Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Internet Explorer shut down message and loss of Internet audio


  • This topic is locked This topic is locked
38 replies to this topic

#1 buzzerman1

buzzerman1

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 30 January 2011 - 10:37 AM

I am running IE 8 service pack 3 on a Dell Dimension E520. I have lost all speaker function within IE 8 and for all .wav sounds. My speakers work fine for files that I have saved on my hard drive, i.e. MP3, MPG, AVI, etc. After much investigation on my own I thought I had a problem with service pack 3. I reverted to service pack 2 and regained my speakers. I tried to reinstall service pack 3 and my speakers worked initially but were gone shortly after. There is no speaker icon on the taskbar even though "show icon on taskbar" is checked. Additionally, I am getting bogus Internet Explorer messages stating "Internet Explorer has encountered a problem and will now close". I get the option to send or not send this bug to Microsoft, I choose "don't send" and the dialogue box disappears with no interuption to service. My computer seems slower than normal and I'm convinced I have some malware, registry or rootkit issues I haven't found with my spyware tools.

I have downloaded the DDS.scr file and tried to run it but the file has no application associated with it to run. I was able to get it to run only as a DOS command in Safe Mode. I don't know whether this will show the information required but I am attaching the DDS and Attach files just the same. I have also attached the ark.txt file and am desperately asking for help to restore my system to it's rightful functionality.

Thanks to all in advance for the assistance.


DDS (Ver_10-11-10.01) - NTFSx86 MINIMAL
Run by Dave at 6:37:55.54 on Sun 01/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2762 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dave\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.mediacomtoday.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ymetray.lnk.disabled
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - c:\microgaming\poker\pokerhostmpp\MPPoker.exe
IE: {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - c:\microgaming\poker\doylesroommpp\MPPoker.exe
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290795716849
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://studiocams.cumulusfwb.com/axiscamcontrol.ocx
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-11 130936]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-11 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-11 39200]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 Dot4scann;Dot4scann;c:\windows\system32\drivers\dot4scann.sys --> c:\windows\system32\drivers\Dot4scann.sys [?]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-11 159600]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
S2 gupdate1c987cb73d7a640;Google Update Service (gupdate1c987cb73d7a640);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2006-12-15 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2006-11-9 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-11-16 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2006-11-9 566872]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-16 18560]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-5-11 64392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-11 33056]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-11-9 280392]

=============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2011-01-30 12:34:13 -------- d-----w- c:\program files\ParetoLogic
2011-01-30 12:34:13 -------- d-----w- c:\program files\common files\ParetoLogic
2011-01-30 12:34:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2011-01-30 12:34:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\FileCure
2011-01-17 01:27:56 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-01-11 01:56:11 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-01-09 17:06:10 -------- d-sh--w- c:\documents and settings\dave\PrivacIE

==================== Find3M ====================

2011-01-11 01:56:11 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-01-11 01:56:11 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-09 23:38:26 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-12-09 23:38:24 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-12-09 23:38:24 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-12-09 23:38:24 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-12-09 23:38:24 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-12-09 23:38:24 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-12-09 23:38:22 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-12-09 23:38:22 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-12-09 23:38:22 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-12-09 23:38:22 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-12-09 23:38:20 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-12-09 23:38:20 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

============= FINISH: 6:39:09.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:00 PM

Posted 04 February 2011 - 01:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 06 February 2011 - 09:55 AM

Following are the OTL.txt, Extras.txt and gmer.log files.

OTL logfile created on: 2/5/2011 6:16:58 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 76.26 Gb Free Space | 52.85% Space Free | Partition Type: NTFS

Computer Name: DB05G5C1 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/05 06:15:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2010/12/09 17:38:32 | 000,062,928 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/27 09:05:04 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/27 09:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/26 13:29:13 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/15 18:08:10 | 000,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/14 23:11:40 | 000,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/06/01 15:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2011/02/05 06:15:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Ventrilo)
SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - [2010/12/09 17:38:32 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/12/15 08:34:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 09:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/05/11 07:23:31 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/12/15 18:08:10 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2006/11/28 01:45:27 | 000,086,528 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/01 15:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/04/03 10:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/31 10:23:26 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/03/31 10:23:24 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/03/31 10:23:20 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 10:36:04 | 000,064,392 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/11/26 17:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 17:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 17:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/11/17 15:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/17 15:11:06 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/17 15:11:04 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/01 13:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/01 16:51:26 | 000,985,600 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:47:56 | 000,267,776 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/11/01 16:47:08 | 000,661,504 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 14:36:54 | 000,008,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/05 11:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/11/09 15:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 15:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/07/19 14:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 05:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/16 07:39:00 | 003,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/05 02:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/09 14:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 14:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 14:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 14:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 14:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mediacomtoday.com/
IE - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.mediacomtoday.com/
IE - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\software\mozilla\FireFox\Extensions\\G2_v1042@gamingsquared.com: C:\Program Files\GamingSquared\Gaming2\FF_v1042 [2008/03/28 23:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009/11/21 19:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/05 14:46:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\FireFox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/07 03:01:25 | 000,000,000 | ---D | M]

[2010/02/04 13:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/09/22 17:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/02/04 13:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/22 17:55:03 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2010/11/22 07:50:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe ()
O4 - Startup: C:\Documents and Settings\Sherry\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - File not found
O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - File not found
O9 - Extra Button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - File not found
O9 - Extra 'Tools' menuitem : UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Reg Error: Key error. File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290795716849 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://studiocams.cumulusfwb.com/axiscamcontrol.ocx (CamImage Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 06:15:53 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2011/01/30 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/30 06:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
[2011/01/30 06:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/01/30 06:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/01/30 06:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/30 06:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/01/16 19:27:56 | 000,018,560 | ---- | C] (LeapFrog) -- C:\WINDOWS\System32\drivers\FlyUsb.sys
[2011/01/09 11:06:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dave\PrivacIE
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[493 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/05 06:15:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2011/02/05 06:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/04 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/02/04 17:00:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/02/04 08:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/03 20:30:40 | 000,000,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/02/03 19:31:20 | 000,172,544 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/03 03:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/02/02 11:18:58 | 014,697,472 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/02/02 11:18:58 | 007,084,032 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/02/02 10:06:04 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/02 10:06:02 | 000,001,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/02/02 10:05:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/02 10:02:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/02 10:02:30 | 3219,038,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/01 11:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/30 06:34:13 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic FileCure.lnk
[2011/01/30 06:34:13 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic FileCure.lnk
[2011/01/30 05:59:36 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\gmer.zip
[2011/01/30 05:56:44 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2011/01/16 19:30:28 | 000,475,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/16 19:30:28 | 000,084,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 18:39:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/10 19:56:11 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/01/10 19:56:11 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/01/10 19:56:11 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[493 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/03 20:30:38 | 000,000,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/02/02 10:05:18 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/30 06:41:25 | 3219,038,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/30 06:34:18 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/01/30 06:34:13 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\ParetoLogic FileCure.lnk
[2011/01/30 06:34:13 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic FileCure.lnk
[2011/01/10 19:56:11 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/11/26 12:13:48 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/11/24 07:54:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/24 07:54:43 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/24 07:54:43 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/24 07:54:43 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/26 17:25:13 | 000,214,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/07 17:12:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/28 11:21:00 | 000,000,323 | ---- | C] () -- C:\WINDOWS\WaveView.INI
[2009/09/10 12:40:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/09/10 12:40:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/11/07 01:19:38 | 000,018,429 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\bagevar._dl
[2008/11/07 01:19:37 | 000,019,423 | ---- | C] () -- C:\WINDOWS\sudox.sys
[2008/11/07 01:19:37 | 000,017,923 | ---- | C] () -- C:\WINDOWS\System32\amatirypa.dll
[2008/11/07 01:19:37 | 000,016,650 | ---- | C] () -- C:\Program Files\Common Files\alygupuzup._sy
[2008/11/07 01:19:37 | 000,015,602 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\hyzewiqyty.dll
[2008/08/30 19:48:54 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\dvd.bmk
[2007/04/01 14:01:11 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/22 16:06:05 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/02/01 10:01:37 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\wklnhst.dat
[2006/12/24 06:47:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/23 09:25:50 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/11 15:46:13 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/12/11 15:46:05 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/12/01 07:57:03 | 000,000,900 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/30 19:51:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/11/30 15:19:22 | 000,172,544 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/30 12:03:17 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\fusioncache.dat
[2006/11/28 01:52:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/28 01:48:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 01:18:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/28 01:17:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 00:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dave\Desktop\LimeWire PRO 4.12.6.exe:SummaryInformation
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 2/5/2011 6:16:58 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 76.26 Gb Free Space | 52.85% Space Free | Partition Type: NTFS

Computer Name: DB05G5C1 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.scr [@ = DWGTrueViewScriptFile] -- "" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp" = C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\Spadester\spades.exe" = C:\Documents and Settings\All Users\Application Data\Spadester\spades.exe:*:Enabled:spades
"C:\Program Files\CarbonPoker\client.exe" = C:\Program Files\CarbonPoker\client.exe:*:Enabled:Carbon Poker Client
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0D03E0AF-A6D1-407A-AAF5-5B429D271EC5}" = LeapFrog MyOwnLeaptop Plugin
"{0E0CD3EB-3EE5-4010-8741-51291B0607E0}" = A610
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC80BB6-6A2C-4B9A-B547-F58C5D250A5D}" = RadioShack USB to Serial Driver
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{511B1882-0A94-43E1-918C-207750572810}" = Bentley View XM Edition 08.09.02.77
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B441C21-F8DE-459B-B2BA-FEC422A8BCE7}" = A710_A610_A510_Help
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{934F5F1F-79EE-48C7-9CAE-7A70586A0D7F}" = Adobe Setup
"{94A61BF7-F8EE-46D1-944B-C765A7FF117A}" = STOPzilla
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-1033-0000-BA7E-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_cc3de31c9bb4dd729259509c74a7512" = Add or Remove Adobe Creative Suite 3 Design Standard
"Age of Empires 2.0" = Microsoft Age of Empires II
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Belarc Advisor" = Belarc Advisor 8.1
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Game Console" = Dell Game Console
"Diablo" = Diablo
"Diablo II" = Diablo II
"DWG TrueView 2010" = DWG TrueView 2010
"Easy Chef's Million Recipes" = Easy Chef's Million Recipes
"EL" = Intel® Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FreeUndelete" = FreeUndelete
"GamingSquaredConsole" = GamingSquared Console
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"LimeWire" = LimeWire PRO 4.12.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PowerShell" = Windows PowerShell™ 1.0
"RegCure" = RegCure 1.5.0.1
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StealthWare Local (Single User)" = StealthWare Local (Single User)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TaxCut Premium 2006" = TaxCut Premium 2006
"TmPcc" = Trend Micro PC-cillin Internet Security 14
"TomTom HOME" = TomTom HOME 2.7.2.1825
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2050996324-2103625151-1972523822-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Networks_Cache_Cleaner 6.1.0" = Juniper Networks Cache Cleaner 6.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2011 11:45:04 PM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/29/2011 8:26:21 AM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/30/2011 7:06:51 AM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/30/2011 12:10:25 PM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/30/2011 1:03:37 PM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/31/2011 8:52:39 PM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/2/2011 12:19:13 AM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/2/2011 11:28:52 AM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 5.3.33.29, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/2/2011 11:34:46 AM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 5.3.33.29, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/5/2011 8:06:59 AM | Computer Name = DB05G5C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ System Events ]
Error - 1/30/2011 8:38:39 AM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/30/2011 8:38:39 AM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/30/2011 8:38:39 AM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31

Error - 1/30/2011 8:38:39 AM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
tmtdi

Error - 1/30/2011 8:40:29 AM | Computer Name = DB05G5C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/30/2011 8:40:32 AM | Computer Name = DB05G5C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/30/2011 8:41:53 AM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7000
Description = The Ventrilo service failed to start due to the following error: %%2

Error - 1/30/2011 8:41:53 AM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 2/2/2011 12:02:50 PM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7000
Description = The Ventrilo service failed to start due to the following error: %%2

