Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Rootkit, no updates, no installs.


  • This topic is locked This topic is locked
47 replies to this topic

#1 Greathaniel562

Greathaniel562

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 05 January 2011 - 02:54 AM

I have been running with PCs since CPM, and have gotten away from many a blue screen...but this one is tough.
Usually I think I run a tight ship, with SafeXP but....

OS: WIN XP SP3 Prof.Ed.
Avast free
Disconnected from network.
Backed up, Console installed, Registry backed up.

Logs:
GMER works,
DDS does not, even DDS.htm or .scr. Even in Safe mode. Logs posted. "This tool does not support your Operating System" bogus error. Hijaak This file supplied.
:( :(

Symptoms:
Security logs initally were full of a svchost service accessing the internet by disallowed of high port number. Searched but nada. The trouble seemed to get nasty when IPv1.6 was added by a MS update. It seems the raccoons figured out how to make a tunnel under the Network Service, so that the network icon in the taskbar was not blinking when I was accessing the network. PC disconnected.

Novell Netware was spontaneously installed but I defeated this and removed IPv1.6.
It looked like the network was sent to a filtering site, and then to the address of interest.

RKill helped get the Network Service behavior back. Now it shows I am disconnected.

Symptoms:
Avast intially reported rootkit in locater.exe (replaced with clean copy but no effect).
Many boots have a dirty byte set so CHKDSK.exe runs on C drive.
RKill reports many fake error messages but does not find anything in the log when it finally runs. It did work though.

Clear selective blocking of executables .exe,.scr,.htm with ficticious MS error reports.
Registry filled with porn sites.-CCcleaned.

Inability to install programs/updates such as MSBSA, and the like. It gets to the end and then dies mysteriously.
Avast clean,
Malwarebytes, clean...but you know it isn't.
Superantispyware found junk.
Wierd drive entries in the registry in the Current Control Set, with colon entries.

It smells of some sort of rootkit using a non-visible method of physical address of the hard drive sectors to hide its code.
I see a program IPv6to4 suggesting tunnels.

Attached Files



BC AdBot (Login to Remove)

 


#2 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 06 January 2011 - 03:05 AM

OK, I read the instructions on Kapersky TDSSKiller, downloaded latest:

Both the TDSS.exe versions came up blank on Alureon. :lmao:

So this would seem to suggest the virus is not Alureon-related or a new version.

Still a lot of CHKDSK activity...wondering if this CHKDSK file could be corrupted?

RKill clearly shows hilarious bogus MS errors.

Bootkit?

N.

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 10 January 2011 - 07:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 10 January 2011 - 12:59 PM

Myrti:
OK, I will give OTL a whack at it tonight.

What is clear from the malware signature, is that something funny is happening to CHKDSK.

It has shades of a man in the middle type attack. And keeps reinstalling IP1.6 to try to make its tunnel.

If you type Run Search. Chkdsk.exe...you get continous non-stopping entries of the same file location of CHKDSK.exe ..all from the same folder of C:\Windows\sytem32.

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 10 January 2011 - 03:04 PM

Hi,

is this a work PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 10 January 2011 - 11:39 PM

Myrti:
This is not a work machine, but because we cannot do our work on our work machines (software restrictions), it really is my home work machine.

OTL.txt

OTL logfile created on: 1/10/2011 11:12:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.27 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 180.84 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive L: | 3.76 Gb Total Space | 0.97 Gb Free Space | 25.79% Space Free | Partition Type: FAT32

Computer Name: HPPAV | User Name: AMDadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 23:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2004/04/12 14:25:16 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/10 23:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/19 23:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\32788R22FWJFW\pev.exe -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/04/14 04:42:40 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\utilman.exe -- (UtilMan)
SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/09/10 07:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/09/11 09:31:48 | 000,073,728 | ---- | M] (KODAK) [Disabled | Stopped] -- C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe -- (ptssvc)
SRV - [2002/02/28 13:35:06 | 000,188,987 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe -- (Dcfssvc)
SRV - [2001/11/19 22:17:42 | 000,567,808 | ---- | M] (GLOBEtrotter Software Inc.) [Disabled | Stopped] -- D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\SetupNT.sys -- (SetupNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\qsydpki.sys -- (dcnyey)
DRV - [2011/01/10 22:59:12 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/12/29 23:33:35 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/12/29 23:33:35 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2010/12/29 23:33:31 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/16 15:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 15:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\pwdspio.sys -- (pwdspio)
DRV - [2010/03/12 16:41:22 | 005,867,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/26 22:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Ambfilt.sys -- (Ambfilt)
DRV - [2009/07/29 20:22:44 | 004,411,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/29 06:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/31 00:56:07 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2008/06/16 08:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2008/04/14 04:51:44 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mpe.sys -- (MPE)
DRV - [2008/04/14 04:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 22:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/16 09:09:38 | 000,003,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
DRV - [2007/07/19 23:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 19:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 19:39:14 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 19:39:14 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - [2007/07/18 16:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/04/25 15:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/04/23 12:12:54 | 000,194,200 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/23 12:10:48 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aspi32.sys -- (Aspi32)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys -- (Hardlock)
DRV - [2006/09/27 16:12:30 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/07/05 13:10:23 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/07/05 13:10:23 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/06/07 02:25:23 | 000,059,440 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/07 02:25:22 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2006/06/07 02:25:22 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (Udfreadr_xp)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/01 12:07:24 | 000,005,314 | R--- | M] (Apogee Instruments) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\apogeeio.sys -- (ApogeeIO)
DRV - [2005/06/01 12:07:14 | 000,007,610 | R--- | M] (Diffraction Limited) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\maximio.sys -- (MaxImIO)
DRV - [2004/09/10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/09/10 07:00:00 | 000,027,056 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/04/12 14:26:02 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/03/15 09:11:50 | 000,005,120 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2003/06/19 06:05:04 | 000,049,776 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub20.sys -- (usbhub20)
DRV - [2003/06/19 06:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\uhcd.sys -- (uhcd)
DRV - [2002/11/13 14:10:00 | 000,020,224 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvidesm.sys -- (nvidesm)
DRV - [2002/09/04 18:06:30 | 000,131,509 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2002/09/04 18:06:22 | 000,034,938 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2002/08/14 00:00:00 | 000,093,594 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/08/14 00:00:00 | 000,013,782 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/07/11 06:16:10 | 000,003,480 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2002/02/28 13:35:06 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2002/02/28 13:35:06 | 000,055,866 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2002/02/28 13:35:06 | 000,036,885 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2002/02/28 13:35:06 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2001/12/01 14:51:18 | 000,046,592 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nidmmk.dll -- (nidmmk)
DRV - [2001/12/01 14:50:20 | 000,670,720 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nidaq32k.sys -- (Nidaq32k)
DRV - [2001/12/01 13:27:08 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\niSTCk.dll -- (nistck)
DRV - [2001/12/01 13:25:20 | 000,031,232 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nimdsk.dll -- (nimdsk)
DRV - [2001/12/01 13:21:22 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nibffrk.dll -- (nibffrk)
DRV - [2001/12/01 13:21:18 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\niarbk.dll -- (niarbk)
DRV - [2001/11/06 17:59:20 | 000,448,000 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2001/10/26 16:48:02 | 000,016,896 | ---- | M] (National Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NiViPxiK.sys -- (NiViPxiK)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/06/13 09:15:26 | 000,104,537 | ---- | M] (National Instruments) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\NatMotion.sys -- (NatMotion)
DRV - [2000/07/16 11:52:42 | 000,136,352 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Nuvision.sys -- (NUVision)
DRV - [1999/10/22 09:54:42 | 000,032,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ichaud.sys -- (ichaud) Service for AC'97 Driver (WDM)
DRV - [1999/10/12 11:23:22 | 000,038,548 | ---- | M] (Vista Imaging Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VicamUsb.sys -- (VICAMUSB)
DRV - [1999/10/12 04:04:08 | 000,025,984 | ---- | M] (Vista Imaging, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Vicam.sys -- (ViCAM)
DRV - [1999/07/01 11:25:00 | 000,056,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gpibclsb.sys -- (gpibclsb)
DRV - [1999/07/01 11:04:18 | 000,034,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gpibclsd.sys -- (gpibclsd)
DRV - [1998/09/01 06:06:06 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- c:\Tools_95\Sparrow.Mpd -- (Sparrow)
DRV - [1998/09/01 06:05:44 | 000,073,216 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- c:\Tools_95\AIC78XX.MPD -- (aic78xx)
DRV - [1998/07/15 05:05:36 | 000,032,768 | ---- | M] (IOMEGA, Inc.) [Kernel | Disabled | Stopped] -- c:\Tools_95\Asc.mpd -- (asc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mcb.harvard.edu/Admin_Res/Library/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/29 19:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 17:07:42 | 000,000,000 | ---D | M]

