdrv.sys [12944 2004-11-05] (IBM Corp.)
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [57344 2004-11-05] ()
1 IBMTPCHK; C:\Windows\System32\drivers\IBMBLDID.SYS [2432 2005-03-18] ()
3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [69632 2005-11-14] (Macrovision Corporation)
3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [881664 2008-07-29] (Microsoft Corporation)
1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
4 ini910u; C:\Windows\System32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation)
4 IntelIde; C:\Windows\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
1 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
3 IpNat; C:\Windows\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [820008 2010-09-24] (Apple Inc.)
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
2 irda; C:\Windows\System32\DRIVERS\irda.sys [88192 2008-04-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [28160 2008-04-14] (Microsoft Corporation)
0 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
1 Kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
2 lanmanserver; C:\Windows\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
2 lanmanworkstation; C:\Windows\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
2 LmHosts; C:\Windows\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [13059 2004-03-17] (Conexant)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
3 Modem; C:\Windows\System32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
1 Mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
4 mraid35x; C:\Windows\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.)
3 MRxDAV; C:\Windows\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
1 MRxSmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [455680 2010-02-24] (Microsoft Corporation)
3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
3 MSIServer; C:\WINDOWS\system32\msiexec.exe /V [78848 2008-04-14] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\Mup.sys [105344 2008-04-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [10112 2008-04-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [132096 2008-07-29] (Microsoft Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [28672 2008-04-13] (National Semiconductor Corporation)
4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-04] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
0 PartMgr; C:\Windows\System32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
4 ParVdm; C:\Windows\System32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation)
3 PcdrNdisuio; C:\Windows\System32\DRIVERS\pcdrndisuio.sys [12416 2005-02-02] (Windows ® 2000 DDK provider)
0 PCI; C:\Windows\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
0 PCIIde; C:\Windows\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
0 Pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
4 perc2; C:\Windows\System32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation)
4 perc2hib; C:\Windows\System32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [7012 2000-06-01] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
1 Processor; C:\Windows\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation)
2 ProtectedStorage; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
3 psadd; \??\C:\WINDOWS\system32\Drivers\psadd.sys [13184 2008-05-01] (IBM Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43528 2008-11-21] (Sonic Solutions)
3 QCNDISIF; C:\Windows\System32\drivers\qcndisif.SYS [12288 2005-03-18] (IBM Corporation.)
2 QCONSVC; C:\Windows\System32\QCONSVC.EXE [77824 2005-03-18] (IBM Corp.)
4 ql1080; C:\Windows\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation)
4 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation)
4 ql12160; C:\Windows\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation)
4 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation)
4 ql1280; C:\Windows\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation)
1 RapportCerberus_19917; \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [34792 2010-10-03] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [59240 2010-10-03] (Trusteer Ltd.)
2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [767208 2010-10-03] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [169320 2010-10-03] (Trusteer Ltd.)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation)
1 Rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation)
3 rdpdr; C:\Windows\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [139656 2008-04-14] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [139264 2005-02-18] (Intel Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
2 RemoteRegistry; C:\Windows\System32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)
2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [360521 2005-02-18] (Intel Corporation )
2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11354 2004-10-15] (Intel Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
3 sea1bus; C:\Windows\System32\DRIVERS\sea1bus.sys [61536 2007-02-08] (MCCI)
3 sea1mdfl; C:\Windows\System32\DRIVERS\sea1mdfl.sys [9360 2007-02-08] (MCCI)
3 sea1mdm; C:\Windows\System32\DRIVERS\sea1mdm.sys [97088 2007-02-08] (MCCI)
3 sea1mgmt; C:\Windows\System32\DRIVERS\sea1mgmt.sys [88624 2007-02-08] (MCCI)
3 sea1nd5; C:\Windows\System32\DRIVERS\sea1nd5.sys [18704 2007-02-08] (MCCI)
3 sea1obex; C:\Windows\System32\DRIVERS\sea1obex.sys [86432 2007-02-08] (MCCI)
3 sea1unic; C:\Windows\System32\DRIVERS\sea1unic.sys [90800 2007-02-08] (MCCI)
3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
2 seclogon; C:\Windows\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
3 serenum; C:\Windows\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
1 Sfloppy; C:\Windows\System32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
1 ShockMgr; C:\Windows\System32\Drivers\ShockMgr.sys [4608 2004-05-14] (IBM Corporation)
0 Shockprf; C:\Windows\System32\Drivers\Shockprf.sys [59776 2005-01-14] (IBM Corporation)
4 sisagp; C:\Windows\System32\DRIVERS\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation)
1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2005-01-21] (Microsoft Corporation)
2 SmiHlp; \??\C:\Program Files\IBM fingerprint software\smihlp.sys [3328 2005-04-12] (UPEK Inc.)
3 smwdm; C:\Windows\System32\drivers\smwdm.sys [260224 2005-02-10] (Analog Devices, Inc.)
2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
4 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
3 splitter; C:\Windows\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
3 Srv; C:\Windows\System32\DRIVERS\srv.sys [357248 2010-08-26] (Microsoft Corporation)
1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
2 stisvc; C:\Windows\System32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{C1EA6830-957F-4643-9E8E-0CC2B35ADE3F} [5120 2008-04-14] (Microsoft Corporation)
4 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.)
4 symc8xx; C:\Windows\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic)
4 sym_hi; C:\Windows\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic)
4 sym_u3; C:\Windows\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [177504 2004-11-08] (Synaptics, Inc.)
3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
3 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
1 Tcpip; C:\Windows\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [26240 2005-04-12] (UPEK Inc.)
3 TDPIPE; C:\Windows\System32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9340 2005-01-21] ()
3 TDTCP; C:\Windows\System32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2005-03-07] (Sonic Solutions)
2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2005-03-07] (Sonic Solutions)
2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2005-03-07] (Sonic Solutions)
2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2005-03-07] (Sonic Solutions)
2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [87834 2005-03-07] (Sonic Solutions)
2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2005-03-07] (Sonic Solutions)
2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2005-03-07] (Sonic Solutions)
2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [99098 2005-03-07] (Sonic Solutions)
2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2005-03-07] (Sonic Solutions)
2 Themes; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
4 TosIde; C:\Windows\System32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation)
0 TPDiskPM; C:\Windows\System32\Drivers\TPDiskPM.sys [14208 2004-12-02] (IBM Corporation)
2 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG.EXE [77824 2004-05-24] (IBM Corporation)
1 TPHKDRV; C:\Windows\System32\Drivers\TPHKDRV.sys [16370 2004-09-06] (IBM Corporation)
3 TPInput; C:\Windows\System32\DRIVERS\TPInput.sys [6016 2004-12-02] (IBM Corporation)
2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2003-07-12] ()
3 TPM11; C:\Windows\System32\DRIVERS\nsctpm11.sys [14336 2005-04-21] (National Semiconductor Corp.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2005-04-13] ()
2 TrkWks; C:\Windows\System32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [7168 2005-05-17] ()
4 Udfs; C:\Windows\System32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
4 ultra; C:\Windows\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.)
3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12800 2008-03-26] (LG Electronics Inc.)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2008-03-26] (LG Electronics Inc.)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-03-26] (LG Electronics Inc.)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
4 viaagp; C:\Windows\System32\DRIVERS\viaagp.sys [42240 2008-04-13] (Microsoft Corporation)
4 ViaIde; C:\Windows\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
0 VolSnap; C:\Windows\System32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
2 vtserver; "C:\Program Files\Common Files\Virtual Token\vtserver.exe" [40554 2005-04-12] (UPEK Inc.)
3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [3255168 2005-02-14] (Intel® Corporation)
2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
2 WebClient; C:\Windows\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
3 winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [703616 2005-01-25] (Conexant Systems, Inc.)
2 winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
3 Wmi; C:\Windows\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\WMPNetwk.exe" [913408 2006-10-18] (Microsoft Corporation)
1 WS2IFSL; C:\Windows\System32\Drivers\WS2IFSL.sys [12032 2004-08-04] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
2 wuauserv; C:\windows\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
3 WudfRd; C:\Windows\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
3 WudfSvc; C:\Windows\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
4 HidServ; [x]
3 HSF_DP; [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
2 pgsql-8.3; "C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\" [x]
2 postgresql-8.4; [x]
3 PsaSrv; [x]
4 Simbad; [x]
3 WDICA; [x]