Error - 2/2/2011 12:02:50 PM | Computer Name = DB05G5C1 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193


< End of report >


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-06 08:49:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.ZM10
Running: hpkzl9kx.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\fftoapod.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E2F514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E1E282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E1E474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9E2FD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9E2FFB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E2E3FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E30422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9E2F7D8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB1BE3F20]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F79360, 0x21235D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1612] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 04E09471 c:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 04E0942B c:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3916] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \FileSystem\Fastfat \Fat 9A23DD20

AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.trspch tssoft32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.I420 msh263.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv31 ir32_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv32 ir32_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv41 ir41_32.ax
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iyuv iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.uyvy msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yuy2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvu9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvyu msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg723 msg723.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M263 msh263.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M261 msh261.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msaudio1 msaud32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.sl_anet sl_anet.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.iac2 C:\WINDOWS\system32\iac25_32.ax
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv50 ir50_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\WINDOWS\system32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave serwvdrv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.FFDS ff_vfw.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.XVID xvidvfw.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wave rdpsnd.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@mixer rdpsnd.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@MaxBandwidth 22201
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@EnableMP3Codec 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:00 PM

Posted 07 February 2011 - 10:11 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Poker Host Poker - {6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5} - File not found
    O9 - Extra Button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - File not found
    O9 - Extra Button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - File not found
    O9 - Extra 'Tools' menuitem : UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Reg Error: Key error. File not found
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
    O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O37 - HKU\S-1-5-21-2050996324-2103625151-1972523822-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [493 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2008/11/07 01:19:38 | 000,018,429 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\bagevar._dl
    [2008/11/07 01:19:37 | 000,019,423 | ---- | C] () -- C:\WINDOWS\sudox.sys
    [2008/11/07 01:19:37 | 000,017,923 | ---- | C] () -- C:\WINDOWS\System32\amatirypa.dll
    [2008/11/07 01:19:37 | 000,016,650 | ---- | C] () -- C:\Program Files\Common Files\alygupuzup._sy
    [2008/11/07 01:19:37 | 000,015,602 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\hyzewiqyty.dll
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dave\Desktop\LimeWire PRO 4.12.6.exe:SummaryInformation
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 07 February 2011 - 06:10 PM

Sweet Tech,

Thank you for your time and patience. I'm so glad you have taken on this challenge. I am pasting the OTL fix log but I am having trouble with CombFix. I downloaded it to my desktop and shut off all AV programs but I am getting the following errors when I try to launch ComboFix;

Windows cannot find '32788R22FWJFW\n.pif'
Windows cannot find '32788R22FWJFW\iexplore.exe'
Windows cannot find '32788R22FWJFW\hidec.exe'