[2008/08/28 20:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/12/30 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions
[2010/10/15 21:07:03 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/03/29 14:45:13 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}(2)
[2010/12/16 21:07:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/03/29 14:45:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/11/30 23:24:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2009/11/30 23:24:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/08/02 21:21:16 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/02 00:12:08 | 000,000,000 | ---D | M] (OpenXMLViewer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\OpenXMLViewer@Codeplex.com
[2010/12/08 22:06:13 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\optimizegoogle@optimizegoogle.com
[2009/11/30 23:24:18 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\extensions\zotero@chnm.gmu(2).edu
[2010/12/29 13:06:45 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\searchplugins\rollyo-1-233580.xml
[2008/06/22 20:49:07 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\searchplugins\wikipedia-en.xml
[2010/12/29 13:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 23:52:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 00:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/05 23:51:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/13 15:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/03/11 06:52:54 | 000,352,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
[2006/02/23 08:16:20 | 000,034,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62i9x.dll
[2006/02/23 08:16:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62int.dll

O1 HOSTS File: ([2011/01/07 01:00:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\..\Toolbar\ShellBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O4 - HKLM..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMAQBoot] D:\Program Files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe (National Instruments Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SYSTEM32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Printing Migration] C:\WINDOWS\System32\spool\migrate.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SYSTEM32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\..Trusted Domains: ieaddons.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-1935655697-1957994488-500\..Trusted Domains: yahoo.com ([mail] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WORK
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINDOWS\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora Mail\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1993/08/21 17:40:02 | 000,000,233 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [1993/11/02 07:59:58 | 000,000,256 | ---- | M] () - C:\AUTOEXEC.12 -- [ NTFS ]
O32 - AutoRun File - [1998/08/14 07:58:04 | 000,000,263 | ---- | M] () - C:\AUTOEXEC.386 -- [ NTFS ]
O32 - AutoRun File - [1994/01/14 08:55:58 | 000,000,269 | ---- | M] () - C:\AUTOEXEC.387 -- [ NTFS ]
O32 - AutoRun File - [2000/03/07 06:33:48 | 000,000,256 | ---- | M] () - C:\AUTOEXEC.625 -- [ NTFS ]
O32 - AutoRun File - [1998/10/27 14:25:50 | 000,000,198 | ---- | M] () - C:\AUTOEXEC.95 -- [ NTFS ]
O32 - AutoRun File - [1999/02/24 09:56:20 | 000,000,185 | ---- | M] () - C:\AUTOEXEC.99 -- [ NTFS ]
O32 - AutoRun File - [2001/03/06 21:28:58 | 000,000,179 | ---- | M] () - C:\AUTOEXEC.BA2 -- [ NTFS ]
O32 - AutoRun File - [2001/03/06 20:20:46 | 000,000,196 | ---- | M] () - C:\AUTOEXEC.BA2.txt -- [ NTFS ]
O32 - AutoRun File - [2004/02/21 12:42:54 | 000,000,312 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2005/02/08 23:05:39 | 000,000,380 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/02/21 12:32:30 | 000,000,312 | ---- | M] () - C:\AUTOEXEC.CRY -- [ NTFS ]
O32 - AutoRun File - [1998/10/27 20:08:08 | 000,000,310 | ---- | M] () - C:\autoexec.d00 -- [ NTFS ]
O32 - AutoRun File - [1999/02/05 02:11:42 | 000,000,191 | ---- | M] () - C:\AUTOEXEC.DO2 -- [ NTFS ]
O32 - AutoRun File - [2001/03/25 22:10:18 | 000,000,179 | ---- | M] () - C:\autoexec.nai -- [ NTFS ]
O32 - AutoRun File - [2000/05/18 01:25:06 | 000,000,152 | ---- | M] () - C:\AUTOEXEC.NS0 -- [ NTFS ]
O32 - AutoRun File - [2006/10/06 00:50:39 | 000,000,167 | ---- | M] () - C:\autoexec.nt -- [ NTFS ]
O32 - AutoRun File - [1998/10/27 19:46:48 | 000,000,303 | -HS- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
O32 - AutoRun File - [1998/11/13 11:23:14 | 000,000,348 | ---- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
O32 - AutoRun File - [2004/02/21 12:42:54 | 000,000,312 | -H-- | M] () - C:\AUTOX000.000 -- [ NTFS ]
O32 - AutoRun File - [2010/08/08 13:41:21 | 000,000,000 | ---D | M] - D:\AutostitchPhoto -- [ NTFS ]
O33 - MountPoints2\{a0fed166-f61c-11dc-b361-442dea234d46}\Shell - "" = AutoRun
O33 - MountPoints2\{a0fed166-f61c-11dc-b361-442dea234d46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0fed166-f61c-11dc-b361-442dea234d46}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\32788R22FWJFW\pev.exe File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.0
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {90A7533D-88FE-11D0-9DBE-0000C0411FC3} - Microsoft VRML 2.0 Viewer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVIDEO - C:\WINDOWS\System32\vicamavi.drv (Copyright © 1995-1999 Vista Imaging, Inc.)
Drivers32: MSVIDEO1 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.444p - C:\Program Files\t@b\0.947\686\tabdec.dll (t@B)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DVSD - C:\WINDOWS\System32\miroDV2avi.dll (Pinnacle Systems)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - jpegCode.dll File not found
Drivers32: VIDC.MJPG - jpegCode.dll File not found
Drivers32: vidc.mpng - C:\Program Files\t@b\0.947\686\tabdec.dll (t@B)
Drivers32: vidc.mvjp - C:\Program Files\t@b\0.947\686\tabdec.dll (t@B)
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\Nuvision.ax (Nogatech Ltd.)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.PIXL - C:\WINDOWS\System32\pclepixl.dll (Pinnacle Systems)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 23:08:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/09 03:08:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/09 00:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2011/01/08 02:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/01/08 01:01:35 | 000,000,000 | --SD | C] -- C:\ComboFix25315C
[2011/01/07 01:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/07 00:53:34 | 000,000,000 | --SD | C] -- C:\ComboFix213233C
[2011/01/03 04:17:33 | 000,000,000 | --SD | C] -- C:\CopyComboFix18248C
[2011/01/03 04:07:20 | 000,000,000 | --SD | C] -- C:\ComboFix2
[2011/01/03 04:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/02 23:09:34 | 000,000,000 | --SD | C] -- C:\CopyComboFix26839C
[2011/01/02 22:57:09 | 000,000,000 | --SD | C] -- C:\CopyComboFix21716C
[2011/01/02 22:51:29 | 000,000,000 | --SD | C] -- C:\CopyComboFix
[2011/01/02 21:51:27 | 000,000,000 | -H-D | C] -- C:\I386
[2011/01/02 14:25:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/31 04:00:15 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/12/31 03:53:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/31 03:53:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/31 03:53:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/31 03:53:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/31 03:53:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNTxxxx
[2010/12/31 03:53:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/31 03:50:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/31 02:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/31 02:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/12/31 00:55:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/31 00:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/31 00:55:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/30 01:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MiniTool Partition Wizard Home Edition 5.2
[2010/12/30 01:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 5.2
[2010/12/30 00:12:55 | 000,441,760 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010/12/29 23:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/12/29 19:10:40 | 000,368,480 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010/12/29 19:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[4 C:\*.tmp files -> C:\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[11 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 23:11:58 | 000,006,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\otDesktopIc.png
[2011/01/10 23:03:16 | 000,076,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/10 23:03:16 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/10 23:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/10 22:59:13 | 008,405,015 | ---- | M] () -- C:\WINDOWS\hlktmp
[2011/01/10 22:59:12 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011/01/10 22:59:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/10 22:59:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/09 00:43:39 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-JGIH4.exe
[2011/01/09 00:43:39 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-JGIH4.msg
[2011/01/09 00:43:39 | 000,000,339 | ---- | M] () -- C:\WINDOWS\is-JGIH4.lst
[2011/01/09 00:30:08 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2011/01/07 22:35:00 | 000,008,184 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/01/07 01:00:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/07 00:36:10 | 000,000,300 | -HS- | M] () -- C:\boot.ini
[2011/01/05 01:59:06 | 000,000,126 | ---- | M] () -- C:\dds.htm
[2011/01/04 19:11:36 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DiagnosticStartupScriptLog2.scr
[2011/01/04 19:11:36 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.pif.pif
[2011/01/03 03:38:08 | 004,012,456 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix2.exe
[2011/01/02 21:59:42 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CDDVD.lnk
[2011/01/02 21:57:35 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2011/01/02 21:57:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/02 20:13:08 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SafeXP.exe.lnk
[2011/01/02 20:07:54 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Copy of Netstat.lnk
[2011/01/02 15:06:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\Copy of ntuser.ini
[2011/01/02 14:54:30 | 141,344,914 | ---- | M] () -- C:\Reg1-02-10.reg
[2011/01/02 08:37:25 | 000,000,487 | ---- | M] () -- C:\WINDOWS\System32\login.cmd
[2011/01/02 08:37:05 | 000,000,487 | ---- | M] () -- C:\WINDOWS\System32\loginX.cmd
[2011/01/02 03:53:07 | 000,419,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/31 22:24:10 | 000,001,380 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tasklist svchost.lnk
[2010/12/31 04:13:45 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010/12/31 04:13:11 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal123.sys
[2010/12/31 04:01:44 | 000,041,488 | ---- | M] () -- C:\MGlogs.zip
[2010/12/31 00:25:48 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\CopyComboFix.exe
[2010/12/30 22:23:57 | 000,001,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Netshell repair.lnk
[2010/12/30 01:43:34 | 000,000,300 | -HS- | M] () -- C:\BOOT.BAK
[2010/12/29 23:33:35 | 000,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010/12/29 23:33:35 | 000,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2010/12/29 23:33:31 | 000,132,224 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/12/29 23:33:30 | 000,368,480 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2010/12/29 23:18:01 | 001,916,471 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dw_ug.en.pdf
[2010/12/29 18:57:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 18:57:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/29 17:50:15 | 000,522,864 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Application12-29-2010.evt