========================= NetSvcs ============================

============ One Month Created Files and foledrs ============

2011-01-04 18:34 - 2011-01-04 18:34 - 0000000 ___DC C:\FRST
2011-01-03 21:23 - 2011-01-03 21:23 - 2145898496 __ASH C:\hiberfil.sys
2011-01-03 20:45 - 2011-01-03 20:45 - 0000262 ____A C:\Program Files\ccleanerregfiles2.reg
2011-01-03 20:44 - 2011-01-03 20:44 - 0001608 ____A C:\Program Files\ccleanerregfiles1.reg
2011-01-03 20:43 - 2011-01-03 20:44 - 0098850 ____A C:\Program Files\ccleanerregfiles.reg
2011-01-02 22:38 - 2011-01-03 00:15 - 0000000 __ADC C:\Kaspersky Rescue Disk 10.0
2010-12-30 21:58 - 2010-12-30 21:58 - 0000000 __SDC C:\ComboFix
2010-12-30 21:56 - 2010-12-30 21:56 - 0000000 ____D C:\Documents and Settings\Administrator\IETldCache
2010-12-30 21:49 - 2010-12-30 21:57 - 0000764 ____A C:\Windows\WindowsUpdate.log
2010-12-30 21:41 - 2011-01-03 21:22 - 1110712 ____A C:\Windows\ntbtlog.txt
2010-12-30 21:41 - 2010-12-30 21:58 - 0000000 ___DC C:\ComboFix(2)
2010-12-30 21:40 - 2010-12-30 21:40 - 0000156 ____A C:\Windows\wiadebug.log
2010-12-30 21:03 - 2010-12-30 21:03 - 0000000 ____D C:\Windows\ERDNT
2010-12-30 21:02 - 2010-12-30 21:03 - 0000000 ___DC C:\Qoobox
2010-12-30 18:35 - 2010-12-30 21:58 - 0000000 ____D C:\Documents and Settings\Administrator\Templates
2010-12-30 18:35 - 2010-12-30 21:58 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2010-12-30 18:35 - 2010-12-30 21:58 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\History
2010-12-30 18:35 - 2010-12-30 21:58 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-12-30 18:35 - 2010-03-09 20:00 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2010-12-30 18:35 - 2010-03-09 19:57 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2010-12-30 18:35 - 2008-05-01 00:46 - 1418614 ___AH C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
2010-12-30 18:35 - 2008-05-01 00:29 - 0000000 ____D C:\Documents and Settings\Administrator\Application Data\Sonic
2010-12-30 18:35 - 2008-05-01 00:25 - 0000136 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-12-28 21:15 - 2010-12-28 22:37 - 0012406 ____A C:\Documents and Settings\Chris Brown\Desktop\handstopost.txt
2010-12-20 09:38 - 2010-12-20 11:20 - 0002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2010-12-20 09:38 - 2010-12-20 09:38 - 0000000 ____D C:\Program Files\Common Files\Skype
2010-12-18 11:17 - 2010-12-18 11:17 - 0000000 __HDC C:\Windows\$NtUninstallKB2443105$
2010-12-18 11:17 - 2010-12-18 11:17 - 0000000 __HDC C:\Windows\$NtUninstallKB2296199$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2467659$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2443685$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2440591$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2436673$
2010-12-18 11:14 - 2010-12-18 11:14 - 0000000 __HDC C:\Windows\$NtUninstallKB2423089$
2010-12-18 10:25 - 2010-11-02 15:17 - 0040960 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ndproxy.sys
2010-12-18 10:23 - 2010-10-11 14:59 - 0045568 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\wab.exe
2010-12-04 20:15 - 2010-12-04 20:15 - 0002446 ____A C:\Documents and Settings\Chris Brown\Desktop\penelope.jpeg