Following is the OTL log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2050996324-2103625151-1972523822-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0B853A-A2B7-4e17-8DA1-BBC6F2E8C8D5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{725E77D3-B919-4eef-8EEE-D09DE618B6C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{725E77D3-B919-4eef-8EEE-D09DE618B6C1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2050996324-2103625151-1972523822-1006_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2050996324-2103625151-1972523822-1006_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002993_.tmp deleted successfully.
C:\WINDOWS\002996_.tmp deleted successfully.
C:\WINDOWS\003000_.tmp deleted successfully.
C:\WINDOWS\003012_.tmp deleted successfully.
C:\WINDOWS\003021_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET4DC.tmp deleted successfully.
C:\WINDOWS\SET547.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET11FE.tmp deleted successfully.
C:\WINDOWS\System32\SET1201.tmp deleted successfully.
C:\WINDOWS\System32\SET1206.tmp deleted successfully.
C:\WINDOWS\System32\SET1250.tmp deleted successfully.
C:\WINDOWS\System32\SET1253.tmp deleted successfully.
C:\WINDOWS\System32\SET1258.tmp deleted successfully.
C:\WINDOWS\System32\SET1288.tmp deleted successfully.
C:\WINDOWS\System32\SET12F.tmp deleted successfully.
C:\WINDOWS\System32\SET15B.tmp deleted successfully.
C:\WINDOWS\System32\SET15C.tmp deleted successfully.
C:\WINDOWS\System32\SET15E.tmp deleted successfully.
C:\WINDOWS\System32\SET160.tmp deleted successfully.
C:\WINDOWS\System32\SET162.tmp deleted successfully.
C:\WINDOWS\System32\SET169.tmp deleted successfully.
C:\WINDOWS\System32\SET16A.tmp deleted successfully.
C:\WINDOWS\System32\SET16D.tmp deleted successfully.
C:\WINDOWS\System32\SET176.tmp deleted successfully.
C:\WINDOWS\System32\SET177.tmp deleted successfully.
C:\WINDOWS\System32\SET178.tmp deleted successfully.
C:\WINDOWS\System32\SET17A.tmp deleted successfully.
C:\WINDOWS\System32\SET17B.tmp deleted successfully.
C:\WINDOWS\System32\SET17C.tmp deleted successfully.
C:\WINDOWS\System32\SET17D.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET180.tmp deleted successfully.
C:\WINDOWS\System32\SET181.tmp deleted successfully.
C:\WINDOWS\System32\SET182.tmp deleted successfully.
C:\WINDOWS\System32\SET185.tmp deleted successfully.
C:\WINDOWS\System32\SET18C.tmp deleted successfully.
C:\WINDOWS\System32\SET18D.tmp deleted successfully.
C:\WINDOWS\System32\SET18E.tmp deleted successfully.
C:\WINDOWS\System32\SET191.tmp deleted successfully.
C:\WINDOWS\System32\SET193.tmp deleted successfully.
C:\WINDOWS\System32\SET194.tmp deleted successfully.
C:\WINDOWS\System32\SET19A.tmp deleted successfully.
C:\WINDOWS\System32\SET19D.tmp deleted successfully.
C:\WINDOWS\System32\SET19E.tmp deleted successfully.
C:\WINDOWS\System32\SET1A0.tmp deleted successfully.
C:\WINDOWS\System32\SET1A3.tmp deleted successfully.
C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
C:\WINDOWS\System32\SET1A6.tmp deleted successfully.
C:\WINDOWS\System32\SET1A7.tmp deleted successfully.
C:\WINDOWS\System32\SET1A8.tmp deleted successfully.
C:\WINDOWS\System32\SET1A9.tmp deleted successfully.
C:\WINDOWS\System32\SET1AC.tmp deleted successfully.
C:\WINDOWS\System32\SET1AF.tmp deleted successfully.
C:\WINDOWS\System32\SET1B4.tmp deleted successfully.
C:\WINDOWS\System32\SET1B5.tmp deleted successfully.
C:\WINDOWS\System32\SET1B8.tmp deleted successfully.
C:\WINDOWS\System32\SET1BB.tmp deleted successfully.
C:\WINDOWS\System32\SET1BC.tmp deleted successfully.
C:\WINDOWS\System32\SET1C3.tmp deleted successfully.
C:\WINDOWS\System32\SET1C4.tmp deleted successfully.
C:\WINDOWS\System32\SET1C6.tmp deleted successfully.
C:\WINDOWS\System32\SET1CA.tmp deleted successfully.
C:\WINDOWS\System32\SET1D1.tmp deleted successfully.
C:\WINDOWS\System32\SET1D2.tmp deleted successfully.
C:\WINDOWS\System32\SET1D4.tmp deleted successfully.
C:\WINDOWS\System32\SET1D6.tmp deleted successfully.
C:\WINDOWS\System32\SET1D7.tmp deleted successfully.
C:\WINDOWS\System32\SET1D8.tmp deleted successfully.
C:\WINDOWS\System32\SET1D9.tmp deleted successfully.
C:\WINDOWS\System32\SET1DC.tmp deleted successfully.
C:\WINDOWS\System32\SET1DF.tmp deleted successfully.
C:\WINDOWS\System32\SET1E0.tmp deleted successfully.
C:\WINDOWS\System32\SET1E1.tmp deleted successfully.
C:\WINDOWS\System32\SET1E2.tmp deleted successfully.
C:\WINDOWS\System32\SET1E3.tmp deleted successfully.
C:\WINDOWS\System32\SET1E4.tmp deleted successfully.
C:\WINDOWS\System32\SET1E5.tmp deleted successfully.
C:\WINDOWS\System32\SET1E6.tmp deleted successfully.
C:\WINDOWS\System32\SET1EC.tmp deleted successfully.
C:\WINDOWS\System32\SET1ED.tmp deleted successfully.
C:\WINDOWS\System32\SET1EE.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1.tmp deleted successfully.
C:\WINDOWS\System32\SET1F2.tmp deleted successfully.
C:\WINDOWS\System32\SET1F3.tmp deleted successfully.
C:\WINDOWS\System32\SET1F4.tmp deleted successfully.
C:\WINDOWS\System32\SET1F6.tmp deleted successfully.
C:\WINDOWS\System32\SET1F7.tmp deleted successfully.
C:\WINDOWS\System32\SET1F8.tmp deleted successfully.
C:\WINDOWS\System32\SET1FB.tmp deleted successfully.
C:\WINDOWS\System32\SET202.tmp deleted successfully.
C:\WINDOWS\System32\SET203.tmp deleted successfully.
C:\WINDOWS\System32\SET204.tmp deleted successfully.
C:\WINDOWS\System32\SET205.tmp deleted successfully.
C:\WINDOWS\System32\SET207.tmp deleted successfully.
C:\WINDOWS\System32\SET209.tmp deleted successfully.
C:\WINDOWS\System32\SET20A.tmp deleted successfully.
C:\WINDOWS\System32\SET20D.tmp deleted successfully.
C:\WINDOWS\System32\SET20F.tmp deleted successfully.
C:\WINDOWS\System32\SET211.tmp deleted successfully.
C:\WINDOWS\System32\SET212.tmp deleted successfully.
C:\WINDOWS\System32\SET213.tmp deleted successfully.
C:\WINDOWS\System32\SET214.tmp deleted successfully.
C:\WINDOWS\System32\SET215.tmp deleted successfully.
C:\WINDOWS\System32\SET216.tmp deleted successfully.
C:\WINDOWS\System32\SET217.tmp deleted successfully.
C:\WINDOWS\System32\SET21A.tmp deleted successfully.
C:\WINDOWS\System32\SET21B.tmp deleted successfully.
C:\WINDOWS\System32\SET21C.tmp deleted successfully.
C:\WINDOWS\System32\SET21D.tmp deleted successfully.
C:\WINDOWS\System32\SET21E.tmp deleted successfully.
C:\WINDOWS\System32\SET21F.tmp deleted successfully.
C:\WINDOWS\System32\SET220.tmp deleted successfully.
C:\WINDOWS\System32\SET224.tmp deleted successfully.
C:\WINDOWS\System32\SET225.tmp deleted successfully.
C:\WINDOWS\System32\SET226.tmp deleted successfully.
C:\WINDOWS\System32\SET229.tmp deleted successfully.
C:\WINDOWS\System32\SET22A.tmp deleted successfully.
C:\WINDOWS\System32\SET22B.tmp deleted successfully.
C:\WINDOWS\System32\SET22C.tmp deleted successfully.
C:\WINDOWS\System32\SET22D.tmp deleted successfully.
C:\WINDOWS\System32\SET22F.tmp deleted successfully.
C:\WINDOWS\System32\SET232.tmp deleted successfully.
C:\WINDOWS\System32\SET233.tmp deleted successfully.
C:\WINDOWS\System32\SET236.tmp deleted successfully.
C:\WINDOWS\System32\SET237.tmp deleted successfully.
C:\WINDOWS\System32\SET238.tmp deleted successfully.
C:\WINDOWS\System32\SET23A.tmp deleted successfully.
C:\WINDOWS\System32\SET23B.tmp deleted successfully.
C:\WINDOWS\System32\SET23E.tmp deleted successfully.
C:\WINDOWS\System32\SET243.tmp deleted successfully.
C:\WINDOWS\System32\SET249.tmp deleted successfully.
C:\WINDOWS\System32\SET24A.tmp deleted successfully.
C:\WINDOWS\System32\SET24B.tmp deleted successfully.
C:\WINDOWS\System32\SET24C.tmp deleted successfully.
C:\WINDOWS\System32\SET24D.tmp deleted successfully.
C:\WINDOWS\System32\SET24F.tmp deleted successfully.
C:\WINDOWS\System32\SET251.tmp deleted successfully.
C:\WINDOWS\System32\SET252.tmp deleted successfully.
C:\WINDOWS\System32\SET253.tmp deleted successfully.
C:\WINDOWS\System32\SET254.tmp deleted successfully.
C:\WINDOWS\System32\SET255.tmp deleted successfully.
C:\WINDOWS\System32\SET256.tmp deleted successfully.
C:\WINDOWS\System32\SET25B.tmp deleted successfully.
C:\WINDOWS\System32\SET25C.tmp deleted successfully.
C:\WINDOWS\System32\SET266.tmp deleted successfully.
C:\WINDOWS\System32\SET269.tmp deleted successfully.
C:\WINDOWS\System32\SET26B.tmp deleted successfully.
C:\WINDOWS\System32\SET26C.tmp deleted successfully.
C:\WINDOWS\System32\SET26D.tmp deleted successfully.
C:\WINDOWS\System32\SET26F.tmp deleted successfully.
C:\WINDOWS\System32\SET270.tmp deleted successfully.
C:\WINDOWS\System32\SET271.tmp deleted successfully.
C:\WINDOWS\System32\SET272.tmp deleted successfully.
C:\WINDOWS\System32\SET273.tmp deleted successfully.
C:\WINDOWS\System32\SET274.tmp deleted successfully.
C:\WINDOWS\System32\SET275.tmp deleted successfully.
C:\WINDOWS\System32\SET276.tmp deleted successfully.
C:\WINDOWS\System32\SET277.tmp deleted successfully.
C:\WINDOWS\System32\SET279.tmp deleted successfully.
C:\WINDOWS\System32\SET27A.tmp deleted successfully.
C:\WINDOWS\System32\SET27B.tmp deleted successfully.
C:\WINDOWS\System32\SET27D.tmp deleted successfully.
C:\WINDOWS\System32\SET27E.tmp deleted successfully.
C:\WINDOWS\System32\SET27F.tmp deleted successfully.
C:\WINDOWS\System32\SET280.tmp deleted successfully.
C:\WINDOWS\System32\SET285.tmp deleted successfully.
C:\WINDOWS\System32\SET286.tmp deleted successfully.
C:\WINDOWS\System32\SET287.tmp deleted successfully.
C:\WINDOWS\System32\SET289.tmp deleted successfully.
C:\WINDOWS\System32\SET28B.tmp deleted successfully.
C:\WINDOWS\System32\SET28C.tmp deleted successfully.
C:\WINDOWS\System32\SET28F.tmp deleted successfully.
C:\WINDOWS\System32\SET290.tmp deleted successfully.
C:\WINDOWS\System32\SET292.tmp deleted successfully.
C:\WINDOWS\System32\SET295.tmp deleted successfully.
C:\WINDOWS\System32\SET296.tmp deleted successfully.
C:\WINDOWS\System32\SET297.tmp deleted successfully.
C:\WINDOWS\System32\SET298.tmp deleted successfully.
C:\WINDOWS\System32\SET29A.tmp deleted successfully.
C:\WINDOWS\System32\SET29E.tmp deleted successfully.
C:\WINDOWS\System32\SET29F.tmp deleted successfully.
C:\WINDOWS\System32\SET2A0.tmp deleted successfully.
C:\WINDOWS\System32\SET2A3.tmp deleted successfully.
C:\WINDOWS\System32\SET2A4.tmp deleted successfully.
C:\WINDOWS\System32\SET2AA.tmp deleted successfully.
C:\WINDOWS\System32\SET2AC.tmp deleted successfully.
C:\WINDOWS\System32\SET2AD.tmp deleted successfully.
C:\WINDOWS\System32\SET2AE.tmp deleted successfully.
C:\WINDOWS\System32\SET2AF.tmp deleted successfully.
C:\WINDOWS\System32\SET2B0.tmp deleted successfully.
C:\WINDOWS\System32\SET2B1.tmp deleted successfully.
C:\WINDOWS\System32\SET2B2.tmp deleted successfully.
C:\WINDOWS\System32\SET2B3.tmp deleted successfully.
C:\WINDOWS\System32\SET2B7.tmp deleted successfully.
C:\WINDOWS\System32\SET2BB.tmp deleted successfully.
C:\WINDOWS\System32\SET2BC.tmp deleted successfully.
C:\WINDOWS\System32\SET2BD.tmp deleted successfully.
C:\WINDOWS\System32\SET2BF.tmp deleted successfully.
C:\WINDOWS\System32\SET2C0.tmp deleted successfully.
C:\WINDOWS\System32\SET2C2.tmp deleted successfully.
C:\WINDOWS\System32\SET2C3.tmp deleted successfully.
C:\WINDOWS\System32\SET2C4.tmp deleted successfully.
C:\WINDOWS\System32\SET2C5.tmp deleted successfully.
C:\WINDOWS\System32\SET2C6.tmp deleted successfully.
C:\WINDOWS\System32\SET2C7.tmp deleted successfully.
C:\WINDOWS\System32\SET2C8.tmp deleted successfully.
C:\WINDOWS\System32\SET2C9.tmp deleted successfully.
C:\WINDOWS\System32\SET2CB.tmp deleted successfully.
C:\WINDOWS\System32\SET2CC.tmp deleted successfully.
C:\WINDOWS\System32\SET2CD.tmp deleted successfully.
C:\WINDOWS\System32\SET2CE.tmp deleted successfully.
C:\WINDOWS\System32\SET2D0.tmp deleted successfully.
C:\WINDOWS\System32\SET2D1.tmp deleted successfully.
C:\WINDOWS\System32\SET2D2.tmp deleted successfully.
C:\WINDOWS\System32\SET2D3.tmp deleted successfully.
C:\WINDOWS\System32\SET2D4.tmp deleted successfully.
C:\WINDOWS\System32\SET2D6.tmp deleted successfully.
C:\WINDOWS\System32\SET2D7.tmp deleted successfully.
C:\WINDOWS\System32\SET2D9.tmp deleted successfully.
C:\WINDOWS\System32\SET2DA.tmp deleted successfully.
C:\WINDOWS\System32\SET2DB.tmp deleted successfully.
C:\WINDOWS\System32\SET2DD.tmp deleted successfully.
C:\WINDOWS\System32\SET2E2.tmp deleted successfully.
C:\WINDOWS\System32\SET2E3.tmp deleted successfully.
C:\WINDOWS\System32\SET2E4.tmp deleted successfully.
C:\WINDOWS\System32\SET2E5.tmp deleted successfully.
C:\WINDOWS\System32\SET2E6.tmp deleted successfully.
C:\WINDOWS\System32\SET2E7.tmp deleted successfully.
C:\WINDOWS\System32\SET2E8.tmp deleted successfully.
C:\WINDOWS\System32\SET2E9.tmp deleted successfully.
C:\WINDOWS\System32\SET2EA.tmp deleted successfully.
C:\WINDOWS\System32\SET2EB.tmp deleted successfully.
C:\WINDOWS\System32\SET2EC.tmp deleted successfully.
C:\WINDOWS\System32\SET2ED.tmp deleted successfully.
C:\WINDOWS\System32\SET2EE.tmp deleted successfully.
C:\WINDOWS\System32\SET2F0.tmp deleted successfully.
C:\WINDOWS\System32\SET2F1.tmp deleted successfully.
C:\WINDOWS\System32\SET2F2.tmp deleted successfully.
C:\WINDOWS\System32\SET2F4.tmp deleted successfully.
C:\WINDOWS\System32\SET2F7.tmp deleted successfully.
C:\WINDOWS\System32\SET2F8.tmp deleted successfully.
C:\WINDOWS\System32\SET2F9.tmp deleted successfully.
C:\WINDOWS\System32\SET2FA.tmp deleted successfully.
C:\WINDOWS\System32\SET2FB.tmp deleted successfully.
C:\WINDOWS\System32\SET2FC.tmp deleted successfully.
C:\WINDOWS\System32\SET2FD.tmp deleted successfully.
C:\WINDOWS\System32\SET2FE.tmp deleted successfully.
C:\WINDOWS\System32\SET2FF.tmp deleted successfully.
C:\WINDOWS\System32\SET301.tmp deleted successfully.
C:\WINDOWS\System32\SET303.tmp deleted successfully.
C:\WINDOWS\System32\SET304.tmp deleted successfully.
C:\WINDOWS\System32\SET305.tmp deleted successfully.
C:\WINDOWS\System32\SET307.tmp deleted successfully.
C:\WINDOWS\System32\SET308.tmp deleted successfully.
C:\WINDOWS\System32\SET30A.tmp deleted successfully.