[2010/12/23 23:22:21 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\terst.wav
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/12/12 14:28:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\*.tmp files -> C:\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[11 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 23:08:07 | 000,006,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\otDesktopIc.png
[2011/01/09 00:43:39 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-JGIH4.exe
[2011/01/09 00:43:39 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-JGIH4.msg
[2011/01/09 00:43:39 | 000,000,339 | ---- | C] () -- C:\WINDOWS\is-JGIH4.lst
[2011/01/09 00:30:08 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2011/01/07 00:11:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DiagnosticStartupScriptLog2.scr
[2011/01/05 02:17:27 | 000,000,126 | ---- | C] () -- C:\dds.htm
[2011/01/04 21:26:25 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.pif.pif
[2011/01/03 03:45:16 | 004,012,456 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix2.exe
[2011/01/02 23:30:58 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CameraCooledCCDPurge_Tutorial.doc
[2011/01/02 22:56:41 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\CopyComboFix.exe
[2011/01/02 19:40:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Administrator\Copy of ntuser.ini
[2011/01/02 14:54:22 | 141,344,914 | ---- | C] () -- C:\Reg1-02-10.reg
[2011/01/02 08:37:04 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\loginX.cmd
[2010/12/31 04:13:23 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010/12/31 04:12:50 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal123.sys
[2010/12/31 04:00:18 | 000,041,488 | ---- | C] () -- C:\MGlogs.zip
[2010/12/31 03:53:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/31 03:53:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/31 03:53:13 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/31 03:53:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/31 03:53:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/30 01:43:34 | 000,725,064 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/12/30 01:43:33 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/12/30 01:43:32 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/12/29 23:18:00 | 001,916,471 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dw_ug.en.pdf
[2010/12/29 18:57:17 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/29 18:57:17 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/12/29 17:50:14 | 000,522,864 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Application12-29-2010.evt
[2010/12/23 23:22:21 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\terst.wav
[2010/08/01 15:32:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/04/17 22:12:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hbiciix.dll
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/11 22:32:48 | 000,000,060 | ---- | C] () -- C:\WINDOWS\AXDD1200.INI
[2010/01/08 09:22:30 | 000,082,611 | ---- | C] () -- C:\Program Files\whatsnew.txt
[2010/01/04 13:14:36 | 000,013,756 | ---- | C] () -- C:\Program Files\whatsnewVPM.txt
[2009/11/15 01:04:21 | 000,000,163 | ---- | C] () -- C:\WINDOWS\_ISNU.INI
[2009/11/14 15:04:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hook1.dll
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/11/08 21:35:19 | 000,000,304 | ---- | C] () -- C:\WINDOWS\PINDEMO2.INI
[2009/11/08 21:01:13 | 000,000,793 | ---- | C] () -- C:\WINDOWS\Pinball2.ini
[2009/11/07 22:58:40 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:14:36 | 000,003,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\BS_Flash.sys
[2009/08/26 23:20:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/07 21:33:00 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/31 21:17:57 | 000,028,165 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2009/03/31 21:17:57 | 000,018,264 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2009/03/31 21:16:57 | 000,000,333 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/03/31 21:16:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/03/31 21:14:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/03/31 00:56:07 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/02/02 00:15:36 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/01 00:45:13 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 20:56:30 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/07/23 20:56:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/07/23 20:56:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/07/23 20:56:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/07/19 14:11:47 | 000,910,368 | ---- | C] () -- C:\WINDOWS\System32\OWL52T.DLL
[2008/04/14 04:41:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\s95al6a.dll
[2008/04/14 04:41:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/04/14 04:41:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/04/14 04:41:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/04/14 04:41:58 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/04/14 04:41:58 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\jjxeiex.dll
[2008/04/14 04:41:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/04/14 04:41:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ybjxl2h.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\vz7vou1.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\vl6efvz.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\vbrjqr3.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\v48c5pe.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\v2rin5o.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\v2l5ag7.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tbxccoe.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\pzfd4dt.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\mnc0h6w.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\e7ifml9.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\cr31gpa.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\cazaxd3.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bz3r1k1.dll
[2008/04/14 04:41:58 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bc16674.dll
[2008/04/14 00:42:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/16 21:34:42 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/02/16 21:34:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/02/12 20:34:48 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2007/12/27 21:12:07 | 000,002,777 | ---- | C] () -- C:\WINDOWS\TVC8XDrv.ini
[2007/11/18 18:43:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PFP120JPR.{PB
[2007/11/18 18:43:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PFP120JCM.{PB
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/02 10:40:40 | 000,013,763 | ---- | C] () -- C:\Program Files\3ComCameraTips.txt
[2007/08/21 20:52:20 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/04/21 20:55:23 | 000,001,498 | ---- | C] () -- C:\WINDOWS\iris.ini
[2007/04/21 20:39:09 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\io.dll
[2007/04/21 20:39:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Sh22w32.dll
[2007/03/15 03:25:55 | 000,000,158 | ---- | C] () -- C:\WINDOWS\LCSLite.INI
[2007/03/10 20:24:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\hook2.dll
[2006/12/31 09:58:34 | 000,000,026 | ---- | C] () -- C:\WINDOWS\PP60.INI
[2006/12/31 00:54:50 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/12/31 00:54:49 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2006/12/11 09:28:23 | 000,001,112 | ---- | C] () -- C:\WINDOWS\Studio7.ini
[2006/12/11 09:28:07 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2006/12/11 09:28:07 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2006/12/11 09:28:07 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32d.dll
[2006/12/11 09:28:07 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2006/12/11 09:28:07 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2006/12/11 09:28:07 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2006/12/10 22:05:07 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/10/28 18:05:33 | 000,001,170 | ---- | C] () -- C:\WINDOWS\capture.INI
[2006/03/13 10:34:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/21 21:44:52 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDFXX.ini
[2005/12/20 09:54:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/17 10:34:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/09 00:52:14 | 000,343,188 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup_001.INI
[2005/08/09 00:20:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hook1xx.dll
[2005/08/09 00:20:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\hook2xx.dll
[2005/08/03 20:28:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/08/03 20:25:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/08/03 00:10:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/29 01:39:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\SPSETUP.INI
[2005/07/29 01:07:44 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2005/07/12 20:25:00 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/07/09 01:35:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/06/11 21:32:31 | 000,000,377 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\jahuwaldt.Digitizer.props
[2005/06/09 23:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TECHDIG.INI
[2005/06/01 12:07:24 | 000,007,536 | R--- | C] () -- C:\WINDOWS\System32\drivers\ccdpar.sys
[2004/09/20 17:57:41 | 000,000,062 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/06/02 00:23:08 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\wvjava.dll
[2004/03/24 00:42:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS27.DLL
[2004/03/13 01:57:12 | 000,024,658 | ---- | C] () -- C:\WINDOWS\10-00WIN.INI
[2004/03/13 01:57:12 | 000,019,756 | ---- | C] () -- C:\WINDOWS\win99.ini
[2004/03/13 01:57:12 | 000,012,655 | ---- | C] () -- C:\WINDOWS\BioEdit.ini
[2004/03/13 01:57:12 | 000,007,918 | ---- | C] () -- C:\WINDOWS\HGOPHER.INI
[2004/03/13 01:57:12 | 000,005,760 | ---- | C] () -- C:\WINDOWS\AIRMOS.INI
[2004/03/13 01:57:12 | 000,003,903 | ---- | C] () -- C:\WINDOWS\AXOTAPE.INI
[2004/03/13 01:57:12 | 000,003,610 | ---- | C] () -- C:\WINDOWS\DOSAPP.INI
[2004/03/13 01:57:12 | 000,002,697 | ---- | C] () -- C:\WINDOWS\HOSTEX.INI
[2004/03/13 01:57:12 | 000,002,537 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2004/03/13 01:57:12 | 000,002,042 | ---- | C] () -- C:\WINDOWS\DSPCTL.INI
[2004/03/13 01:57:12 | 000,001,925 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/03/13 01:57:12 | 000,001,816 | ---- | C] () -- C:\WINDOWS\SPW.INI
[2004/03/13 01:57:12 | 000,001,720 | ---- | C] () -- C:\WINDOWS\WPFM.INI
[2004/03/13 01:57:12 | 000,001,537 | ---- | C] () -- C:\WINDOWS\NEUROLUCIDA.INI
[2004/03/13 01:57:12 | 000,001,450 | ---- | C] () -- C:\WINDOWS\SCNIMAGE.INI
[2004/03/13 01:57:12 | 000,001,268 | ---- | C] () -- C:\WINDOWS\WPC.INI
[2004/03/13 01:57:12 | 000,001,165 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2004/03/13 01:57:12 | 000,001,145 | ---- | C] () -- C:\WINDOWS\Jandel.ini
[2004/03/13 01:57:12 | 000,000,989 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2004/03/13 01:57:12 | 000,000,961 | ---- | C] () -- C:\WINDOWS\LVIEW.INI
[2004/03/13 01:57:12 | 000,000,932 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/03/13 01:57:12 | 000,000,870 | ---- | C] () -- C:\WINDOWS\wnsetup.ini
[2004/03/13 01:57:12 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2004/03/13 01:57:12 | 000,000,856 | ---- | C] () -- C:\WINDOWS\GENERUNR.INI
[2004/03/13 01:57:12 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2004/03/13 01:57:12 | 000,000,750 | ---- | C] () -- C:\WINDOWS\EXTHWCTL.INI
[2004/03/13 01:57:12 | 000,000,620 | ---- | C] () -- C:\WINDOWS\MSD.INI