============ 3 Months Modified Files and foledrs =============

2011-01-04 18:34 - 2011-01-04 18:34 - 0000000 ___DC C:\FRST
2011-01-03 21:23 - 2011-01-03 21:23 - 2145898496 __ASH C:\hiberfil.sys
2011-01-03 21:22 - 2010-12-30 21:41 - 1110712 ____A C:\Windows\ntbtlog.txt
2011-01-03 20:45 - 2011-01-03 20:45 - 0000262 ____A C:\Program Files\ccleanerregfiles2.reg
2011-01-03 20:44 - 2011-01-03 20:44 - 0001608 ____A C:\Program Files\ccleanerregfiles1.reg
2011-01-03 20:44 - 2011-01-03 20:43 - 0098850 ____A C:\Program Files\ccleanerregfiles.reg
2011-01-03 00:15 - 2011-01-02 22:38 - 0000000 __ADC C:\Kaspersky Rescue Disk 10.0
2010-12-31 03:34 - 2008-05-01 00:39 - 0000000 ____D C:\IBMSHARE
2010-12-30 22:02 - 2004-08-09 17:51 - 0000000 ____D C:\Windows\Registration
2010-12-30 22:02 - 2004-08-09 17:40 - 0000000 ____D C:\Windows\System32\wbem
2010-12-30 21:58 - 2010-12-30 21:58 - 0000000 __SDC C:\ComboFix
2010-12-30 21:58 - 2010-12-30 21:41 - 0000000 ___DC C:\ComboFix(2)
2010-12-30 21:58 - 2010-12-30 18:35 - 0000000 ____D C:\Documents and Settings\Administrator\Templates
2010-12-30 21:58 - 2010-12-30 18:35 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2010-12-30 21:58 - 2010-12-30 18:35 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\History
2010-12-30 21:58 - 2010-12-30 18:35 - 0000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-12-30 21:57 - 2010-12-30 21:49 - 0000764 ____A C:\Windows\WindowsUpdate.log
2010-12-30 21:56 - 2010-12-30 21:56 - 0000000 ____D C:\Documents and Settings\Administrator\IETldCache
2010-12-30 21:54 - 1980-01-01 07:00 - 0001170 ____A C:\Windows\System32\wpa.dbl
2010-12-30 21:40 - 2010-12-30 21:40 - 0000156 ____A C:\Windows\wiadebug.log
2010-12-30 21:39 - 2009-03-03 20:05 - 0000000 __SHD C:\Documents and Settings\Chris Brown\Local Settings\Temporary Internet Files
2010-12-30 21:39 - 2004-08-09 17:40 - 0000000 ____D C:\Windows\Debug
2010-12-30 21:32 - 2004-08-09 18:02 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2010-12-30 21:31 - 2008-05-01 00:24 - 1181504 ____A C:\Windows\System32\TPAPSLOG.LOG
2010-12-30 21:31 - 2008-05-01 00:24 - 0393984 ____A C:\Windows\System32\TPHDLOG0.LOG
2010-12-30 21:30 - 2010-10-06 19:14 - 0000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2010-12-30 21:30 - 2010-05-18 20:55 - 0000290 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-878812975-4187484619-478900231-1005.job
2010-12-30 21:30 - 2009-06-30 18:08 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2010-12-30 21:25 - 2009-04-10 07:37 - 0000434 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5A0FD79E-2C7C-4CBE-91DC-5CD438BA01D4}.job
2010-12-30 21:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At16.job
2010-12-30 21:03 - 2010-12-30 21:03 - 0000000 ____D C:\Windows\ERDNT
2010-12-30 21:03 - 2010-12-30 21:02 - 0000000 ___DC C:\Qoobox
2010-12-30 20:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At46.job
2010-12-30 20:35 - 2009-06-30 18:08 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2010-12-30 20:32 - 2010-10-24 19:11 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2010-12-30 20:32 - 2010-09-05 18:11 - 0001689 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2010-12-30 20:25 - 2010-05-25 22:25 - 0000000 __HDC C:\Windows\$NtUninstallKB981793$
2010-12-30 18:28 - 2010-08-24 21:58 - 7460646 ___AH C:\Documents and Settings\Chris Brown\Local Settings\Application Data\IconCache.db
2010-12-30 18:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At26.job
2010-12-30 18:04 - 2008-05-01 00:45 - 0000316 ____A C:\Windows\Tasks\PMTask.job
2010-12-30 00:35 - 2009-03-07 15:03 - 0000000 ____D C:\Program Files\Full Tilt Poker
2010-12-30 00:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At2.job
2010-12-29 23:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At47.job
2010-12-29 23:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At36.job
2010-12-29 22:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At45.job
2010-12-29 22:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At33.job
2010-12-29 21:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At48.job
2010-12-29 21:16 - 2010-08-16 18:00 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\HEM Data
2010-12-29 20:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At18.job
2010-12-29 20:14 - 2010-10-06 19:14 - 0000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2010-12-29 19:41 - 2009-08-27 20:56 - 0000000 ____D C:\Program Files\TableNinjaFT
2010-12-29 19:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At42.job
2010-12-29 19:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At17.job
2010-12-29 18:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At40.job
2010-12-28 22:37 - 2010-12-28 21:15 - 0012406 ____A C:\Documents and Settings\Chris Brown\Desktop\handstopost.txt
2010-12-28 21:55 - 2010-09-24 07:09 - 0001478 ____A C:\Documents and Settings\Chris Brown\Desktop\pokerstove.txt
2010-12-28 21:01 - 2009-03-17 22:21 - 0000000 ____D C:\Documents and Settings\Chris Brown\Local Settings\Application Data\In The Money
2010-12-28 20:11 - 2009-05-14 21:22 - 0003091 ____A C:\Documents and Settings\Chris Brown\popopopPreferences.xml