C:\WINDOWS\System32\SET30B.tmp deleted successfully.
C:\WINDOWS\System32\SET30C.tmp deleted successfully.
C:\WINDOWS\System32\SET30D.tmp deleted successfully.
C:\WINDOWS\System32\SET30E.tmp deleted successfully.
C:\WINDOWS\System32\SET310.tmp deleted successfully.
C:\WINDOWS\System32\SET311.tmp deleted successfully.
C:\WINDOWS\System32\SET313.tmp deleted successfully.
C:\WINDOWS\System32\SET314.tmp deleted successfully.
C:\WINDOWS\System32\SET315.tmp deleted successfully.
C:\WINDOWS\System32\SET317.tmp deleted successfully.
C:\WINDOWS\System32\SET318.tmp deleted successfully.
C:\WINDOWS\System32\SET31A.tmp deleted successfully.
C:\WINDOWS\System32\SET31B.tmp deleted successfully.
C:\WINDOWS\System32\SET31E.tmp deleted successfully.
C:\WINDOWS\System32\SET31F.tmp deleted successfully.
C:\WINDOWS\System32\SET320.tmp deleted successfully.
C:\WINDOWS\System32\SET321.tmp deleted successfully.
C:\WINDOWS\System32\SET323.tmp deleted successfully.
C:\WINDOWS\System32\SET324.tmp deleted successfully.
C:\WINDOWS\System32\SET327.tmp deleted successfully.
C:\WINDOWS\System32\SET329.tmp deleted successfully.
C:\WINDOWS\System32\SET32A.tmp deleted successfully.
C:\WINDOWS\System32\SET32C.tmp deleted successfully.
C:\WINDOWS\System32\SET32E.tmp deleted successfully.
C:\WINDOWS\System32\SET330.tmp deleted successfully.
C:\WINDOWS\System32\SET332.tmp deleted successfully.
C:\WINDOWS\System32\SET334.tmp deleted successfully.
C:\WINDOWS\System32\SET335.tmp deleted successfully.
C:\WINDOWS\System32\SET337.tmp deleted successfully.
C:\WINDOWS\System32\SET338.tmp deleted successfully.
C:\WINDOWS\System32\SET339.tmp deleted successfully.
C:\WINDOWS\System32\SET33B.tmp deleted successfully.
C:\WINDOWS\System32\SET33C.tmp deleted successfully.
C:\WINDOWS\System32\SET33E.tmp deleted successfully.
C:\WINDOWS\System32\SET33F.tmp deleted successfully.
C:\WINDOWS\System32\SET340.tmp deleted successfully.
C:\WINDOWS\System32\SET341.tmp deleted successfully.
C:\WINDOWS\System32\SET342.tmp deleted successfully.
C:\WINDOWS\System32\SET343.tmp deleted successfully.
C:\WINDOWS\System32\SET345.tmp deleted successfully.
C:\WINDOWS\System32\SET347.tmp deleted successfully.
C:\WINDOWS\System32\SET348.tmp deleted successfully.
C:\WINDOWS\System32\SET34A.tmp deleted successfully.
C:\WINDOWS\System32\SET34B.tmp deleted successfully.
C:\WINDOWS\System32\SET34F.tmp deleted successfully.
C:\WINDOWS\System32\SET350.tmp deleted successfully.
C:\WINDOWS\System32\SET352.tmp deleted successfully.
C:\WINDOWS\System32\SET353.tmp deleted successfully.
C:\WINDOWS\System32\SET354.tmp deleted successfully.
C:\WINDOWS\System32\SET356.tmp deleted successfully.
C:\WINDOWS\System32\SET357.tmp deleted successfully.
C:\WINDOWS\System32\SET358.tmp deleted successfully.
C:\WINDOWS\System32\SET35A.tmp deleted successfully.
C:\WINDOWS\System32\SET35C.tmp deleted successfully.
C:\WINDOWS\System32\SET35F.tmp deleted successfully.
C:\WINDOWS\System32\SET360.tmp deleted successfully.
C:\WINDOWS\System32\SET361.tmp deleted successfully.
C:\WINDOWS\System32\SET362.tmp deleted successfully.
C:\WINDOWS\System32\SET363.tmp deleted successfully.
C:\WINDOWS\System32\SET364.tmp deleted successfully.
C:\WINDOWS\System32\SET365.tmp deleted successfully.
C:\WINDOWS\System32\SET366.tmp deleted successfully.
C:\WINDOWS\System32\SET367.tmp deleted successfully.
C:\WINDOWS\System32\SET369.tmp deleted successfully.
C:\WINDOWS\System32\SET36A.tmp deleted successfully.
C:\WINDOWS\System32\SET36C.tmp deleted successfully.
C:\WINDOWS\System32\SET36F.tmp deleted successfully.
C:\WINDOWS\System32\SET374.tmp deleted successfully.
C:\WINDOWS\System32\SET378.tmp deleted successfully.
C:\WINDOWS\System32\SET379.tmp deleted successfully.
C:\WINDOWS\System32\SET37B.tmp deleted successfully.
C:\WINDOWS\System32\SET37C.tmp deleted successfully.
C:\WINDOWS\System32\SET37E.tmp deleted successfully.
C:\WINDOWS\System32\SET37F.tmp deleted successfully.
C:\WINDOWS\System32\SET380.tmp deleted successfully.
C:\WINDOWS\System32\SET382.tmp deleted successfully.
C:\WINDOWS\System32\SET383.tmp deleted successfully.
C:\WINDOWS\System32\SET384.tmp deleted successfully.
C:\WINDOWS\System32\SET389.tmp deleted successfully.
C:\WINDOWS\System32\SET38B.tmp deleted successfully.
C:\WINDOWS\System32\SET38C.tmp deleted successfully.
C:\WINDOWS\System32\SET38D.tmp deleted successfully.
C:\WINDOWS\System32\SET38E.tmp deleted successfully.
C:\WINDOWS\System32\SET393.tmp deleted successfully.
C:\WINDOWS\System32\SET394.tmp deleted successfully.
C:\WINDOWS\System32\SET395.tmp deleted successfully.
C:\WINDOWS\System32\SET398.tmp deleted successfully.
C:\WINDOWS\System32\SET3A1.tmp deleted successfully.
C:\WINDOWS\System32\SET3A5.tmp deleted successfully.
C:\WINDOWS\System32\SET3A7.tmp deleted successfully.
C:\WINDOWS\System32\SET3AA.tmp deleted successfully.
C:\WINDOWS\System32\SET3AB.tmp deleted successfully.
C:\WINDOWS\System32\SET3AD.tmp deleted successfully.
C:\WINDOWS\System32\SET3AF.tmp deleted successfully.
C:\WINDOWS\System32\SET3B5.tmp deleted successfully.
C:\WINDOWS\System32\SET3B6.tmp deleted successfully.
C:\WINDOWS\System32\SET3B9.tmp deleted successfully.
C:\WINDOWS\System32\SET3BE.tmp deleted successfully.
C:\WINDOWS\System32\SET3C0.tmp deleted successfully.
C:\WINDOWS\System32\SET3C5.tmp deleted successfully.
C:\WINDOWS\System32\SET3C7.tmp deleted successfully.
C:\WINDOWS\System32\SET3C8.tmp deleted successfully.
C:\WINDOWS\System32\SET3CD.tmp deleted successfully.
C:\WINDOWS\System32\SET3CF.tmp deleted successfully.
C:\WINDOWS\System32\SET3D0.tmp deleted successfully.
C:\WINDOWS\System32\SET3D2.tmp deleted successfully.
C:\WINDOWS\System32\SET3D6.tmp deleted successfully.
C:\WINDOWS\System32\SET3DA.tmp deleted successfully.
C:\WINDOWS\System32\SET3DF.tmp deleted successfully.
C:\WINDOWS\System32\SET3E1.tmp deleted successfully.
C:\WINDOWS\System32\SET3E4.tmp deleted successfully.
C:\WINDOWS\System32\SET3E5.tmp deleted successfully.
C:\WINDOWS\System32\SET3E6.tmp deleted successfully.
C:\WINDOWS\System32\SET3E8.tmp deleted successfully.
C:\WINDOWS\System32\SET3EA.tmp deleted successfully.
C:\WINDOWS\System32\SET3EC.tmp deleted successfully.
C:\WINDOWS\System32\SET3F1.tmp deleted successfully.
C:\WINDOWS\System32\SET3F5.tmp deleted successfully.
C:\WINDOWS\System32\SET3F6.tmp deleted successfully.
C:\WINDOWS\System32\SET3FA.tmp deleted successfully.
C:\WINDOWS\System32\SET3FC.tmp deleted successfully.
C:\WINDOWS\System32\SET3FD.tmp deleted successfully.
C:\WINDOWS\System32\SET3FE.tmp deleted successfully.
C:\WINDOWS\System32\SET408.tmp deleted successfully.
C:\WINDOWS\System32\SET40A.tmp deleted successfully.
C:\WINDOWS\System32\SET40F.tmp deleted successfully.
C:\WINDOWS\System32\SET410.tmp deleted successfully.
C:\WINDOWS\System32\SET412.tmp deleted successfully.
C:\WINDOWS\System32\SET413.tmp deleted successfully.
C:\WINDOWS\System32\SET415.tmp deleted successfully.
C:\WINDOWS\System32\SET416.tmp deleted successfully.
C:\WINDOWS\System32\SET41A.tmp deleted successfully.
C:\WINDOWS\System32\SET41E.tmp deleted successfully.
C:\WINDOWS\System32\SET425.tmp deleted successfully.
C:\WINDOWS\System32\SET426.tmp deleted successfully.
C:\WINDOWS\System32\SET427.tmp deleted successfully.
C:\WINDOWS\System32\SET42A.tmp deleted successfully.
C:\WINDOWS\System32\SET42B.tmp deleted successfully.
C:\WINDOWS\System32\SET42D.tmp deleted successfully.
C:\WINDOWS\System32\SET433.tmp deleted successfully.
C:\WINDOWS\System32\SET43C.tmp deleted successfully.
C:\WINDOWS\System32\SET43D.tmp deleted successfully.
C:\WINDOWS\System32\SET441.tmp deleted successfully.
C:\WINDOWS\System32\SET443.tmp deleted successfully.
C:\WINDOWS\System32\SET444.tmp deleted successfully.
C:\WINDOWS\System32\SET445.tmp deleted successfully.
C:\WINDOWS\System32\SET448.tmp deleted successfully.
C:\WINDOWS\System32\SET44B.tmp deleted successfully.
C:\WINDOWS\System32\SET44F.tmp deleted successfully.
C:\WINDOWS\System32\SET452.tmp deleted successfully.
C:\WINDOWS\System32\SET454.tmp deleted successfully.
C:\WINDOWS\System32\SET459.tmp deleted successfully.
C:\WINDOWS\System32\SET45A.tmp deleted successfully.
C:\WINDOWS\System32\SET45B.tmp deleted successfully.
C:\WINDOWS\System32\SET45D.tmp deleted successfully.
C:\WINDOWS\System32\SET45E.tmp deleted successfully.
C:\WINDOWS\System32\SET45F.tmp deleted successfully.
C:\WINDOWS\System32\SET460.tmp deleted successfully.
C:\WINDOWS\System32\SET462.tmp deleted successfully.
C:\WINDOWS\System32\SET464.tmp deleted successfully.
C:\WINDOWS\System32\SET465.tmp deleted successfully.
C:\WINDOWS\System32\SET467.tmp deleted successfully.
C:\WINDOWS\System32\SET469.tmp deleted successfully.
C:\WINDOWS\System32\SET46A.tmp deleted successfully.
C:\WINDOWS\System32\SET46C.tmp deleted successfully.
C:\WINDOWS\System32\SET471.tmp deleted successfully.
C:\WINDOWS\System32\SET472.tmp deleted successfully.
C:\WINDOWS\System32\SET47A.tmp deleted successfully.
C:\WINDOWS\System32\SET47E.tmp deleted successfully.
C:\WINDOWS\System32\SET47F.tmp deleted successfully.
C:\WINDOWS\System32\SET481.tmp deleted successfully.
C:\WINDOWS\System32\SET485.tmp deleted successfully.
C:\WINDOWS\System32\SET486.tmp deleted successfully.
C:\WINDOWS\System32\SET489.tmp deleted successfully.
C:\WINDOWS\System32\SET48C.tmp deleted successfully.
C:\WINDOWS\System32\SET48E.tmp deleted successfully.
C:\WINDOWS\System32\SET492.tmp deleted successfully.
C:\WINDOWS\System32\SET494.tmp deleted successfully.
C:\WINDOWS\System32\SET495.tmp deleted successfully.
C:\WINDOWS\System32\SET496.tmp deleted successfully.
C:\WINDOWS\System32\SET499.tmp deleted successfully.
C:\WINDOWS\System32\SET49A.tmp deleted successfully.
C:\WINDOWS\System32\SET49E.tmp deleted successfully.
C:\WINDOWS\System32\SET49F.tmp deleted successfully.
C:\WINDOWS\System32\SET4A2.tmp deleted successfully.
C:\WINDOWS\System32\SET4A4.tmp deleted successfully.
C:\WINDOWS\System32\SET4A6.tmp deleted successfully.
C:\WINDOWS\System32\SET4A9.tmp deleted successfully.
C:\WINDOWS\System32\SET4AC.tmp deleted successfully.
C:\WINDOWS\System32\SET4AF.tmp deleted successfully.
C:\WINDOWS\System32\SET4B0.tmp deleted successfully.
C:\WINDOWS\System32\SET4B2.tmp deleted successfully.
C:\WINDOWS\System32\SET4B4.tmp deleted successfully.
C:\WINDOWS\System32\SET4B5.tmp deleted successfully.
C:\WINDOWS\System32\SET4B8.tmp deleted successfully.
C:\WINDOWS\System32\SET4BD.tmp deleted successfully.
C:\WINDOWS\System32\SET4BF.tmp deleted successfully.
C:\WINDOWS\System32\SET4C7.tmp deleted successfully.
C:\WINDOWS\System32\SET4C8.tmp deleted successfully.
C:\WINDOWS\System32\SET4CA.tmp deleted successfully.
C:\WINDOWS\System32\SET4CB.tmp deleted successfully.
C:\WINDOWS\System32\SET4CC.tmp deleted successfully.
C:\WINDOWS\System32\SET4CD.tmp deleted successfully.
C:\WINDOWS\System32\SET4CF.tmp deleted successfully.
C:\WINDOWS\System32\SET4D1.tmp deleted successfully.
C:\WINDOWS\System32\SET4D2.tmp deleted successfully.
C:\WINDOWS\System32\SET4D3.tmp deleted successfully.
C:\WINDOWS\System32\SET4D6.tmp deleted successfully.
C:\WINDOWS\System32\SET4D8.tmp deleted successfully.
C:\WINDOWS\System32\SET4DD.tmp deleted successfully.
C:\WINDOWS\System32\SET4DE.tmp deleted successfully.
C:\WINDOWS\System32\SET4E6.tmp deleted successfully.
C:\WINDOWS\System32\SET4ED.tmp deleted successfully.
C:\WINDOWS\System32\SET4F2.tmp deleted successfully.
C:\WINDOWS\System32\SET4F5.tmp deleted successfully.
C:\WINDOWS\System32\SET4F8.tmp deleted successfully.
C:\WINDOWS\System32\SET4FA.tmp deleted successfully.
C:\WINDOWS\System32\SET4FE.tmp deleted successfully.
C:\WINDOWS\System32\SET500.tmp deleted successfully.
C:\WINDOWS\System32\SET501.tmp deleted successfully.
C:\WINDOWS\System32\SET502.tmp deleted successfully.
C:\WINDOWS\System32\SET505.tmp deleted successfully.
C:\WINDOWS\System32\SET506.tmp deleted successfully.
C:\WINDOWS\System32\SET50A.tmp deleted successfully.
C:\WINDOWS\System32\SET50B.tmp deleted successfully.
C:\WINDOWS\System32\SET50F.tmp deleted successfully.
C:\WINDOWS\System32\SET511.tmp deleted successfully.
C:\WINDOWS\System32\SET514.tmp deleted successfully.
C:\WINDOWS\System32\SET517.tmp deleted successfully.
C:\WINDOWS\System32\SET51B.tmp deleted successfully.
C:\WINDOWS\System32\SET51D.tmp deleted successfully.
C:\WINDOWS\System32\SET51F.tmp deleted successfully.
C:\WINDOWS\System32\SET5FE.tmp deleted successfully.
C:\WINDOWS\System32\SET604.tmp deleted successfully.
C:\WINDOWS\System32\SET64.tmp deleted successfully.
C:\WINDOWS\System32\SET65.tmp deleted successfully.
C:\WINDOWS\System32\SET9A.tmp deleted successfully.
C:\WINDOWS\System32\SETA6.tmp deleted successfully.
C:\WINDOWS\System32\SETAF.tmp deleted successfully.
C:\WINDOWS\System32\SETB0.tmp deleted successfully.
C:\WINDOWS\System32\SETB1.tmp deleted successfully.
C:\WINDOWS\System32\SETB2.tmp deleted successfully.
C:\WINDOWS\System32\SETB4.tmp deleted successfully.
C:\Documents and Settings\Dave\Application Data\bagevar._dl moved successfully.
C:\WINDOWS\sudox.sys moved successfully.
C:\WINDOWS\system32\amatirypa.dll moved successfully.
C:\Program Files\Common Files\alygupuzup._sy moved successfully.
C:\Documents and Settings\Dave\Application Data\hyzewiqyty.dll moved successfully.
ADS C:\Documents and Settings\Dave\Desktop\LimeWire PRO 4.12.6.exe:SummaryInformation deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Dave\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Dave\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Dave
->Temp folder emptied: 154265726 bytes
->Temporary Internet Files folder emptied: 86458016 bytes
->Java cache emptied: 34615800 bytes
->Flash cache emptied: 425794 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Jacob
->Temp folder emptied: 150773 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 4061015 bytes
->Flash cache emptied: 1852 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sherry
->Temp folder emptied: 16078 bytes
->Temporary Internet Files folder emptied: 7800529 bytes
->Java cache emptied: 16661636 bytes
->Flash cache emptied: 83741 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: yfl