[2004/03/13 01:57:12 | 000,000,616 | ---- | C] () -- C:\WINDOWS\CMOUSECC.INI
[2004/03/13 01:57:12 | 000,000,580 | ---- | C] () -- C:\WINDOWS\CBWIN.INI
[2004/03/13 01:57:12 | 000,000,561 | ---- | C] () -- C:\WINDOWS\winzip.ini
[2004/03/13 01:57:12 | 000,000,499 | ---- | C] () -- C:\WINDOWS\MAXTIME.INI
[2004/03/13 01:57:12 | 000,000,421 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/13 01:57:12 | 000,000,398 | ---- | C] () -- C:\WINDOWS\LEXHBP.INI
[2004/03/13 01:57:12 | 000,000,305 | ---- | C] () -- C:\WINDOWS\SMSI.INI
[2004/03/13 01:57:12 | 000,000,280 | ---- | C] () -- C:\WINDOWS\GUEST.INI
[2004/03/13 01:57:12 | 000,000,271 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2004/03/13 01:57:12 | 000,000,265 | ---- | C] () -- C:\WINDOWS\fileman.ini
[2004/03/13 01:57:12 | 000,000,249 | ---- | C] () -- C:\WINDOWS\WPWP.INI
[2004/03/13 01:57:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2004/03/13 01:57:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Clony.ini
[2004/03/13 01:57:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\CJBMF.INI
[2004/03/13 01:57:12 | 000,000,212 | ---- | C] () -- C:\WINDOWS\oeminfo.ini
[2004/03/13 01:57:12 | 000,000,197 | ---- | C] () -- C:\WINDOWS\INSTAT.INI
[2004/03/13 01:57:12 | 000,000,192 | ---- | C] () -- C:\WINDOWS\PIXCACHE.INI
[2004/03/13 01:57:12 | 000,000,186 | ---- | C] () -- C:\WINDOWS\WINFILE.INI
[2004/03/13 01:57:12 | 000,000,182 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2004/03/13 01:57:12 | 000,000,150 | ---- | C] () -- C:\WINDOWS\wcanvas.ini
[2004/03/13 01:57:12 | 000,000,149 | ---- | C] () -- C:\WINDOWS\FLIC.INI
[2004/03/13 01:57:12 | 000,000,143 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/03/13 01:57:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\AUDIOSTA.INI
[2004/03/13 01:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Risxtd.ini
[2004/03/13 01:57:12 | 000,000,105 | ---- | C] () -- C:\WINDOWS\MAPIUID.INI
[2004/03/13 01:57:12 | 000,000,103 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2004/03/13 01:57:12 | 000,000,100 | ---- | C] () -- C:\WINDOWS\MSMAIL.INI
[2004/03/13 01:57:12 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TCATALOG.INI
[2004/03/13 01:57:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\PIPELINE.INI
[2004/03/13 01:57:12 | 000,000,071 | ---- | C] () -- C:\WINDOWS\progman.ini
[2004/03/13 01:57:12 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2004/03/13 01:57:12 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/03/13 01:57:12 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2004/03/13 01:57:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\FAX.INI
[2004/03/13 01:57:12 | 000,000,056 | ---- | C] () -- C:\WINDOWS\trumphop.ini
[2004/03/13 01:57:12 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SHTLW95.INI
[2004/03/13 01:57:12 | 000,000,052 | ---- | C] () -- C:\WINDOWS\trumpdig.ini
[2004/03/13 01:57:12 | 000,000,051 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
[2004/03/13 01:57:12 | 000,000,047 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2004/03/13 01:57:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EXCHNG32.INI
[2004/03/13 01:57:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\WINDAT.INI
[2004/03/13 01:57:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ClonyCDs.ini
[2004/03/13 01:57:12 | 000,000,037 | ---- | C] () -- C:\WINDOWS\WPSP.INI
[2004/03/13 01:57:12 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2004/03/13 01:57:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/03/13 01:57:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2004/03/13 01:57:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WPTH.INI
[2004/03/13 01:57:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\HOSTPR.INI
[2004/03/13 01:57:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\FNESSE.INI
[2004/03/13 01:57:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/03/13 01:57:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2004/03/13 01:57:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MOUSE.INI
[2004/03/13 01:57:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CONNETIT.INI
[2004/03/13 01:57:12 | 000,000,017 | ---- | C] () -- C:\WINDOWS\KESPLMGR.INI
[2004/03/13 01:57:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\BI_GROUP.INI
[2004/03/13 01:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/03/13 01:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2004/03/13 01:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/03/13 01:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CLAMPFITASSISTANT.INI
[2004/03/13 01:57:11 | 000,012,783 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2004/03/13 01:57:11 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2004/03/13 01:57:11 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2004/03/13 01:57:11 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2004/03/13 01:57:11 | 000,001,721 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/13 01:57:11 | 000,000,825 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2004/03/13 01:57:11 | 000,000,131 | ---- | C] () -- C:\WINDOWS\ALOHABOB.INI
[2004/03/13 01:57:11 | 000,000,053 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/03/13 01:57:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MAIN.INI
[2004/03/13 01:57:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2004/03/13 01:57:10 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2004/03/13 01:57:10 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/03/13 01:57:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/12 20:34:24 | 000,004,294 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/12 20:02:00 | 000,000,996 | ---- | C] () -- C:\WINDOWS\dead.ini
[2003/07/29 21:39:24 | 000,473,088 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2003/07/17 14:53:50 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2003/05/17 21:21:42 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\I81X329X.DLL
[2002/08/22 10:16:44 | 000,000,223 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2002/05/26 20:12:10 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\msqtvrdc32.dll
[2002/05/26 20:12:10 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2001/12/01 15:04:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\nipxiini.dll
[2001/12/01 14:42:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\niidaqlv.dll
[2001/11/06 16:47:30 | 000,003,168 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2001/09/20 09:48:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2001/08/13 20:09:48 | 000,659,520 | ---- | C] () -- C:\WINDOWS\System32\vbid3lib.dll
[2001/06/19 13:25:54 | 000,069,709 | ---- | C] () -- C:\WINDOWS\System32\clsernat.dll
[2001/05/09 22:38:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\AZTEXT.DLL
[2001/04/20 19:23:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PManager.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2000/08/17 04:27:08 | 000,020,556 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2000/08/10 13:33:42 | 000,081,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibpci.sys
[2000/07/15 04:46:47 | 000,224,768 | ---- | C] () -- C:\WINDOWS\System32\fpi32.dll
[2000/07/14 00:24:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\iviini.dll
[2000/06/27 10:16:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2000/06/16 07:26:22 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2000/06/08 12:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[2000/06/08 12:00:00 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
[2000/06/01 08:47:40 | 000,020,992 | ---- | C] () -- C:\WINDOWS\PICUNINS.DLL
[2000/05/18 01:20:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2000/05/18 01:20:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2000/05/18 00:58:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2000/01/31 00:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[1999/12/07 07:00:00 | 000,176,400 | ---- | C] () -- C:\WINDOWS\System32\qcut.dll
[1999/11/05 13:07:22 | 000,157,032 | ---- | C] () -- C:\WINDOWS\System32\TwnPRO20.dll
[1999/11/04 09:00:38 | 000,001,840 | ---- | C] () -- C:\WINDOWS\System32\niidaqs.dll
[1999/10/21 21:41:30 | 000,207,872 | ---- | C] () -- C:\WINDOWS\PPLIBMGR.DLL
[1999/10/21 21:41:10 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\FVDS60.DLL
[1999/10/21 21:40:23 | 002,270,720 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[1999/10/21 21:39:34 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\PPIV.DLL
[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvsound.sys
[1999/07/29 16:22:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\GpibN32.dll
[1999/07/29 16:22:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GPIBI32.dll
[1999/07/29 14:53:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GpibAz32.dll
[1999/07/19 16:00:04 | 000,070,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibatnt.sys
[1999/07/01 11:25:00 | 000,056,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibclsb.sys
[1999/07/01 11:04:18 | 000,034,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibclsd.sys
[1999/06/04 20:13:48 | 000,008,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\GpibStub.sys
[1999/05/27 06:08:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jcmath32.dll
[1999/04/11 18:23:01 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\POSP70US.DLL
[1999/04/11 18:22:59 | 000,425,472 | ---- | C] () -- C:\WINDOWS\System32\POSP7032.DLL
[1999/04/11 18:22:55 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\POOLE70.DLL
[1999/04/11 18:22:35 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/30 13:46:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[1998/10/30 12:49:41 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\hpprprxy.dll
[1998/10/30 12:49:40 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\hpdbprxy.dll
[1998/10/28 08:58:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ImgDll32.Dll
[1998/10/16 10:16:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\SX83P32.DLL
[1998/10/06 14:00:06 | 000,002,048 | ---- | C] () -- C:\WINDOWS\ARCHDLL.DLL
[1998/10/04 00:20:58 | 000,000,026 | ---- | C] () -- C:\Program Files\dir.txt
[1998/09/07 01:03:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\System32\Cdio16.dll
[1998/09/07 00:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cdio32.dll
[1998/06/03 08:44:44 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\rdbios32.dll
[1998/04/03 07:18:40 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\HpSocEx.dll
[1998/03/12 15:04:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Dio_tc.dll
[1998/01/26 15:27:36 | 000,023,312 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
[1997/03/25 05:02:00 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\owl52f.dll
[1997/01/27 15:57:48 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\Gpib.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1995/12/26 19:00:00 | 000,014,400 | ---- | C] () -- C:\WINDOWS\DLL16.DLL
[1995/12/26 19:00:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\HCI.DLL
[1995/12/26 19:00:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\SCI.DLL
[1995/12/26 19:00:00 | 000,004,511 | ---- | C] () -- C:\WINDOWS\HOTKEY.DLL
[1995/10/17 16:58:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[1995/08/28 23:52:00 | 000,462,880 | R--- | C] () -- C:\WINDOWS\System32\owl252f.dll
[1995/07/12 04:58:00 | 000,124,416 | ---- | C] () -- C:\WINDOWS\WECJLIB.DLL
[1992/03/31 22:10:00 | 000,010,414 | ---- | C] () -- C:\WINDOWS\RECORDER.DLL
[1979/12/31 19:00:00 | 000,000,677 | ---- | C] () -- C:\WINDOWS\ATM.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1997/01/08 12:47:58 | 000,074,321 | ---- | M] () -- C:\AZTPNP.EXE
[1997/04/10 00:30:00 | 000,017,809 | ---- | M] () -- C:\GUEST.EXE
[1994/05/18 03:00:00 | 000,059,404 | ---- | M] () -- C:\NCD.EXE
[1999/05/19 07:56:48 | 000,036,864 | R--- | M] () -- C:\VOLUMEID.EXE
[4 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SYSTEM32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
Extras.txt