2010-12-28 20:07 - 2009-06-02 18:33 - 0000000 ____D C:\Documents and Settings\Chris Brown\Desktop\HH POP
2010-12-28 17:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At38.job
2010-12-28 17:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At21.job
2010-12-28 16:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At41.job
2010-12-28 11:51 - 2009-05-17 16:58 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\Skype
2010-12-28 11:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At35.job
2010-12-28 11:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At11.job
2010-12-28 10:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At30.job
2010-12-28 10:24 - 2009-05-17 17:00 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\skypePM
2010-12-24 13:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At15.job
2010-12-24 12:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At37.job
2010-12-24 12:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At14.job
2010-12-24 10:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At7.job
2010-12-24 09:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At27.job
2010-12-24 09:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At10.job
2010-12-24 08:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At32.job
2010-12-24 08:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At12.job
2010-12-23 16:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At25.job
2010-12-23 15:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At39.job
2010-12-23 15:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At24.job
2010-12-23 14:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At43.job
2010-12-23 14:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At23.job
2010-12-23 13:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At44.job
2010-12-23 11:06 - 2010-03-06 15:11 - 0000062 __ASH C:\Documents and Settings\postgres.IBM-25CDA5A7027\Local Settings\desktop.ini
2010-12-23 11:06 - 2009-03-03 20:05 - 0000062 __ASH C:\Documents and Settings\Chris Brown\Local Settings\desktop.ini
2010-12-23 11:06 - 2004-08-09 18:02 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2010-12-23 11:05 - 2004-08-09 18:02 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2010-12-22 23:04 - 2009-03-03 20:05 - 0000178 ___SH C:\Documents and Settings\Chris Brown\ntuser.ini
2010-12-21 19:08 - 2009-11-13 21:48 - 0002387 ____A C:\Documents and Settings\Chris Brown\Desktop\TableNinjaFT.lnk
2010-12-20 11:20 - 2010-12-20 09:38 - 0002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2010-12-20 09:39 - 2010-10-22 15:25 - 0000000 _SHDC C:\Config.Msi
2010-12-20 09:39 - 2009-05-17 16:58 - 0000000 ___RD C:\Program Files\Skype
2010-12-20 09:38 - 2010-12-20 09:38 - 0000000 ____D C:\Program Files\Common Files\Skype
2010-12-20 09:38 - 2010-09-08 19:48 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2010-12-19 14:53 - 2010-05-18 20:55 - 0000298 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-878812975-4187484619-478900231-1005.job
2010-12-19 10:45 - 2009-03-07 20:33 - 0000000 ____D C:\Program Files\PokerStars
2010-12-18 14:36 - 2004-08-09 17:45 - 0117360 ____A C:\Windows\System32\FNTCACHE.DAT
2010-12-18 11:17 - 2010-12-18 11:17 - 0000000 __HDC C:\Windows\$NtUninstallKB2443105$
2010-12-18 11:17 - 2010-12-18 11:17 - 0000000 __HDC C:\Windows\$NtUninstallKB2296199$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2467659$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2443685$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2440591$
2010-12-18 11:16 - 2010-12-18 11:16 - 0000000 __HDC C:\Windows\$NtUninstallKB2436673$
2010-12-18 11:16 - 2009-03-08 19:17 - 0232210 ____A C:\Windows\System32\TZLog.log
2010-12-18 11:16 - 2008-05-01 00:09 - 0000000 ___HD C:\Windows\$hf_mig$
2010-12-18 11:14 - 2010-12-18 11:14 - 0000000 __HDC C:\Windows\$NtUninstallKB2423089$
2010-12-18 11:14 - 2009-03-08 19:21 - 37366216 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2010-12-18 11:14 - 2004-08-09 17:52 - 0000000 ____D C:\Program Files\Outlook Express
2010-12-15 07:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At20.job
2010-12-12 15:57 - 2009-08-08 15:25 - 0000000 ____D C:\Program Files\Mozilla Firefox
2010-12-04 20:15 - 2010-12-04 20:15 - 0002446 ____A C:\Documents and Settings\Chris Brown\Desktop\penelope.jpeg
2010-11-21 15:28 - 2010-09-08 20:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2010-11-21 15:28 - 2010-05-18 20:54 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\Real
2010-11-18 18:12 - 2010-11-18 18:12 - 0081920 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\isign32.dll
2010-11-18 18:12 - 2004-08-09 17:52 - 0081920 ____A (Microsoft Corporation) C:\Windows\System32\isign32.dll
2010-11-09 08:33 - 2010-11-09 08:33 - 0001613 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2010-11-08 21:45 - 2010-11-07 10:58 - 0001900 ___AC C:\Windows\ModemLog_ThinkPad Integrated 56K Modem.txt
2010-11-08 21:32 - 2010-11-07 16:01 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\Apple Computer
2010-11-07 22:49 - 2010-11-07 22:49 - 0007017 ____A C:\Documents and Settings\Chris Brown\Desktop\dress.htm
2010-11-07 22:49 - 2010-11-07 22:49 - 0000000 ____D C:\Documents and Settings\Chris Brown\Desktop\dress_files