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67732697 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 355.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Dave
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jacob
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Sherry
->Flash cache emptied: 0 bytes

User: TEMP
->Flash cache emptied: 0 bytes

User: yfl

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02072011_164920

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Dave\Local Settings\Temp\~DF952A.tmp not found!
File\Folder C:\Documents and Settings\Dave\Local Settings\Temp\~DF958F.tmp not found!
File\Folder C:\Documents and Settings\Dave\Local Settings\Temp\~DF970E.tmp not found!
File\Folder C:\Documents and Settings\Dave\Local Settings\Temp\~DF9768.tmp not found!
File\Folder C:\Documents and Settings\Dave\Local Settings\Temp\~DF98D9.tmp not found!
File\Folder C:\Documents and Settings\Dave\Local Settings\Temp\~DF9937.tmp not found!
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\KNX2U0TV\mediacomtoday_com[4].htm moved successfully.
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\ABIKPTAN\page__pid__2124610[1].htm moved successfully.
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\ABIKPTAN\swapAdCAVQN5ML.htm moved successfully.
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\4QC7GCUY\displayadCA51XR92.htm moved successfully.
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\4QC7GCUY\displayadCA6W2YS0.htm moved successfully.
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\4QC7GCUY\displayad[11].htm moved successfully.
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:00 PM

Posted 08 February 2011 - 04:52 PM

Hello buzzerman1,

Thank you for your time and patience. I'm so glad you have taken on this challenge.

Your very welcome. :) I am glad to able to offer my assistance.


I am pasting the OTL fix log but I am having trouble with CombFix. I downloaded it to my desktop and shut off all AV programs but I am getting the following errors when I try to launch ComboFix;


I am sorry to hear that you had trouble running ComboFix. Could you please delete the current copy of ComboFix that you have on your desktop, and download a fresh copy of it to see if it will run for you without giving you an error message.

If it still gives you an error message then please attempt to run ComboFix in Safe Mode. Instructions will follow.

Entering Safe Mode

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Safe Mode
  • Then press the Enter Key on your Keyboard
  • Go into your usual account


It ComboFix still won't run then please post back and we will try something else.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 08 February 2011 - 07:18 PM

Sweet Tech,

I downloaded a fresh version of combofix but got the same error messages as before. I booted in safe mode with networking and comfix launched, successfully downloaded and installed the windows recovery console and started to scan. Midway through the scan my computer rebooted, combofix was still running after the reboot with several error messages as follows:
"SWREG is not a recognized file or command" or something along those lines. The same message came up for "HIDEC".

There were several lines repeating the same thing and then combofix shut down before a log report was generated.

On a brighter note, whatever you have done so far has returned speaker functionality. They returned sometime between the OTL fix and trying to launch combofix. I don't know if I'm still receiving the bogus internet explorer messages. I haven't seen one pop up yet. If you feel there may still be some issues that combofix might have cured I would like to persue additional remedies. Let me know how we should proceed.

Thanks again for the help.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:00 PM

Posted 08 February 2011 - 07:28 PM

buzzerman1,

I'm glad to hear that the issue with your speakers is solved.

Lets try running this scan:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 08 February 2011 - 09:18 PM

I downloaded the TDSSKiller.zip file and attempted to extract with 2 different unzip applications both with the same effect. The only file extracted was the EULA.txt file, not the executable file. Something seems to be blocking this file from being extracted. Any ideas?

#10 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 08 February 2011 - 09:35 PM

I was able to extract the file in safe mode, then ran the executable in normal mode. It said it found no infections and here is the log.

2011/02/08 20:29:53.0500 3240 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 20:29:53.0765 3240 ================================================================================
2011/02/08 20:29:53.0765 3240 SystemInfo:
2011/02/08 20:29:53.0765 3240
2011/02/08 20:29:53.0765 3240 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/08 20:29:53.0765 3240 Product type: Workstation
2011/02/08 20:29:53.0765 3240 ComputerName: DB05G5C1
2011/02/08 20:29:53.0765 3240 UserName: Dave
2011/02/08 20:29:53.0765 3240 Windows directory: C:\WINDOWS
2011/02/08 20:29:53.0765 3240 System windows directory: C:\WINDOWS
2011/02/08 20:29:53.0765 3240 Processor architecture: Intel x86
2011/02/08 20:29:53.0765 3240 Number of processors: 2
2011/02/08 20:29:53.0765 3240 Page size: 0x1000
2011/02/08 20:29:53.0765 3240 Boot type: Normal boot
2011/02/08 20:29:53.0765 3240 ================================================================================
2011/02/08 20:29:54.0000 3240 Initialize success
2011/02/08 20:29:59.0125 3836 ================================================================================
2011/02/08 20:29:59.0125 3836 Scan started
2011/02/08 20:29:59.0125 3836 Mode: Manual;
2011/02/08 20:29:59.0125 3836 ================================================================================
2011/02/08 20:29:59.0359 3836 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/08 20:29:59.0437 3836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/08 20:29:59.0468 3836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/08 20:29:59.0515 3836 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/08 20:29:59.0562 3836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/08 20:29:59.0609 3836 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/08 20:29:59.0656 3836 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/08 20:29:59.0687 3836 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/08 20:29:59.0718 3836 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/08 20:29:59.0812 3836 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/08 20:29:59.0843 3836 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/08 20:29:59.0875 3836 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/08 20:29:59.0890 3836 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/08 20:29:59.0906 3836 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/08 20:29:59.0921 3836 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/08 20:29:59.0953 3836 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/08 20:29:59.0984 3836 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/08 20:30:00.0000 3836 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/08 20:30:00.0062 3836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/08 20:30:00.0078 3836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/08 20:30:00.0125 3836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/08 20:30:00.0140 3836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/08 20:30:00.0187 3836 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/02/08 20:30:00.0218 3836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/08 20:30:00.0250 3836 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/08 20:30:00.0265 3836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/08 20:30:00.0281 3836 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/08 20:30:00.0296 3836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/08 20:30:00.0328 3836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/08 20:30:00.0343 3836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/08 20:30:00.0390 3836 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/08 20:30:00.0421 3836 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/08 20:30:00.0453 3836 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/08 20:30:00.0468 3836 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/08 20:30:00.0500 3836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/08 20:30:00.0531 3836 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/08 20:30:00.0546 3836 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/08 20:30:00.0562 3836 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/08 20:30:00.0578 3836 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/08 20:30:00.0609 3836 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/08 20:30:00.0625 3836 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/08 20:30:00.0687 3836 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/08 20:30:00.0703 3836 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/08 20:30:00.0718 3836 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/08 20:30:00.0765 3836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/08 20:30:00.0812 3836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/08 20:30:00.0828 3836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/08 20:30:00.0859 3836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/08 20:30:00.0890 3836 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/02/08 20:30:00.0921 3836 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/02/08 20:30:00.0953 3836 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/02/08 20:30:00.0984 3836 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/02/08 20:30:01.0000 3836 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/08 20:30:01.0031 3836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/08 20:30:01.0062 3836 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/08 20:30:01.0078 3836 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/08 20:30:01.0156 3836 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/02/08 20:30:01.0187 3836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/08 20:30:01.0234 3836 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/02/08 20:30:01.0265 3836 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
2011/02/08 20:30:01.0296 3836 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
2011/02/08 20:30:01.0312 3836 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
2011/02/08 20:30:01.0328 3836 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
2011/02/08 20:30:01.0343 3836 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
2011/02/08 20:30:01.0406 3836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/08 20:30:01.0437 3836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/08 20:30:01.0453 3836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/08 20:30:01.0468 3836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/08 20:30:01.0515 3836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/08 20:30:01.0578 3836 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2011/02/08 20:30:01.0609 3836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/08 20:30:01.0625 3836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/08 20:30:01.0656 3836 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/08 20:30:01.0687 3836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/08 20:30:01.0718 3836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/08 20:30:01.0734 3836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/08 20:30:01.0765 3836 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/08 20:30:01.0812 3836 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/08 20:30:01.0843 3836 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/08 20:30:01.0875 3836 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/08 20:30:01.0953 3836 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/02/08 20:30:02.0015 3836 HSXHWBS2 (f13eb2f8c0c1ca7bec4cc711be657d67) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2011/02/08 20:30:02.0078 3836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/08 20:30:02.0109 3836 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/08 20:30:02.0140 3836 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/08 20:30:02.0156 3836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/08 20:30:02.0218 3836 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/02/08 20:30:02.0234 3836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/08 20:30:02.0265 3836 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/08 20:30:02.0312 3836 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/08 20:30:02.0328 3836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/08 20:30:02.0359 3836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/08 20:30:02.0390 3836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/08 20:30:02.0406 3836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/08 20:30:02.0437 3836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/08 20:30:02.0468 3836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/08 20:30:02.0500 3836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/08 20:30:02.0562 3836 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
2011/02/08 20:30:02.0578 3836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/08 20:30:02.0625 3836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/08 20:30:02.0656 3836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/08 20:30:02.0703 3836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/08 20:30:02.0734 3836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/08 20:30:02.0796 3836 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/08 20:30:02.0843 3836 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/02/08 20:30:02.0890 3836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/08 20:30:02.0921 3836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/08 20:30:02.0968 3836 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/08 20:30:02.0984 3836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/08 20:30:03.0031 3836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/08 20:30:03.0046 3836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/08 20:30:03.0062 3836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/08 20:30:03.0093 3836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/08 20:30:03.0140 3836 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/08 20:30:03.0156 3836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/08 20:30:03.0171 3836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/08 20:30:03.0187 3836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/08 20:30:03.0234 3836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/08 20:30:03.0281 3836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/08 20:30:03.0296 3836 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/08 20:30:03.0328 3836 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/02/08 20:30:03.0343 3836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/08 20:30:03.0375 3836 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/08 20:30:03.0390 3836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/08 20:30:03.0421 3836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/08 20:30:03.0468 3836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/08 20:30:03.0484 3836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/08 20:30:03.0500 3836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/08 20:30:03.0531 3836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/08 20:30:03.0562 3836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/08 20:30:03.0593 3836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/08 20:30:03.0703 3836 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/08 20:30:03.0765 3836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/08 20:30:03.0781 3836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/08 20:30:03.0828 3836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/08 20:30:03.0859 3836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/08 20:30:03.0890 3836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/08 20:30:03.0906 3836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/08 20:30:03.0953 3836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/08 20:30:03.0984 3836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/08 20:30:04.0031 3836 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/02/08 20:30:04.0062 3836 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/02/08 20:30:04.0093 3836 pctplsg (5aa75b88e57aedf7fdb1f6b5196ad8a6) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/02/08 20:30:04.0187 3836 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/08 20:30:04.0203 3836 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/08 20:30:04.0250 3836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/08 20:30:04.0265 3836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/08 20:30:04.0296 3836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/08 20:30:04.0312 3836 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/08 20:30:04.0343 3836 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/08 20:30:04.0375 3836 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/08 20:30:04.0390 3836 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/08 20:30:04.0421 3836 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/08 20:30:04.0437 3836 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/08 20:30:04.0468 3836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/08 20:30:04.0484 3836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/08 20:30:04.0500 3836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/08 20:30:04.0531 3836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/08 20:30:04.0546 3836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/08 20:30:04.0562 3836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/08 20:30:04.0593 3836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/08 20:30:04.0625 3836 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/08 20:30:04.0656 3836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/08 20:30:04.0718 3836 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/08 20:30:04.0765 3836 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/02/08 20:30:04.0796 3836 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/02/08 20:30:04.0843 3836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/08 20:30:04.0890 3836 Ser2pl (2d7ebbee1addaa91704db206205073d3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/02/08 20:30:04.0906 3836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/08 20:30:04.0953 3836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/08 20:30:04.0968 3836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/08 20:30:05.0031 3836 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/08 20:30:05.0046 3836 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/08 20:30:05.0078 3836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/08 20:30:05.0109 3836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/08 20:30:05.0171 3836 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/08 20:30:05.0250 3836 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/08 20:30:05.0281 3836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/08 20:30:05.0312 3836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/08 20:30:05.0343 3836 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/08 20:30:05.0359 3836 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/08 20:30:05.0375 3836 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/08 20:30:05.0406 3836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/08 20:30:05.0437 3836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/08 20:30:05.0484 3836 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
2011/02/08 20:30:05.0500 3836 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
2011/02/08 20:30:05.0562 3836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/08 20:30:05.0609 3836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/08 20:30:05.0640 3836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/08 20:30:05.0656 3836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/08 20:30:05.0703 3836 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/02/08 20:30:05.0750 3836 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/02/08 20:30:05.0765 3836 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/02/08 20:30:05.0843 3836 tmcfw (3929c6784db38788d76a88d9c4043dee) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2011/02/08 20:30:05.0906 3836 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2011/02/08 20:30:05.0953 3836 tmtdi (264ea39fdebd0b5e9d49d79923ed91ad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/02/08 20:30:05.0984 3836 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\WINDOWS\system32\drivers\TmXPFlt.sys
2011/02/08 20:30:06.0015 3836 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/08 20:30:06.0078 3836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/08 20:30:06.0093 3836 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/08 20:30:06.0140 3836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/08 20:30:06.0187 3836 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/08 20:30:06.0250 3836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/08 20:30:06.0265 3836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/08 20:30:06.0296 3836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/08 20:30:06.0312 3836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/08 20:30:06.0328 3836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 20:30:06.0343 3836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/08 20:30:06.0375 3836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/08 20:30:06.0421 3836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/08 20:30:06.0468 3836 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/08 20:30:06.0484 3836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/08 20:30:06.0515 3836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/08 20:30:06.0593 3836 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2011/02/08 20:30:06.0625 3836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/08 20:30:06.0671 3836 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/08 20:30:06.0703 3836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/08 20:30:06.0765 3836 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/02/08 20:30:06.0843 3836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/08 20:30:06.0875 3836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/08 20:30:06.0921 3836 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
2011/02/08 20:30:06.0953 3836 ================================================================================
2011/02/08 20:30:06.0953 3836 Scan finished
2011/02/08 20:30:06.0953 3836 ================================================================================