OTL Extras logfile created on: 1/10/2011 11:12:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.27 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 180.84 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive L: | 3.76 Gb Total Space | 0.97 Gb Free Space | 25.79% Space Free | Partition Type: FAT32

Computer Name: HPPAV | User Name: AMDadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\WINDOWS\winhelp.exe (Microsoft Corporation)
.hta [@ = ] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = ft000001] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
hlpfile [open] -- winhelp.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00B9AC98-5E20-49b4-B783-C7FF95EED515}" = NI-Motion MAX Provider 5.1.5
"{0452E120-B838-11D3-AC9E-00105A6BB8EC}" = Axon pCLAMP 9.0
"{05A42BD0-8AE0-4EAD-A00F-883F79422E88}" = NI LabVIEW Advanced Analysis 6.1
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{11DB853A-6966-4724-BEAD-793C48AC8C54}" = Kodak EasyShare software
"{160782EF-2323-43F2-8473-A94900230879}" = WinWCP
"{1682E535-B5D9-4132-91AB-C9485A92C61F}" = NI Measurement & Automation Explorer 2.2.0
"{1953AC5B-007B-4FDA-8771-D900317A6FB5}" = CED Spike2 for Windows version 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204498C5-4A0F-4477-97BE-7FFC6812BD21}" = NI-Motion Driver Software 5.1.5
"{22CB4CF1-25D1-4DE4-AC2D-77DC388889ED}" = NI LabVIEW Full 6.1
"{233C3280-C223-4F31-959E-C58B275DA561}" = Leica Microsystems Data Container V1
"{2570562C-1727-4D54-BC5B-84CF3F8A0257}" = NI IVI Engine 1.83
"{25A21B7D-D1AB-4e1c-B253-F4DF67EB84FB}" = NI-VISA MAX Provider 2.6.0f12
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{2EABF730-AD92-11D5-814B-00C04F60A4B9}" = NI-DAQ 6.9.2
"{30614D5F-58BB-4A76-8BC9-C763A815CFC4}" = Hackman Hex Editor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3CD3B427-6E2A-45f0-870B-AB0C53B3FB10}" = NI GPIB Provider for MAX
"{3DE06D6B-5F32-4487-9088-5B21BEBB3B6D}" = NI ValueMotion 5.0.5
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{3F2F0832-621B-11D3-8F18-004033A05B8E}" = Canvas 7
"{43733800-BF3D-4F68-802A-20F51EFAC7E9}" = NI DAQ Provider for MAX
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 SE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D45E975-51A4-4074-A406-78346F5D7E6E}" = MaxIm DL 4
"{4EB092F5-185E-4FE6-8ED7-23F61C17D76C}" = MYSTAT 12
"{50E7D303-93B3-11D3-9AB9-00A0CC21F0CB}" = MacDrive 2000
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0
"{554A6FE7-2728-4EF5-818B-2AD90E458139}" = NI-PAL 1.5.5f0 Engine
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5BF96F74-33F3-4289-803D-E9071ED8F525}" = NI-488.2 1.70
"{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4
"{66E7AEB1-2CF7-44cb-954F-26B0F91BE495}" = NI IVI Provider for MAX
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{7DFF7F4F-9626-4ECA-A750-68CE1E5F1921}" = NI LabVIEW Picture Control Toolkit 6.1
"{7EF2EB9C-9AE9-44B6-BBCB-35470C154BFD}" = Axon pCLAMP 10.2
"{7F2AD444-D50C-4EED-ABF9-A08EBBA6CF31}" = CED Spike2 for Windows version 6
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C1F7E64-BB76-4022-B2FA-F8BD2D7D025D}" = Andor iQ_1.8
"{8D97CF6D-BE98-45a5-ADA4-C54D49556989}" = NI Spy 1.5.0f4
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{912BA543-40AB-4420-B0B3-80571CCC17C9}" = Andor SOLIS
"{92F36672-245D-11D5-AC74-00105A0CF83E}" = Juno
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = Origin 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}" = MSN Messenger 7.0
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B36C4994-A563-4339-8754-CCCE51314A4C}" = Visual Pinball
"{BA179DEB-B240-4344-BC17-81B8E1E3EC0B}" = NI FlexMotion Firmware 5.1.5
"{BAD26CB5-035A-495E-83B8-92215B6DA3DE}" = Avid Free DV
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C8D222B1-64E9-11d5-8183-005004D6CDD6}" = NI-IMAQ 2.5.2
"{CC8971B9-9132-4C04-A8D4-628663C9E9F0}" = NI LabVIEW Run-Time Engine 6.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF112174-E21F-4124-A135-766431FA5664}" = NI-VISA Server 1.0.0f4
"{D5379071-6A6B-11D5-8183-005004D6CDD6}" = NI-IMAQ Provider for MAX
"{D683E370-3B68-4BE0-8C29-1326F2EABCCC}" = MYSTAT 12 Manuals
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DADB9B06-3D8B-4C2D-9350-5738664AFF4F}" = NI Software Provider for MAX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55E016B-8254-4A3F-ACEB-FE9988CD880F}" = Origin8
"{ED050097-F9E6-49BF-B90E-FDA123474454}" = NI LabVIEW 6.1
"{EE48C09C-9415-4574-B263-893AF9307E22}" = NI Remote Provider for MAX
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F11F2C97-7468-4454-A785-C81C7DA53193}" = NI FlexMotion 5.1.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4D59B35-A902-41D3-9BE9-20534881D03D}" = ArcSoft PhotoImpression
"{F75AEDE0-73FC-4fe3-8169-52CB0377D7BF}" = NI-VISA 2.6.0f7
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 9.81 Free Edition
"{FD080429-C59A-482E-9841-255622141E23}" = NI LabVIEW CIN Tools 6.1
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"All ATI Software" = ATI - Software Uninstall Utility
"Artoonix 1.6 Release 1_is1" = Artoonix 1.6
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Axon AxoScope 8.0" = Axon AxoScope 8.0
"Axon pCLAMP 8.2" = Axon pCLAMP 8.2
"bibus" = bibus 1.3.0
"Bink and Smacker" = Bink and Smacker
"BioEdit" = BioEdit
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP27.DLL" = BJC-85
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.0
"CCleaner" = CCleaner (remove only)
"CJRSTR_Deinstall" = BJ Printer Driver
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Corel Applications" = Corel Applications
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EndNote" = EndNote
"Eudora" = Eudora
"Eudora Pro Email" = Eudora Pro Email
"Fv" = Fv
"Google Desktop" = Google Desktop Search
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HiDownload_is1" = HiDownload 4.4
"HijackThis" = HijackThis 1.99.1
"HP LaserJet 6P/6MP UnInstaller" = HP LaserJet 6P/6MP
"HP Printer Scanner Copier Enhancer" = HP Printer Scanner Copier Enhancer
"HP Simple Trax" = HP Simple Trax
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"Igor Pro" = Igor Pro
"ImageJ_is1" = ImageJ 1.42q
"ImageTOOLSca_is1" = ImageTOOLSca v3.0
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.46
"InstallShield_{4D45E975-51A4-4074-A406-78346F5D7E6E}" = MaxIm DL 4
"Iomega95" = Iomega Software
"IrfanView" = IrfanView (remove only)
"Iris" = Iris
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Java 2 SDK Standard Edition v1.3" = Java 2 SDK Standard Edition v1.3
"JRE 1.3" = Java 2 Runtime Environment Standard Edition v1.3
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007b" = MATLAB R2007b
"MatlabR2010a" = MATLAB R2010a
"MGXDesigner60" = Micrografx Designer 6.0
"Micrografx ABC Graphics Suite" = Micrografx ABC Graphics Suite
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Streets 1998" = Microsoft Expedia Streets 98
"MiniAnalysis" = MiniAnalysis
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSMONEYV80" = Microsoft Money 2000 Standard Edition
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Neurolucida" = Neurolucida
"NEURON 5.8" = NEURON 5.8 (remove only)
"NI FlexMotion" = NI FlexMotion 5.1.5
"NI IVI Engine 1.83" = NI IVI Engine 1.83
"NI LabVIEW 6.1" = NI LabVIEW 6.1
"NI Measurement & Automation Explorer 2.2.0 " = NI Measurement & Automation Explorer 2.2.0
"NI ValueMotion" = NI ValueMotion 5.0.5
"NI-DAQ 6.9.2" = NI-DAQ 6.9.2
"NI-IMAQ 2.5.2" = NI-IMAQ 2.5.2
"NI-VISA" = NI-VISA 2.6.0f7
"Norton Rescue" = Rescue Disk
"Norton Utilities" = Norton Utilities 2000 for Windows
"numarray-py2.4" = Python 2.4 numarray-1.3.3
"Numeric-py2.4" = Python 2.4 Numeric-24.2
"Origin 6.0" = Origin 6.0
"PaperMaster" = PaperMaster Live
"pCLAMP 7" = pCLAMP 7
"Photoshop FITS Liberator" = Photoshop FITS Liberator 2.0
"PIL-py2.4" = Python 2.4 PIL-1.1.6
"PitchPerfect" = PitchPerfect Uninstall
"PLATINUM WorldView for Internet Explorer" = PLATINUM WorldView for Internet Explorer
"Plot Digitizer" = Plot Digitizer
"PP_DEINSTALL" = Micrografx Picture Publisher 6.0
"Pryme_is1" = Pryme 1.26
"pstoedit and importps_is1" = pstoedit and importps 3.45
"pygame-py2.4" = Python 2.4 pygame-1.7.1release
"PyOpenGL-py2.4" = Python 2.4 PyOpenGL-2.0.2.01
"QcDrv" = Logitech® Camera Driver
"Quicken Basic 2000" = Quicken Basic 2000
"QuickLink III" = QuickLink III
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"Reference Manager 9" = Reference Manager 9
"RegScrubXP_is1" = RegScrubXP 3.25
"Republican Invasion_is1" = Republican Invasion v1.0
"RIS Web Helper" = RIS Web Helper
"Roxio MRFilter" = Roxio EasyWrite Reader
"SSI CCD Image" = SSI CCD Image
"ST6UNST #1" = jClamp32 for Windows
"StudioDV" = Studio
"t@b ZS4_is1" = t@b ZS4 v0.947-686
"TrueImage" = Acronis True Image
"Verizon Online DSL_is1" = Verizon Online DSL
"Verizon Online Help and Support" = Verizon Online Help and Support
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"ViCAM Color Digital Video Camera Utilities" = ViCAM Camera Utilities 6.8.5.8 (Remove only)
"visionegg-py2.4" = Python 2.4 visionegg-1.0
"VLC media player" = VLC media player 1.1.3
"VZBB" = Verizon Broadband Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinGTK-2_is1" = GTK+ 2.8.7 runtime environment
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XiphQT" = Xiph QuickTime Components
"YIP2_HP" = My Yahoo! for HP