2010-11-07 17:22 - 2009-06-27 14:51 - 0000000 ____D C:\Program Files\Common Files\Teleca Shared
2010-11-07 16:14 - 2010-11-07 16:14 - 0018120 ___AH C:\Windows\System32\mlfcache.dat
2010-11-07 16:01 - 2010-11-07 15:57 - 0000000 ____D C:\Documents and Settings\Chris Brown\Local Settings\Application Data\Apple Computer
2010-11-07 16:01 - 2009-03-03 20:05 - 0000000 ___RD C:\Documents and Settings\Chris Brown\My Documents\My Music
2010-11-07 16:00 - 2010-11-07 15:59 - 0000000 ____D C:\Program Files\iTunes
2010-11-07 16:00 - 2010-11-07 15:59 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-07 15:59 - 2010-11-07 15:59 - 0000000 ____D C:\Program Files\iPod
2010-11-07 15:59 - 2010-11-07 15:58 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-11-07 15:59 - 2010-11-07 15:57 - 0000000 ____D C:\Program Files\Common Files\Apple
2010-11-07 15:59 - 2010-07-06 07:20 - 0000000 ____D C:\Program Files\QuickTime
2010-11-07 15:58 - 2010-11-07 15:58 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2010-11-07 15:58 - 2010-11-07 15:58 - 0000000 ____D C:\Program Files\Apple Software Update
2010-11-07 15:58 - 2010-11-07 15:58 - 0000000 ____D C:\Documents and Settings\Chris Brown\Local Settings\Application Data\Apple
2010-11-07 15:57 - 2010-11-07 15:57 - 0000000 ____D C:\Program Files\Bonjour
2010-11-07 15:57 - 2010-11-07 15:57 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2010-11-07 15:18 - 2010-09-08 21:19 - 0001740 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
2010-11-07 15:18 - 2010-09-08 19:50 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-06 00:26 - 2010-06-10 15:16 - 0743424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2010-11-06 00:26 - 2009-06-11 06:39 - 0247808 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2010-11-06 00:26 - 2009-06-11 06:39 - 0012800 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2010-11-06 00:26 - 2009-03-08 19:27 - 1991680 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2010-11-06 00:26 - 2009-03-08 19:27 - 11080704 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2010-11-06 00:26 - 2009-03-08 19:27 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2010-11-06 00:26 - 2009-03-08 19:27 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2010-11-06 00:26 - 2009-03-08 18:46 - 0916480 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2010-11-06 00:26 - 2009-03-08 18:46 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2010-11-06 00:26 - 2009-03-08 18:46 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2010-11-06 00:26 - 2009-03-08 18:46 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2010-11-06 00:26 - 2009-03-08 18:45 - 5959168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2010-11-06 00:26 - 2009-03-08 18:45 - 1210880 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2010-11-06 00:26 - 2009-03-08 18:45 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2010-11-06 00:26 - 2007-08-13 18:54 - 11080704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2010-11-06 00:26 - 2007-08-13 18:54 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2010-11-06 00:26 - 2007-08-13 18:54 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2010-11-06 00:26 - 2007-08-13 18:45 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2010-11-06 00:26 - 2007-08-13 18:44 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2010-11-06 00:26 - 2007-08-13 18:44 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2010-11-06 00:26 - 2007-08-13 18:39 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2010-11-06 00:26 - 2007-08-13 18:34 - 1991680 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 5959168 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2010-11-06 00:26 - 1980-01-01 07:00 - 1210880 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2010-11-06 00:26 - 1980-01-01 07:00 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2010-11-05 19:44 - 2009-05-07 19:09 - 0000000 ____D C:\Program Files\TableNinja
2010-11-03 13:12 - 2008-10-22 09:47 - 0046080 ____N (Microsoft Corporation) C:\Windows\System32\tzchange.exe
2010-11-03 12:26 - 2007-08-13 18:39 - 0173568 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2010-11-03 12:26 - 1980-01-01 07:00 - 0173568 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2010-11-03 12:25 - 1980-01-01 07:00 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2010-11-02 15:17 - 2010-12-18 10:25 - 0040960 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ndproxy.sys
2010-11-02 15:17 - 1980-01-01 07:00 - 0040960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2010-10-31 12:32 - 2004-08-09 17:46 - 0521766 ____A C:\Windows\System32\PerfStringBackup.INI
2010-10-31 12:32 - 1980-01-01 07:00 - 0441692 ____A C:\Windows\System32\perfh009.dat
2010-10-31 12:32 - 1980-01-01 07:00 - 0071462 ____A C:\Windows\System32\perfc009.dat
2010-10-30 00:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At19.job
2010-10-30 00:21 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At1.job
2010-10-29 23:39 - 2010-09-05 13:04 - 0000400 ____A C:\Windows\Tasks\At13.job
2010-10-28 13:13 - 2010-04-20 05:30 - 0290048 ____N (Adobe Systems Incorporated) C:\Windows\System32\dllcache\atmfd.dll