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:00 PM

Posted 09 February 2011 - 10:30 AM

Hello buzzerman1,

Something on your computer isn't playing nice with our tools.

I would like to attempt to run another tool:


Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 09 February 2011 - 06:17 PM

Following is the Rootkit Unhooker report. It didn't scan very long and at the end said "possible rootkit activity detected!" I saw no more activity so I saved the report. When I went to close RKU it said "Hmmm, are you sure?" I'm hoping it had finished. If not, let me know how to continue from there and I'll paste another report.

Thanks again!

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Processes
==============================================
0x8AFB6830 [4] System
0x89FDD370 [224] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x89580950 [284] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x89AF8B78 [324] C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc., CommandService Application)
0x88BAA508 [356] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8A125DA0 [484] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A0BDDA0 [648] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper Module)
0x8A1ABDA0 [672] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc., AcroTray)
0x89FF3578 [704] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x89FD8558 [720] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp., MSN® Toolbar)
0x8A100D48 [764] C:\WINDOWS\stsystra.exe (SigmaTel, Inc., Sigmatel Audio system tray application)
0x8AEA6A38 [788] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc., Monitor Application)
0x8A074840 [804] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom, System Tray application for TomTom HOME)
0x8A085DA0 [820] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x8A0935F0 [948] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8A15DCA8 [1020] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89FB7B10 [1044] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x89FDC268 [1088] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A4806E8 [1100] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89B44020 [1332] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89117020 [1384] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x89BDE020 [1388] C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc., STOPzilla Service)
0x89FD4898 [1436] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89C31B88 [1520] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A118DA0 [1552] C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (America Online, Inc., AOL Connectivity Service)
0x8A175A00 [1560] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89C6AB78 [1600] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x8A13E950 [1656] C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation, Media Center Receiver Service)
0x89C10950 [1680] C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation, Media Center Scheduler Service)
0x89A5B9E0 [1696] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A174DA0 [1720] C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc., Google Installer)
0x8A12C3C0 [1760] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89C0FDA0 [1816] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation, RAID Monitor)
0x89FDEB28 [1856] C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft, Ad-Aware Service)
0x89573B78 [1896] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 82.68)
0x899FBB80 [1996] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x89541950 [2084] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x8952BB28 [2144] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x894E5950 [2292] C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc., SupportSoft Agent Service)
0x894EEDA0 [2328] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89390938 [2524] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x89332868 [2576] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x89003DA0 [2628] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module)
0x89141950 [2820] C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom, Windows Service for TomTom HOME)
0x8A35F600 [2852] C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation, Microsoft Search Client Server)
0x89102B78 [2920] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x890EDB28 [3016] C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation, -)
0x88FF2918 [3268] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A10A840 [3600] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x8945A020 [3648] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x89987600 [3852] C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc., STOPzilla Application)
0x8A04F770 [3920] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x89224DA0 [4944] C:\Documents and Settings\Dave\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x89347518 [5520] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated, Adobe Reader and Acrobat Manager)
0x891BE950 [5792] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3919872 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 82.68 )
0xB902D000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3584000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.68 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB8AF8000 C:\WINDOWS\system32\DRIVERS\TM_CFW.sys 1826816 bytes (Trend Micro Inc., Trend Micro Common Firewall Module 2.6(IM i386-fre))
0xA30F7000 C:\WINDOWS\system32\DRIVERS\vsapint.sys 1191936 bytes (Trend Micro Inc., VsapiNT )
0xACAFC000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0xB8E21000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA3B7B000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 749568 bytes
0xB9E6C000 iaStor.sys 749568 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB8D6C000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D4C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA3C32000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8CB6000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA3D95000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA1AF5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB8F47000 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 315392 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA30B4000 C:\WINDOWS\system32\drivers\TmXPFlt.sys 274432 bytes (Trend Micro Inc., Post Filter For XP)
0xA0658000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8FE0000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB8D14000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA1D55000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D1F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x96C94000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA3CA2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8F94000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA3D21000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA3D49000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA3D6F000 C:\WINDOWS\system32\drivers\pctgntdi.sys 155648 bytes (PC Tools, PC Tools Generic TDI Driver)
0xACAD8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8FBC000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8F24000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9E17000 PCTCore.sys 143360 bytes (PC Tools, PC Tools KDS Core Driver)
0xA3CFF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA3CCD000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E4C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D05000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA3086000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DD9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8D55000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA309E000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA3070000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9E01000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA1FBB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9019000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA3DEE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E3A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8D44000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9DF0000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0xA3CEE000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 69632 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xA528F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAD2C2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA318000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA52AF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAD2D2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0A8000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0B8000 szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xBA128000 TfSysMon.sys 53248 bytes (PC Tools, ThreatFire System Monitor)
0xACDF9000 C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xBA0F8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA52BF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0E8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA158000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xACDE9000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0D8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB4242000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA1A95000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA527F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA52DF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9C74E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA138000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA5F48000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\ELacpi.sys 32768 bytes (Intel Corporation, -)
0xBA438000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA5307000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA45A5000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0xA3E8D000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA440000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xA531F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA45AD000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 28672 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA459D000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xA4595000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA5327000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA478000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA5317000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xA533F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xA530F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA458000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA460000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xAD370000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 20480 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0xBA450000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA456D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB7DAC000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA3FFD000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xA19F5000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA2FD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA3FF5000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB0AB8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA4942000 C:\WINDOWS\System32\Drivers\Elhid.sys 12288 bytes (Intel Corporation, -)
0xBA57C000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xA4005000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA5EB1000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA3FF9000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA5E99000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA60D6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA62E000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xA4D9C000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xA5C64000 C:\WINDOWS\System32\Drivers\Elkbd.sys 8192 bytes (Intel Corporation, -)
0xA5C66000 C:\WINDOWS\System32\Drivers\Elmon.sys 8192 bytes (Intel Corporation, -)
0xA5C68000 C:\WINDOWS\System32\Drivers\Elmou.sys 8192 bytes (Intel Corporation, -)
0xA60D8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA60D2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA60D0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA632000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB0934000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA691000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6EE000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xBA74D000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7CE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xACC87000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
0x7A4D0000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 1196032 bytes
0x7AA10000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 143360 bytes
0x79EE0000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 2375680 bytes
0x7B0B0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 380928 bytes
0x7B2E0000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 4476928 bytes
0x796B0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 6197248 bytes
0x7A340000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 659456 bytes
0x7A1D0000 Hidden Image-->System.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 671744 bytes
0x7AAE0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x89FD8558 ] PID: 720, 847872 bytes

By the way, I am still receiving the bogus IE messages.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:00 PM

Posted 09 February 2011 - 09:31 PM

Hello buzzerman1,

Following is the Rootkit Unhooker report. It didn't scan very long and at the end said "possible rootkit activity detected!" I saw no more activity so I saved the report. When I went to close RKU it said "Hmmm, are you sure?" I'm hoping it had finished. If not, let me know how to continue from there and I'll paste another report.


The log that you provided for me is sufficient.

Lets try to run ComboFix a different way.

Download this version of combofix

Please download ComboFix from: Here to your Desktop.