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1801674531-1935655697-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MathWorks Download Agent" = MathWorks Download Agent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 1:53:23 AM | Computer Name = HPPAV | Source = MsiInstaller | ID = 10005
Description = Product: Windows Defender -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2755. The arguments are: 110, C:\WINDOWS\Installer\WindowsDefender.msi,


Error - 1/9/2011 2:20:55 AM | Computer Name = HPPAV | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\WindowsDefender.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 1/9/2011 2:21:52 AM | Computer Name = HPPAV | Source = Microsoft Management Console | ID = 1000
Description =

Error - 1/9/2011 2:21:59 AM | Computer Name = HPPAV | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\WindowsDefender.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 1/9/2011 2:23:10 AM | Computer Name = HPPAV | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\WindowsDefender.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 1/9/2011 2:23:28 AM | Computer Name = HPPAV | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\SWindowsDefender.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 1/9/2011 2:24:27 AM | Computer Name = HPPAV | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\WindowsDefender.msi is not
permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 1/9/2011 4:06:53 AM | Computer Name = HPPAV | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\WINDOWS\SYSTEM32\compmgmt.msc for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program compmgmt.msc because of this
error. Program: compmgmt.msc File: E:\WINDOWS\SYSTEM32\compmgmt.msc The error value
is listed in the Additional Data section. User Action 1. Open the file again. This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: C000009C Disk type: 5

Error - 1/9/2011 4:07:32 AM | Computer Name = HPPAV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mmcshext.dll, version 5.2.3790.4136, fault address 0x00008d5c.

Error - 1/9/2011 4:08:49 AM | Computer Name = HPPAV | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

[ System Events ]
Error - 1/9/2011 4:06:48 AM | Computer Name = HPPAV | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/9/2011 4:06:50 AM | Computer Name = HPPAV | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/9/2011 4:06:51 AM | Computer Name = HPPAV | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/9/2011 4:06:53 AM | Computer Name = HPPAV | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/9/2011 4:08:43 AM | Computer Name = HPPAV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/10/2011 11:59:14 PM | Computer Name = HPPAV | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1290

Error - 1/10/2011 11:59:14 PM | Computer Name = HPPAV | Source = Service Control Manager | ID = 7001
Description = The Network DDE service depends on the Network DDE DSDM service which
failed to start because of the following error: %%1058

Error - 1/10/2011 11:59:14 PM | Computer Name = HPPAV | Source = Service Control Manager | ID = 7000
Description = The SetupNT service failed to start due to the following error: %%2

Error - 1/10/2011 11:59:15 PM | Computer Name = HPPAV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error - 1/11/2011 12:16:04 AM | Computer Name = HPPAV | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >

Edited by Greathaniel562, 10 January 2011 - 11:42 PM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 11 January 2011 - 02:34 PM

Hi,

can you tell me what you changed with SafeXP it sounds as if you blocked installs and changes with that tool, perhaps accidentally or the SafeXP install got corrupted.

That chkdsk needs to run so frequently is not normal. Have you checked if the hard drive is failing? Does chkdsk find anything when it runs?


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 11 January 2011 - 10:36 PM

The hard drive is brand new, and the problem migrated from a smaller hard drive to the larger.
Looks like a cloaked MITM attack.

Myrti: I am pretty sure it is not SafeXP. That disables a lot of malware process things, like DCOM, and Plug-and Play issues.

1. I cannot uninstall IP1.6 and Ms Client for Networks, it keeps getting mysteriously reinstalled.

2. The state of the network taskbar icon is cloaked, to its true status. It does not indicate it is disconnected from the network. So there is some sort of a spoofing of the network connection status going on that Rkill seems to fix. After RKill, the network taskbar icon finally states it is disconnected. With the malware, the first time you accessed the network it did not work, then the second access mysteriously worked but the network icon taskbar was always dark with inactive computer icons.