2010-10-28 13:13 - 1980-01-01 07:00 - 0290048 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2010-10-27 21:23 - 2009-03-03 20:05 - 0000000 ___RD C:\Documents and Settings\Chris Brown\My Documents
2010-10-26 13:25 - 2009-03-08 18:45 - 1853312 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2010-10-26 13:25 - 1980-01-01 07:00 - 1853312 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2010-10-25 17:24 - 2008-05-01 00:09 - 0000000 ____D C:\Windows\Microsoft.NET
2010-10-25 16:58 - 2010-03-06 15:11 - 0000178 __SHC C:\Documents and Settings\postgres.IBM-25CDA5A7027\ntuser.ini
2010-10-25 16:56 - 2009-05-08 22:38 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2010-10-24 21:32 - 2010-10-24 21:32 - 0000000 __HDC C:\Windows\$NtUninstallKB975558_WM8$
2010-10-24 21:32 - 2010-10-24 21:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2387149$
2010-10-24 21:32 - 2010-10-24 21:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2345886$
2010-10-24 21:32 - 2010-10-24 21:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2296011$
2010-10-24 21:32 - 2010-10-24 21:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2279986$
2010-10-24 21:32 - 2010-10-24 21:32 - 0000000 __HDC C:\Windows\$NtUninstallKB2259922$
2010-10-24 21:32 - 2010-10-24 21:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2378111_WM9$
2010-10-24 21:31 - 2010-10-24 21:31 - 0000000 __HDC C:\Windows\$NtUninstallKB982132$
2010-10-24 21:31 - 2010-10-24 21:31 - 0000000 __HDC C:\Windows\$NtUninstallKB979687$
2010-10-24 21:31 - 2010-10-24 21:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2347290$
2010-10-24 21:31 - 2010-10-24 21:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2121546$
2010-10-24 21:25 - 2010-10-24 21:25 - 0000000 __HDC C:\Windows\$NtUninstallKB981322$
2010-10-24 21:23 - 2010-10-24 21:23 - 0000000 __HDC C:\Windows\$NtUninstallKB981957$
2010-10-24 21:22 - 2010-10-24 21:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2141007$
2010-10-24 21:21 - 2010-10-24 21:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2360937$
2010-10-24 21:21 - 2010-10-24 21:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2158563$
2010-10-24 20:18 - 2010-10-24 20:18 - 0000000 ____D C:\Documents and Settings\Default User\Application Data\Trusteer
2010-10-24 19:12 - 2010-10-24 19:11 - 0000000 ___HD C:\Windows\ie8
2010-10-24 19:12 - 2010-03-09 19:59 - 0000000 ____D C:\Program Files\Common Files\Adobe
2010-10-24 19:12 - 2009-03-07 16:07 - 0000000 ____D C:\Program Files\Adobe
2010-10-24 19:11 - 2010-10-24 19:11 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\SUPERAntiSpyware.com
2010-10-24 19:11 - 2010-10-23 17:11 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\SUPERAntiSpyware(3).com
2010-10-24 19:11 - 2010-10-23 14:36 - 0000000 ____D C:\Program Files\SUPERAntiSpyware(2)
2010-10-24 19:11 - 2010-10-23 14:36 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\SUPERAntiSpyware(2).com
2010-10-24 19:11 - 2010-10-23 14:06 - 0000000 ___DC C:\Windows\ie8(2)
2010-10-24 19:07 - 2010-10-24 08:37 - 0000000 ____D C:\Program Files\SUPERAntiSpyware(4)
2010-10-24 19:07 - 2010-10-24 08:37 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\SUPERAntiSpyware(4).com
2010-10-24 19:05 - 2010-10-24 19:05 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NOS
2010-10-24 19:04 - 2010-10-24 19:04 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NOS(2)
2010-10-24 19:04 - 2010-10-24 17:09 - 0000000 ___DC C:\Windows\$NtUninstallKB926139-v2$
2010-10-24 17:12 - 2009-03-08 19:21 - 0000000 ____D C:\Windows\network diagnostic
2010-10-24 17:10 - 2010-10-24 17:10 - 0000000 ____D C:\Documents and Settings\Chris Brown\Application Data\ElevatedDiagnostics
2010-10-24 17:10 - 2004-08-09 17:53 - 0000000 ___SD C:\Windows\Downloaded Program Files
2010-10-24 17:09 - 2010-10-24 17:09 - 0000000 ____D C:\Windows\System32\windowspowershell
2010-10-24 12:17 - 2010-10-03 20:43 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
2010-10-24 12:07 - 2010-10-24 12:07 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2010-10-23 17:11 - 2004-08-09 17:52 - 0000000 ____D C:\Windows\System32\Restore
2010-10-23 14:10 - 2009-03-03 20:05 - 0000082 __ASH C:\Documents and Settings\Chris Brown\My Documents\desktop.ini
2010-10-23 14:10 - 2009-03-03 20:05 - 0000000 ___RD C:\Documents and Settings\Chris Brown\My Documents\My Pictures
2010-10-23 14:10 - 2004-08-09 17:40 - 0000000 ____D C:\Windows\Media
2010-10-23 14:10 - 2004-08-09 17:40 - 0000000 ____D C:\Windows\Help
2010-10-23 13:57 - 2009-03-16 20:47 - 0000000 ____D C:\Windows\ie8updates
2010-10-22 14:39 - 2010-10-22 14:39 - 1987696 ___AC C:\Documents and Settings\Chris Brown\My Documents\Paper_F7_December_2010_OpenTuition[1].pdf
2010-10-11 14:59 - 2010-12-18 10:23 - 0045568 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\wab.exe
2010-10-06 19:13 - 2010-09-11 11:55 - 0000000 ____D C:\Documents and Settings\NetworkService\Application Data\Real
2010-10-06 19:12 - 2010-10-06 19:12 - 0000000 ___RD C:\Documents and Settings\NetworkService\My Documents\My Videos
2010-10-06 19:12 - 2010-10-06 19:12 - 0000000 ____D C:\Documents and Settings\NetworkService\My Documents
==================== Restore Points (XP) =====================