3. On a normal machine, if you START Search for chkdsk.exe you find one or two copies of it. Then the search stops.
On my machine START Search for chkdsk.exe never ends and finds at least 10 copies of chkdsk.exe+; all in c:\windows\system32.

4. In the prefetch folder (cleaned) I found entries FRGNTFS.EXE-266967DR.pf and defragexe273f131E.pf

http://www.spywareremove.com/removedefragexe273f131epf.html --indicates spyware operating.

dfrgntfs.exe-269967df.pf This indicates an IBIS toolbar. Supposedly it monitors your browsing activity.
http://www.spywareremove.com/removedfrgntfsexe269967dfpf.html
http://www.spywareremove.com/removeibistoolbar.html


I deleted all the prefetch files but the problems are still around.

5. I still cannot run dds.htm or dds.scr in any from. It says "This program does not support your operating system". BOGUS.

There seem to be entries in the OTL Extras log related to registry entries about these suffixes (.scr, .pif, .htm), but I cannot tell if they are disabling the .scr or .htm entries.

"ibis toolbar Description
IBIS Toolbar is a web browser toolbar that may redirect your search requests and display pop-up advertisements. IBIS Toolbar may monitor your Internet activity, including your search requests, websites you are visiting, products you are buying, and data you enter into forms. IBIS Toolbar may share this information with third party partners. IBIS Toolbar may also download and install adware without your knowledge or permission. IBIS Toolbar may prevent you from visiting various anti-spyware websites. IBIS Toolbar is typically distributed through pop-up advertisements and bundles with other spyware, such as Cydoor. "


6. IE kept explaining the search toolbar was corrupted. But I could not see any popups..it just went back to MS's Live Search default.

7. The dirty bit is getting set in chkdsk on the new drive often causing many C: boot scans. This happenened on the old hard drive (reinstalled the OS and dissappeared), and is still happening on the new drive. I need to get this malware removed infecting the registry (and other locations..like root files?).

#9 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 11 January 2011 - 10:45 PM

Look at all these OTL. EXTRAs entries.
Something is trying pretty hard to disable something:
========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
hlpfile [open] -- winhelp.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 12 January 2011 - 06:58 AM

Hi,

the registry entries you listed from the extras.txt are perfectly normal. DDS needs to be running to tell you it will not run on your OS, hence whichever extension is being used is working. It occasionally happens that DDS detects the OS wrongly, not always related to malware.

Disabling DCOM can cause any number of issues and several programs heavily rely on it, I would therefore not exclude that this is related to your issues.

Regarding chkdsk are they all called chkdsk.exe? Or maybe chkdsk.exe.001, chkdisk.exe.002 etc. This is usually a sign for a problem with the file system and the files have been recovered. Is chkdsk running on every boot or only on many boots?

Regarding the defrag...pf, this is just a proof that that website is not to be trusted. The prefetch folder is a folder in which data for executed files gets stored in case you want to reexecute them again shortly. It is supposed to accelerate your system.
There is a defrag.exe present by default on every system, if that file was executed at any time within the last (this depends somewhat on the hard drive and your settings) 100 days then a defrag...pf is going to be present on your system. It is definitely by it's own not a sign for malware.

Regarding the IBIS toolbar, if it was installed it would be showing in the logs as a toolbar, but it doesn't. Plus that infection is very old (back from 2003/2004), it will be easily detected by any program.

I see you tried to run Combofix (several times). Did you get a log produced at any time?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 14 January 2011 - 01:10 AM

OK, Here is Combofix, here called XomboFix2. And now DDS is running! so this is Good :P

When it was running I got a fake PEVcfxxxe error

ComboFix 11-01-13.01 - AMDadmin 01/13/2011 23:46:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2356 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\XomboFix2.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


DDS.pif
.