RP: -> 2010-12-30 21:57 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP59

RP: -> 2010-12-29 23:03 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP58

RP: -> 2010-12-27 11:13 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP57

RP: -> 2010-12-23 12:00 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP56

RP: -> 2010-12-21 21:49 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP55

RP: -> 2010-12-20 21:17 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP54

RP: -> 2010-12-19 15:24 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP53

RP: -> 2010-12-18 14:44 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP52

RP: -> 2010-12-18 11:13 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP51

RP: -> 2010-12-18 11:02 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP50

RP: -> 2010-12-14 21:28 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP49

RP: -> 2010-12-12 18:15 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP48

RP: -> 2010-12-10 21:15 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP47

RP: -> 2010-12-09 17:51 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP46

RP: -> 2010-12-07 20:33 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP45

RP: -> 2010-12-04 19:32 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP44

RP: -> 2010-11-28 17:37 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP43

RP: -> 2010-11-26 20:04 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP42

RP: -> 2010-11-23 21:18 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP41

RP: -> 2010-11-22 18:09 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP40

RP: -> 2010-11-21 16:31 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP39

RP: -> 2010-11-19 21:41 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP38

RP: -> 2010-11-18 19:54 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP37

RP: -> 2010-11-12 20:19 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP36

RP: -> 2010-11-10 21:11 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP35

RP: -> 2010-11-09 20:11 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP34

RP: -> 2010-11-07 16:30 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP33

RP: -> 2010-11-07 15:59 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP32

RP: -> 2010-11-07 15:01 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP31

RP: -> 2010-11-07 13:52 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP30

RP: -> 2010-11-05 19:43 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP29

RP: -> 2010-11-04 20:54 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP28

RP: -> 2010-11-02 21:10 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP27

RP: -> 2010-10-29 23:48 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP26

RP: -> 2010-10-24 21:21 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP25

RP: -> 2010-10-24 20:18 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP24

RP: -> 2010-10-24 19:03 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP23

RP: -> 2010-10-24 18:55 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP22

RP: -> 2010-10-24 17:09 - 028672 _restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP21

======================= Partitions ===========================

1 Drive b: (RamDrive) Fixed Total:0.82 GB Free:0.81 GB NTFS
2 Drive c: (IBM_PRELOAD) Fixed Total:33.16 GB Free:11.59 GB NTFS
3 Drive d: (HBCD 12.0) CDROM Total:0.35 GB Free:0 GB CDFS
4 Drive e: () Removable Total:1.86 GB Free:1.72 GB FAT32
5 Drive x: (MiniXp) Fixed Total:0.11 GB Free:0.02 GB NTFS

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 03:00 PM

I opened CCleaner I just clicked on the registry button and then 'Scan for issues' which brought up a list of items to fix which I did.