-------\Service_IAS
-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-09 05:43 . 2011-01-09 05:43 709456 ----a-w- c:\windows\is-JGIH4.exe
2011-01-09 05:30 . 2011-01-09 05:30 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2011-01-03 03:51 . 2011-01-03 03:57 -------- d-----w- C:\CopyComboFix
2011-01-03 03:08 . 2008-04-14 09:39 275968 -c--a-w- c:\windows\system32\dllcache\OLD3E.tmp
2011-01-03 03:08 . 2001-08-23 12:00 94720 -c--a-w- c:\windows\system32\dllcache\OLD3C.tmp
2011-01-03 02:51 . 2011-01-03 03:03 -------- d-----w- C:\I386
2011-01-03 02:14 . 2004-05-13 05:39 184435 -c--a-w- c:\windows\system32\dllcache\OLD3A.tmp
2011-01-03 02:14 . 2008-04-14 09:39 76288 -c--a-w- c:\windows\system32\dllcache\OLD36.tmp
2011-01-03 02:14 . 2003-03-24 21:52 188480 -c--a-w- c:\windows\system32\dllcache\OLD33.tmp
2011-01-03 02:14 . 2008-04-14 09:39 275968 -c--a-w- c:\windows\system32\dllcache\OLD2F.tmp
2011-01-03 02:14 . 2001-08-23 12:00 94720 -c--a-w- c:\windows\system32\dllcache\OLD2C.tmp
2011-01-03 02:14 . 2003-03-24 21:52 16439 -c--a-w- c:\windows\system32\dllcache\OLD29.tmp
2011-01-03 02:14 . 2003-03-24 21:52 20540 -c--a-w- c:\windows\system32\dllcache\OLD25.tmp
2011-01-03 02:12 . 2003-03-24 21:52 16439 -c--a-w- c:\windows\system32\dllcache\OLD21.tmp
2011-01-03 02:12 . 2003-03-24 21:52 20540 -c--a-w- c:\windows\system32\dllcache\OLD1D.tmp
2011-01-02 19:54 . 2011-01-02 19:54 141344914 ----a-w- C:\Reg1-02-10.reg
2011-01-02 13:37 . 2011-01-02 13:37 487 ----a-w- c:\windows\system32\loginX.cmd
2010-12-31 09:13 . 2010-12-31 09:13 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2010-12-31 09:12 . 2010-12-31 09:13 34816 ----a-w- c:\windows\system32\drivers\rootrepeal123.sys
2010-12-31 09:00 . 2011-01-09 04:22 -------- d-----w- C:\MGtools
2010-12-31 08:53 . 2011-01-03 03:51 -------- d-----w- C:\ComboFix
2010-12-31 07:15 . 2010-12-31 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-31 07:15 . 2010-12-31 07:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-12-31 05:55 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 05:55 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-30 06:43 . 2010-08-16 20:31 725064 ----a-w- c:\windows\system32\pwNative.exe
2010-12-30 06:43 . 2010-08-16 20:31 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-12-30 06:43 . 2010-08-16 20:31 11104 ------w- c:\windows\system32\pwdspio.sys
2010-12-30 06:43 . 2010-12-30 06:43 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 5.2
2010-12-30 05:12 . 2010-12-30 04:33 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-12-30 04:33 . 2010-12-30 04:32 44384 ----a-w- c:\windows\system32\drivers\OLDB5.tmp
2010-12-30 04:33 . 2010-12-30 04:32 441760 ----a-w- c:\windows\system32\drivers\OLDB3.tmp
2010-12-30 04:33 . 2010-12-30 04:31 368480 ----a-w- c:\windows\system32\drivers\OLDAA.tmp
2010-12-30 04:32 . 2010-12-30 02:57 44384 ----a-w- c:\windows\system32\drivers\OLD7E.tmp
2010-12-30 04:32 . 2010-12-30 02:57 441760 ----a-w- c:\windows\system32\drivers\OLD7C.tmp
2010-12-30 04:31 . 2010-12-30 02:56 368480 ----a-w- c:\windows\system32\drivers\OLD73.tmp
2010-12-30 04:31 . 2010-12-30 04:31 -------- d-----w- c:\program files\Seagate
2010-12-30 02:57 . 2010-12-30 02:55 44384 ----a-w- c:\windows\system32\drivers\OLD140.tmp
2010-12-30 02:57 . 2010-12-30 02:55 441760 ----a-w- c:\windows\system32\drivers\OLD13E.tmp
2010-12-30 02:56 . 2010-12-30 02:55 368480 ----a-w- c:\windows\system32\drivers\OLD135.tmp
2010-12-30 02:55 . 2010-12-30 00:20 44384 ----a-w- c:\windows\system32\drivers\OLD109.tmp
2010-12-30 02:55 . 2010-12-30 00:20 441760 ----a-w- c:\windows\system32\drivers\OLD107.tmp
2010-12-30 02:55 . 2010-12-30 00:10 368480 ----a-w- c:\windows\system32\drivers\OLDFC.tmp
2010-12-30 00:20 . 2007-02-19 00:01 28896 ----a-w- c:\windows\system32\drivers\OLDB1.tmp
2010-12-30 00:20 . 2007-02-19 00:01 211520 ----a-w- c:\windows\system32\drivers\OLDAE.tmp
2010-12-30 00:10 . 2010-12-30 04:33 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-12-30 00:09 . 2010-12-30 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-12-29 23:57 . 2010-12-29 23:57 1409 ----a-w- c:\windows\QTFont.for
2010-12-17 01:19 . 2010-11-06 00:26 916480 ----a-w- c:\windows\system32\SET26.tmp
2010-12-17 01:19 . 2010-11-06 00:26 602112 ----a-w- c:\windows\system32\SET2D.tmp
2010-12-17 01:19 . 2010-11-06 00:26 55296 ----a-w- c:\windows\system32\SET2C.tmp
2010-12-17 01:19 . 2010-11-06 00:26 5959168 ----a-w- c:\windows\system32\SET2B.tmp
2010-12-17 01:19 . 2010-11-06 00:26 1991680 ----a-w- c:\windows\system32\SET31.tmp
2010-12-17 01:19 . 2010-11-06 00:26 1210880 ----a-w- c:\windows\system32\SET27.tmp
2010-12-17 01:19 . 2010-11-06 00:26 11080704 ----a-w- c:\windows\system32\SET33.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 04:38 . 2010-08-01 21:03 17488 ----a-w- c:\windows\gdrv.sys
2011-01-02 13:37 . 2007-04-03 01:29 487 ----a-w- c:\windows\system32\login.cmd
2010-12-31 09:01 . 2010-12-31 09:00 41488 ----a-w- C:\MGlogs.zip
2010-12-30 04:33 . 2007-02-19 00:01 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-12-30 04:33 . 2007-02-19 00:01 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-28 07:36 . 2010-11-28 07:36 138485152 ----a-w- C:\Reg11-28-10.reg
2010-11-18 18:12 . 2009-11-14 19:48 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 18:16 . 2010-11-06 19:25 1445888 ----a-w- c:\documents and settings\Administrator\winsockxpfix.exe
2010-11-06 00:26 . 2008-04-14 09:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 04:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2010-10-28 13:13 290048 ----a-w- c:\windows\system32\SET67.tmp
2010-10-28 13:13 . 2008-04-14 09:39 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 05:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2006-02-23 13:16 . 2006-03-25 04:43 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 13:16 . 2006-03-25 04:43 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2001-11-30 23:26 . 2001-11-30 23:26 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMAQBoot"="d:\program files\National Instruments\NI-IMAQ\bin\ImaqBoot.exe" [2001-06-19 32845]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"Printing Migration"="c:\windows\System32\spool\migrate.dll" [1999-12-07 25360]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-4-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\QUALCOMM\EUDORA MAIL\EUSHLEXT.DLL" [2001-04-11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [11/6/2010 8:54 PM 165584]
R1 BS_I2cIo;BS_I2cIo;c:\windows\SYSTEM32\DRIVERS\BS_I2cIo.sys [10/3/2009 5:14 PM 17024]
R2 ApogeeIO;Apogee Port I/O;c:\windows\SYSTEM32\DRIVERS\apogeeio.sys [6/1/2005 12:07 PM 5314]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [11/6/2010 8:54 PM 17744]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [8/1/2010 3:33 PM 68136]
R2 MaxImIO;MaxIm Port I/O;c:\windows\SYSTEM32\DRIVERS\maximio.sys [6/1/2005 12:07 PM 7610]
R2 niarbk;niarbk;c:\windows\SYSTEM32\DRIVERS\niarbk.dll [12/1/2001 1:21 PM 37376]
R2 nibffrk;nibffrk;c:\windows\SYSTEM32\DRIVERS\nibffrk.dll [12/1/2001 1:21 PM 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\SYSTEM32\DRIVERS\nidaq32k.sys [12/1/2001 2:50 PM 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\SYSTEM32\DRIVERS\nidmmk.dll [12/1/2001 2:51 PM 46592]
R2 nimdsk;nimdsk;c:\windows\SYSTEM32\DRIVERS\nimdsk.dll [12/1/2001 1:25 PM 31232]
R2 nistck;nistck;c:\windows\SYSTEM32\DRIVERS\niSTCk.dll [12/1/2001 1:27 PM 111616]
R2 ViCAM;ViCAM;c:\windows\SYSTEM32\DRIVERS\Vicam.sys [7/9/2007 8:43 PM 25984]
S0 dcnyey;dcnyey;c:\windows\system32\drivers\qsydpki.sys --> c:\windows\system32\drivers\qsydpki.sys [?]
S1 PDIDRV;PDIDRV; [x]
S2 NatMotion;NatMotion;c:\windows\SYSTEM32\DRIVERS\NatMotion.sys [6/13/2001 9:15 AM 104537]
S3 Ambfilt;Ambfilt;c:\windows\SYSTEM32\DRIVERS\Ambfilt.sys [1/1/2009 12:55 AM 1691480]
S3 BS_Flash;BS_Flash;c:\program files\BIOS Update\BIOS Update\Award\BS_Flash.sys [10/3/2009 5:14 PM 3604]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\SYSTEM32\DRIVERS\gpibclsb.sys [7/1/1999 11:25 AM 56904]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\SYSTEM32\DRIVERS\gpibclsd.sys [7/1/1999 11:04 AM 34664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [9/27/2006 4:12 PM 10664]
S3 NiViPxiK;NiViPxiK;c:\windows\SYSTEM32\DRIVERS\NiViPxiK.sys [10/26/2001 4:48 PM 16896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 4:10 PM 32512]
S3 NUVision;Pinnacle LINX;c:\windows\SYSTEM32\DRIVERS\Nuvision.sys [12/13/2006 11:16 PM 136352]
S3 pwdrvio;pwdrvio;c:\windows\SYSTEM32\pwdrvio.sys [12/30/2010 1:43 AM 16472]
S3 pwdspio;pwdspio;c:\windows\SYSTEM32\pwdspio.sys [12/30/2010 1:43 AM 11104]
S3 usbhub20;USB 2.0 Root Hub Support;c:\windows\SYSTEM32\DRIVERS\usbhub20.sys [12/10/2005 1:15 AM 49776]
S3 VICAMUSB;3Com HomeConnect USB Camera;c:\windows\SYSTEM32\DRIVERS\VicamUsb.sys [7/9/2007 8:43 PM 38548]
S4 ptssvc;ptssvc;c:\program files\KODAK\Kodak EasyShare software\bin\ptssvc.exe [9/11/2002 9:31 AM 73728]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: google.com\www
Trusted Zone: ieaddons.com\www
Trusted Zone: secunia.com\psi
Trusted Zone: yahoo.com\mail
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bg4s98jj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: OpenXMLViewer: OpenXMLViewer@Codeplex.com - %profile%\extensions\OpenXMLViewer@Codeplex.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
.scr=ft000001
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
HKLM-Run-Acronis True Image Monitor - c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
HKLM-Run-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-Axon pCLAMP 8.2 - d:\axon\pCLAMP80.isu
AddRemove-FullTilt2Demov1.0 - c:\program files\plus!\ft2demo\DeIsL3.isu
AddRemove-HP Simple Trax - d:\program files\CD-Writer Plus\HP Simple Trax\Uninst.isu
AddRemove-Iris - d:\DeIsL1.isu
AddRemove-JRE 1.3 - c:\program files\JavaSoft\JRE\1.3\Uninst.isu
AddRemove-Norton Utilities - c:\program files\Norton SystemWorks\Norton Utilities\Uninst.isu
AddRemove-Origin 6.0 - d:\program files\Uninst.isu
AddRemove-PaperMaster - d:\program files\CD-Writer Plus\PaperMaster\PFC\DeIsL1.isu
AddRemove-pCLAMP 7 - d:\axon\Clampex7\Uninst.isu
AddRemove-TrueImage - c:\program files\Acronis\TrueImage\MediaBuilder.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 23:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5004)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2011-01-13 23:59:06
ComboFix-quarantined-files.txt 2011-01-14 04:59

Pre-Run: 198,896,472,064 bytes free
Post-Run: 198,832,390,144 bytes free

- - End Of File - - ABECB4BE42D0EBD3A734AE0B55961FCE


DDS.txt
See attached zip as requested

Attached Files

  • Attached File  DDS.zip   5.81KB   0 downloads


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 16 January 2011 - 05:59 AM

Hi,

have you been able to update your tools too?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 16 January 2011 - 02:46 PM

I was able to intstall Superantispyware, and update...but it found nada this time.

AVast : cannot update

WIN XP: cannot update



PEV.cfxxe fake error, and Cx0000102 75b6bf7c fake error ---These errors persist even in SAFE MODE.
Scripts are blocked in safe mode too. OTL runs though. DDS blocked again...

Time to sfc /scannow?

Rootkit? Bootkit?

#14 Greathaniel562

Greathaniel562
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 16 January 2011 - 03:07 PM

BTW the PEV.cfxxe error is seen in some forms of Zlob virus.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:58 PM

Posted 18 January 2011 - 01:49 PM

Hi,

ok, please run this:
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

I believe some of the issues may be related to your anti virus program. Could you please should down your firewall and let me know if you can then update.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users