Then don't worry about this. CCleaner has done nothing to the registry as the registry was not loaded. Those items it backed up and try to remove are still on the boot CD and not removable.

I see the PC is infected. The explorer is missing and we need to see fix a few items. But now we want to check the winlogon.exe and find a good copy of explorer.

Please boot to boot CD and run FRST.
Type the following in the edit box after "Search:".

explorer.exe;winlogon.exe

Note: The file names should be separated by semicolon (;)

Click Search button and post the log it makes to your reply.

#10 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 04:02 PM

Here are the rsults of the search log.

================== Search: explorer.exe;winlogon.exe ===================

[2008-04-14 00:12] - [2008-04-14 00:12] - 1033728 ____N (Microsoft Corporation) c:\WINDOWS\ServicePackFiles\i386\explorer.exe


[2008-04-14 00:12] - [2008-04-14 00:12] - 0507904 ____C (Microsoft Corporation) c:\WINDOWS\ServicePackFiles\i386\winlogon.exe


[2009-03-09 08:38] - [2004-08-04 12:00] - 1032192 ____C (Microsoft Corporation) c:\WINDOWS\$NtServicePackUninstall$\explorer.exe


[2009-03-09 08:37] - [2004-08-04 12:00] - 0502272 ____C (Microsoft Corporation) c:\WINDOWS\$NtServicePackUninstall$\winlogon.exe


====== End Of Search ======

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 04:18 PM

We need to fix some of the entries that FRST has found.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Chris Brown\...\Winlogon: [Shell] EXPLORER.EXE
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\psfus: C:\Program Files\IBM fingerprint software\psfus.dll [X]
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\psfus: C:\Program Files\IBM fingerprint software\psfus.dll [X]
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli 
Replace: c:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\Windows\System32\winlogon.exe
Replace: c:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\Windows\System32\explorer.exe
cmd: del /a/f/q c:\windows\tasks\At*.job
c:\windows\urstsr.dll
c:\autorun.inf

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please boot into the boot CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please try to boot to Windows and tell me how it went.

#12 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 04:40 PM

Here is the fixlog.txt. Should I try and boot Windows without the Boot CD? should I try in safe mode or just normally?

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 1.6)
Ran by SYSTEM at 2011-01-04 21:37:04 R:1
Running from E:\

==============================================

HKEY_USERS\Chris Brown\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon Key deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus Key deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon Key not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus Key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\\Authentication Packages Default value restored.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\\Notification Packages Default value restored.
Could not find C:\Windows\System32\winlogon.exe.
C:\Windows\System32\winlogon.exe repleced successfully with c:\WINDOWS\ServicePackFiles\i386\winlogon.exe
Could not find C:\Windows\System32\explorer.exe.
C:\Windows\System32\explorer.exe repleced successfully with c:\WINDOWS\ServicePackFiles\i386\explorer.exe
========= del /a/f/q c:\windows\tasks\At*.job =========


========= End of CMD: =========

C:\windows\urstsr.dll not found.
C:\autorun.inf not found.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 04:50 PM

Let's run the fix once more.

We need to fix some of the entries that FRST has found.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\RunOnce: [*Restore] C:\windows\system32\restore\rstrui.exe -c (Microsoft Corporation)[380416 2008-04-14]
C:\Windows\System32\explorer.exe
Replace: c:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\Windows\winlogon.exe
Replace: c:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\Windows\explorer.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please boot into the boot CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Then boot to Windows normally.

#14 budeman

budeman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 January 2011 - 05:11 PM

YOU ARE A LEGEND!! No blue screen and all is ok!

You cannot beleive how happy I am you got this working.

1. Is there any way I can make a small donation to the site or to a charity of your choice - or to you??
2. What are the best things I can do to prevent this from happening again?
3. Where do I begin to learn how to do what you do - books/websites etc. People like you and the others on this site really are great for what you provide.

And thanks again. If you are ever in London let me know and I will buy you a drink!


Here are the results of the fixlog.

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 1.6)
Ran by SYSTEM at 2011-01-04 21:58:47 R:2
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
C:\Windows\System32\explorer.exe moved successfully.
Could not find C:\Windows\winlogon.exe.
C:\Windows\winlogon.exe repleced successfully with c:\WINDOWS\ServicePackFiles\i386\winlogon.exe
Could not find C:\Windows\explorer.exe.
C:\Windows\explorer.exe repleced successfully with c:\WINDOWS\ServicePackFiles\i386\explorer.exe

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 04 January 2011 - 05:17 PM

Excellent. :clapping:

Thanks for your kind words. Let's postpone answering those questions until we make sure the system is clean.:)

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please perform the following scan:
    • Download DDS by sUBs from the following links. Save it to your desktop.
    • DDS.scr
    • DDS.pif
  • Double click on the DDS icon, allow it to run. When done it will open two logs:
    • DDS.txt
    • Attach.txt
  • Copy and paste the logs to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users