**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to the name provided in the image below:

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
  • Double click on the renamed version of ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 10 February 2011 - 12:23 AM

Sweet Tech,

I downloaded combofix from your new link and renamed it accordingly. When I launched it, after shutting down all AV apps, I got the same error massages as in my previous post. I booted into safe mode, lauinched combofix (svchost) again, was informed I did not have the recovery console installed, ignored this, since last time it said I had installed it successfully, and it ran through 50 stages. Bleeping Computer is saying my post is too long to paste or attach so I will break it into sections:

ComboFix 11-02-09.02 - Dave 02/09/2011 22:49:37.16.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2762 [GMT -6:00]
Running from: c:\documents and settings\Dave\Desktop\svchhost.exe
AV: PC-cillin Internet Security - Virus Protection *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: PC-cillin Internet Security - Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\_003360_.tmp.dll
c:\windows\system32\_003361_.tmp.dll
c:\windows\system32\_003362_.tmp.dll
c:\windows\system32\_003363_.tmp.dll
c:\windows\system32\_003370_.tmp.dll
c:\windows\system32\_003371_.tmp.dll
c:\windows\system32\_003372_.tmp.dll
c:\windows\system32\_003374_.tmp.dll
c:\windows\system32\_003377_.tmp.dll
c:\windows\system32\_003378_.tmp.dll
c:\windows\system32\_003380_.tmp.dll
c:\windows\system32\_003381_.tmp.dll
c:\windows\system32\_003382_.tmp.dll
c:\windows\system32\_003384_.tmp.dll
c:\windows\system32\_003387_.tmp.dll
c:\windows\system32\_003388_.tmp.dll
c:\windows\system32\_003390_.tmp.dll
c:\windows\system32\_003391_.tmp.dll
c:\windows\system32\_003392_.tmp.dll
c:\windows\system32\_003393_.tmp.dll
c:\windows\system32\_003396_.tmp.dll
c:\windows\system32\_003397_.tmp.dll
c:\windows\system32\_003400_.tmp.dll
c:\windows\system32\_003401_.tmp.dll
c:\windows\system32\_003402_.tmp.dll
c:\windows\system32\_003404_.tmp.dll
c:\windows\system32\_003405_.tmp.dll
c:\windows\system32\_003406_.tmp.dll
c:\windows\system32\_003408_.tmp.dll
c:\windows\system32\_003409_.tmp.dll
c:\windows\system32\_003410_.tmp.dll
c:\windows\system32\_003411_.tmp.dll
c:\windows\system32\_003412_.tmp.dll
c:\windows\system32\_003413_.tmp.dll
c:\windows\system32\_003414_.tmp.dll
c:\windows\system32\_003415_.tmp.dll
c:\windows\system32\_003416_.tmp.dll
c:\windows\system32\_003417_.tmp.dll
c:\windows\system32\_003418_.tmp.dll
c:\windows\system32\_003419_.tmp.dll
c:\windows\system32\_003422_.tmp.dll
c:\windows\system32\_003423_.tmp.dll
c:\windows\system32\_003424_.tmp.dll
c:\windows\system32\_003425_.tmp.dll
c:\windows\system32\_003426_.tmp.dll
c:\windows\system32\_003427_.tmp.dll
c:\windows\system32\_003428_.tmp.dll
c:\windows\system32\_003429_.tmp.dll
c:\windows\system32\_003430_.tmp.dll
c:\windows\system32\_003431_.tmp.dll
c:\windows\system32\_003432_.tmp.dll
c:\windows\system32\_003433_.tmp.dll
c:\windows\system32\_003434_.tmp.dll
c:\windows\system32\_003437_.tmp.dll
c:\windows\system32\_003438_.tmp.dll
c:\windows\system32\_003439_.tmp.dll
c:\windows\system32\_003440_.tmp.dll
c:\windows\system32\_003441_.tmp.dll
c:\windows\system32\_003444_.tmp.dll
c:\windows\system32\_003446_.tmp.dll
c:\windows\system32\_003447_.tmp.dll
c:\windows\system32\_003448_.tmp.dll
c:\windows\system32\_003449_.tmp.dll
c:\windows\system32\_003450_.tmp.dll

#15 buzzerman1

buzzerman1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 10 February 2011 - 12:28 AM

Next section:

((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 01:28 . 2011-02-10 01:28 -------- d-----w- c:\windows\LastGood
2011-02-08 23:41 . 2011-02-10 04:46 -------- d-----w- C:\ComboFix
2011-02-07 22:49 . 2011-02-07 22:49 -------- d-----w- C:\_OTL
2011-02-04 00:10 . 2011-02-04 00:10 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-02-04 00:10 . 2011-02-04 00:10 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-02-04 00:10 . 2011-02-04 00:10 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-02-04 00:10 . 2011-02-04 00:10 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-02-04 00:10 . 2011-02-04 00:10 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-02-04 00:10 . 2011-02-04 00:10 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-02-04 00:10 . 2011-02-04 00:10 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-02-04 00:10 . 2011-02-04 00:10 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-02-04 00:10 . 2011-02-04 00:10 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-02-04 00:10 . 2011-02-04 00:10 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-02-04 00:10 . 2011-02-04 00:10 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-02-04 00:10 . 2011-02-04 00:10 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-01-30 12:34 . 2011-01-30 12:34 -------- d-----w- c:\program files\ParetoLogic
2011-01-30 12:34 . 2011-01-30 12:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-01-30 12:34 . 2011-01-30 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-01-30 12:34 . 2011-01-30 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2011-01-17 01:27 . 2008-04-01 19:33 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-11 01:56 . 2011-01-11 01:56 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-01-11 01:56 . 2009-09-10 18:40 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-01-11 01:56 . 2009-09-10 18:40 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-04-18_00.28.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 11:42 . 2008-04-14 11:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
- 2008-04-14 11:42 . 2008-04-14 11:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2010-11-24 15:28 . 2008-04-14 11:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
- 2005-08-16 09:18 . 2008-04-14 11:42 36864 c:\windows\system32\wshcon.dll
- 2008-08-26 04:33 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
+ 2010-11-24 12:40 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
- 2008-08-26 04:32 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2008-04-13 16:44 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2008-08-26 04:33 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
- 2008-08-26 04:33 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
+ 2010-12-12 13:21 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
- 2008-08-26 04:33 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2005-08-17 02:06 . 2009-01-08 00:21 26144 c:\windows\system32\spupdsvc.exe
+ 2005-08-16 09:18 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
- 2005-08-16 09:18 . 2008-04-14 10:42 11264 c:\windows\system32\spnpinst.exe
+ 2005-08-16 09:18 . 2008-04-14 11:42 11264 c:\windows\system32\spnpinst.exe
+ 2006-12-27 03:31 . 2009-01-08 00:20 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 10752 c:\windows\system32\smtpapi.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 10752 c:\windows\system32\smtpapi.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
+ 2010-12-12 13:21 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
- 2008-08-26 04:32 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
- 2008-08-26 04:32 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe
- 2008-08-26 04:32 . 2008-04-14 00:12 32768 c:\windows\system32\setupn.exe
+ 2010-12-12 13:21 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe
+ 2010-12-12 13:21 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe
+ 2010-12-12 13:21 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll
+ 2010-12-12 14:11 . 2004-08-10 10:00 36096 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\intelppm.sys
+ 2010-12-12 14:11 . 2004-08-10 10:00 36096 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\intelppm.sys
+ 2010-12-05 20:09 . 2008-04-14 11:42 23552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv
+ 2010-12-05 20:09 . 2008-04-14 06:15 49408 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\stream.sys
+ 2010-12-05 20:09 . 2008-04-14 06:15 60160 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\drmk.sys
- 2005-08-16 09:18 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 61952 c:\windows\system32\rasqec.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 61952 c:\windows\system32\rasqec.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 76800 c:\windows\system32\qutil.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 76800 c:\windows\system32\qutil.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 62464 c:\windows\system32\qcliprov.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 62464 c:\windows\system32\qcliprov.dll
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 46592 c:\windows\system32\pngfilt.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll
+ 2005-08-16 09:18 . 2011-01-17 01:30 84956 c:\windows\system32\perfc009.dat
+ 2010-12-12 13:21 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 91136 c:\windows\system32\ntprint.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 91136 c:\windows\system32\ntprint.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 76800 c:\windows\system32\nslookup.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 76800 c:\windows\system32\nslookup.exe
- 2006-06-29 14:05 . 2006-06-29 14:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 14:05 . 2009-01-08 00:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 23:59 . 2006-06-28 23:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 23:59 . 2009-01-08 00:20 24576 c:\windows\system32\nlsdl.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2008-04-14 00:12 . 2008-04-14 00:12 30208 c:\windows\system32\napipsec.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 30208 c:\windows\system32\napipsec.dll
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-04-13 17:27 . 2008-04-13 17:27 79872 c:\windows\system32\msxml6r.dll
- 2008-08-26 04:32 . 2008-04-13 17:27 79872 c:\windows\system32\msxml6r.dll
- 2008-08-26 04:32 . 2008-04-13 18:14 76800 c:\windows\system32\msshavmsg.dll
+ 2008-04-13 18:14 . 2008-04-13 18:14 76800 c:\windows\system32\msshavmsg.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 15360 c:\windows\system32\msisip.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 78848 c:\windows\system32\msiexec.exe
- 2005-08-16 09:18 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 48128 c:\windows\system32\mshtmler.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 45568 c:\windows\system32\mshta.exe
- 2005-08-16 09:18 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe
- 2005-08-16 09:18 . 2008-04-14 00:11 33792 c:\windows\system32\msgsvc.dll
+ 2010-12-12 13:21 . 2008-04-14 00:11 33792 c:\windows\system32\msgsvc.dll
+ 2007-08-14 00:36 . 2009-03-08 10:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 00:54 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 09:18 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
+ 2005-08-16 09:18 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 95744 c:\windows\system32\mqsec.dll
+ 2005-08-16 09:18 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 16896 c:\windows\system32\mqise.dll
+ 2005-08-16 09:18 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
+ 2005-08-16 09:18 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 19968 c:\windows\system32\mqbkup.exe
- 2008-08-26 04:32 . 2008-04-14 00:12 33792 c:\windows\system32\mmcperf.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 33792 c:\windows\system32\mmcperf.exe
- 2005-08-16 09:18 . 2008-04-14 00:11 14848 c:\windows\system32\mgmtapi.dll
+ 2010-12-12 13:21 . 2008-04-14 00:11 14848 c:\windows\system32\mgmtapi.dll
+ 2010-12-12 13:04 . 2006-06-19 19:26 94208 c:\windows\system32\mdmxsdk.dll
+ 2007-12-09 14:21 . 2010-11-27 00:08 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-12-12 13:21 . 2008-04-14 00:12 75264 c:\windows\system32\locator.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 75264 c:\windows\system32\locator.exe
- 2005-08-16 09:18 . 2008-04-14 00:11 13824 c:\windows\system32\lmhsvc.dll
+ 2010-12-12 13:21 . 2008-04-14 00:11 13824 c:\windows\system32\lmhsvc.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 43520 c:\windows\system32\licmgr10.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 37376 c:\windows\system32\l2gpstore.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 37376 c:\windows\system32\l2gpstore.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 61440 c:\windows\system32\kmsvc.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 61440 c:\windows\system32\kmsvc.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 94720 c:\windows\system32\inseng.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 36864 c:\windows\system32\ieudinit.exe
+ 2005-08-16 09:18 . 2009-03-08 10:32 71680 c:\windows\system32\iesetup.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 55808 c:\windows\system32\iernonce.dll
+ 2010-11-24 15:29 . 2008-04-14 00:11 81920 c:\windows\system32\ieencode.dll
+ 2006-06-29 14:05 . 2009-01-08 00:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 26112 c:\windows\system32\idndl.dll
+ 2005-08-16 09:18 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2007-08-14 00:36 . 2009-03-08 10:31 59904 c:\windows\system32\icardie.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 32285 c:\windows\system32\hsfcisp2.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 32285 c:\windows\system32\hsfcisp2.dll
+ 2010-12-12 13:21 . 2008-04-14 00:12 42496 c:\windows\system32\ftp.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 42496 c:\windows\system32\ftp.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 29696 c:\windows\system32\format.com
+ 2010-12-12 13:21 . 2008-04-14 00:12 29696 c:\windows\system32\format.com
- 2008-08-26 04:32 . 2008-04-14 00:12 20992 c:\windows\system32\faxpatch.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 20992 c:\windows\system32\faxpatch.exe
- 2008-08-26 04:32 . 2008-04-14 00:11 40960 c:\windows\system32\en\mmcex.resources.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 40960 c:\windows\system32\en\mmcex.resources.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 28672 c:\windows\system32\en\microsoft.managementconsole.resources.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 28672 c:\windows\system32\en\microsoft.managementconsole.resources.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 33792 c:\windows\system32\eapsvc.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 33792 c:\windows\system32\eapsvc.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 59392 c:\windows\system32\eapqec.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 59392 c:\windows\system32\eapqec.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 40960 c:\windows\system32\eappprxy.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 40960 c:\windows\system32\eappprxy.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 94208 c:\windows\system32\eappgnui.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 94208 c:\windows\system32\eappgnui.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 30720 c:\windows\system32\eapolqec.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 30720 c:\windows\system32\eapolqec.dll
+ 2010-12-25 17:21 . 2010-01-20 20:18 33792 c:\windows\system32\DRVSTORE\leapfrog-0_B30D43972967E3C09B8E635B22BC13082452FEEA\i386\btblan.sys
+ 2011-01-17 01:27 . 2008-04-01 19:33 18560 c:\windows\system32\DRVSTORE\flyusb_E1B194E4380F1C20BBC476848F70DDC967C29749\i386\FlyUsb.sys
+ 2010-12-12 13:21 . 2008-04-13 19:17 83072 c:\windows\system32\drivers\wdmaud.sys
- 2006-11-28 07:37 . 2008-04-13 19:17 83072 c:\windows\system32\drivers\wdmaud.sys
+ 2010-11-24 15:29 . 2004-08-04 04:29 25471 c:\windows\system32\drivers\watv10nt.sys
- 2008-08-26 04:33 . 2004-08-04 03:29 25471 c:\windows\system32\drivers\watv10nt.sys
- 2008-08-26 04:33 . 2004-08-04 03:29 22271 c:\windows\system32\drivers\watv06nt.sys
+ 2010-11-24 15:29 . 2004-08-04 04:29 22271 c:\windows\system32\drivers\watv06nt.sys
- 2005-08-16 09:18 . 2008-04-13 18:57 34560 c:\windows\system32\drivers\wanarp.sys
+ 2010-12-12 13:21 . 2008-04-13 18:57 34560 c:\windows\system32\drivers\wanarp.sys
+ 2010-11-24 15:29 . 2004-08-04 04:29 11935 c:\windows\system32\drivers\wadv11nt.sys
- 2008-08-26 04:33 . 2004-08-04 03:29 11935 c:\windows\system32\drivers\wadv11nt.sys
+ 2010-11-24 15:29 . 2004-08-04 04:29 11871 c:\windows\system32\drivers\wadv09nt.sys
- 2008-08-26 04:33 . 2004-08-04 03:29 11871 c:\windows\system32\drivers\wadv09nt.sys
+ 2010-11-24 15:29 . 2004-08-04 04:29 11295 c:\windows\system32\drivers\wadv08nt.sys
- 2008-08-26 04:33 . 2004-08-04 03:29 11295 c:\windows\system32\drivers\wadv08nt.sys
+ 2010-11-24 15:29 . 2004-08-04 04:29 11807 c:\windows\system32\drivers\wadv07nt.sys
- 2008-08-26 04:33 . 2004-08-04 03:29 11807 c:\windows\system32\drivers\wadv07nt.sys
+ 2008-04-13 18:43 . 2008-04-13 18:43 14208 c:\windows\system32\drivers\wacompen.sys
- 2008-08-26 04:33 . 2008-04-13 18:43 14208 c:\windows\system32\drivers\wacompen.sys
+ 2010-12-12 13:21 . 2008-04-13 18:41 52352 c:\windows\system32\drivers\volsnap.sys
- 2005-08-16 09:18 . 2008-04-13 18:41 52352 c:\windows\system32\drivers\volsnap.sys
+ 2010-12-12 13:21 . 2008-04-13 18:44 81664 c:\windows\system32\drivers\videoprt.sys
- 2005-08-16 09:18 . 2008-04-13 18:44 81664 c:\windows\system32\drivers\videoprt.sys
- 2005-08-17 02:21 . 2008-04-13 18:36 42240 c:\windows\system32\drivers\viaagp.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 42240 c:\windows\system32\drivers\viaagp.sys
- 2005-08-16 09:18 . 2008-04-13 18:44 20992 c:\windows\system32\drivers\vga.sys
+ 2010-12-12 13:21 . 2008-04-13 18:44 20992 c:\windows\system32\drivers\vga.sys
+ 2008-04-14 00:12 . 2008-04-14 00:12 11325 c:\windows\system32\drivers\vchnt5.dll
- 2008-08-26 04:33 . 2008-04-14 00:12 11325 c:\windows\system32\drivers\vchnt5.dll
- 2004-08-04 04:08 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 26368 c:\windows\system32\drivers\usbstor.sys
- 2006-12-11 21:45 . 2008-04-13 18:45 26368 c:\windows\system32\drivers\usbstor.sys
- 2006-12-11 21:26 . 2008-04-14 06:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 15104 c:\windows\system32\drivers\usbscan.sys
+ 2010-12-12 13:21 . 2008-04-13 18:47 25856 c:\windows\system32\drivers\usbprint.sys
- 2006-12-11 21:42 . 2008-04-13 18:47 25856 c:\windows\system32\drivers\usbprint.sys
- 2004-08-04 04:08 . 2008-04-13 18:45 15872 c:\windows\system32\drivers\usbintel.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 15872 c:\windows\system32\drivers\usbintel.sys
- 2004-08-04 04:08 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
- 2004-08-04 04:08 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
+ 2010-12-12 13:22 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 32128 c:\windows\system32\drivers\usbccgp.sys
- 2006-12-11 21:42 . 2008-04-13 18:45 32128 c:\windows\system32\drivers\usbccgp.sys
- 2001-08-17 19:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 25600 c:\windows\system32\drivers\usbcamd.sys
- 2001-08-17 19:03 . 2008-04-13 18:45 25600 c:\windows\system32\drivers\usbcamd.sys
- 2008-08-26 04:33 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023x.sys
+ 2008-04-13 18:56 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023x.sys
- 2005-08-16 09:18 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023.sys
+ 2010-12-12 13:21 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023.sys
- 2005-08-16 09:18 . 2008-04-13 18:32 66048 c:\windows\system32\drivers\udfs.sys
+ 2010-12-12 13:21 . 2008-04-13 18:32 66048 c:\windows\system32\drivers\udfs.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 44672 c:\windows\system32\drivers\uagp35.sys
- 2008-08-26 04:33 . 2008-04-13 18:36 44672 c:\windows\system32\drivers\uagp35.sys
- 2004-08-04 04:03 . 2008-04-13 18:56 12288 c:\windows\system32\drivers\tunmp.sys
+ 2010-12-12 13:22 . 2008-04-13 18:56 12288 c:\windows\system32\drivers\tunmp.sys
- 2005-08-16 09:37 . 2008-04-14 00:13 40840 c:\windows\system32\drivers\termdd.sys
+ 2010-12-12 13:21 . 2008-04-14 00:13 40840 c:\windows\system32\drivers\termdd.sys
- 2005-08-16 09:37 . 2008-04-14 00:13 21896 c:\windows\system32\drivers\tdtcp.sys
+ 2010-12-12 13:21 . 2008-04-14 00:13 21896 c:\windows\system32\drivers\tdtcp.sys
- 2005-08-16 09:37 . 2008-04-14 00:13 12040 c:\windows\system32\drivers\tdpipe.sys
+ 2010-12-12 13:21 . 2008-04-14 00:13 12040 c:\windows\system32\drivers\tdpipe.sys
- 2005-08-16 09:18 . 2008-04-13 19:00 19072 c:\windows\system32\drivers\tdi.sys
+ 2010-12-12 13:21 . 2008-04-13 19:00 19072 c:\windows\system32\drivers\tdi.sys
- 2005-08-16 09:18 . 2008-04-13 18:40 14976 c:\windows\system32\drivers\tape.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 14976 c:\windows\system32\drivers\tape.sys
+ 2010-05-12 23:01 . 2010-05-12 23:01 59280 c:\windows\system32\drivers\SZKGFS.sys
+ 2010-12-12 13:21 . 2008-04-13 19:15 60800 c:\windows\system32\drivers\sysaudio.sys
- 2006-11-28 07:37 . 2008-04-13 19:15 60800 c:\windows\system32\drivers\sysaudio.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys
- 2006-11-28 07:37 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2004-08-04 04:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
- 2005-08-16 09:40 . 2008-04-13 18:36 73472 c:\windows\system32\drivers\sr.sys
+ 2010-12-12 13:21 . 2008-04-13 18:36 73472 c:\windows\system32\drivers\sr.sys
- 2004-08-04 04:09 . 2008-04-13 18:46 25344 c:\windows\system32\drivers\sonydcam.sys
+ 2010-12-12 13:21 . 2008-04-13 18:46 25344 c:\windows\system32\drivers\sonydcam.sys
- 2008-08-26 04:32 . 2004-08-04 03:41 13240 c:\windows\system32\drivers\slwdmsup.sys
+ 2010-11-24 15:29 . 2004-08-04 04:41 13240 c:\windows\system32\drivers\slwdmsup.sys
+ 2010-11-24 15:29 . 2004-08-04 04:41 95424 c:\windows\system32\drivers\slnthal.sys
- 2008-08-26 04:32 . 2004-08-04 03:41 95424 c:\windows\system32\drivers\slnthal.sys
- 2005-08-17 02:20 . 2008-04-13 18:36 40960 c:\windows\system32\drivers\sisagp.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 40960 c:\windows\system32\drivers\sisagp.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 11392 c:\windows\system32\drivers\sfloppy.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 11392 c:\windows\system32\drivers\sfloppy.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 11008 c:\windows\system32\drivers\sffp_sd.sys
+ 2010-12-12 13:22 . 2008-04-13 18:40 11008 c:\windows\system32\drivers\sffp_sd.sys
+ 2008-04-13 18:40 . 2008-04-13 18:40 10240 c:\windows\system32\drivers\sffp_mmc.sys
- 2008-08-26 04:32 . 2008-04-13 18:40 10240 c:\windows\system32\drivers\sffp_mmc.sys
+ 2010-12-12 13:22 . 2008-04-13 18:40 11904 c:\windows\system32\drivers\sffdisk.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 11904 c:\windows\system32\drivers\sffdisk.sys
+ 2010-12-12 13:21 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys
- 2004-08-04 04:15 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 15744 c:\windows\system32\drivers\serenum.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 15744 c:\windows\system32\drivers\serenum.sys
- 2004-08-04 04:07 . 2008-04-13 18:36 79232 c:\windows\system32\drivers\sdbus.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 79232 c:\windows\system32\drivers\sdbus.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 96384 c:\windows\system32\drivers\scsiport.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 96384 c:\windows\system32\drivers\scsiport.sys
- 2008-08-26 04:32 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismpx.sys
+ 2008-04-13 18:56 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismpx.sys
+ 2010-12-12 13:21 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismp.sys
- 2005-08-16 09:18 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismp.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 59136 c:\windows\system32\drivers\rfcomm.sys
- 2008-08-26 04:32 . 2008-04-13 18:46 59136 c:\windows\system32\drivers\rfcomm.sys
- 2005-08-16 09:35 . 2008-04-13 18:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2010-11-24 15:29 . 2004-08-04 04:41 13776 c:\windows\system32\drivers\recagent.sys
- 2008-08-26 04:32 . 2004-08-04 03:41 13776 c:\windows\system32\drivers\recagent.sys
+ 2010-12-12 13:21 . 2008-04-13 19:19 48384 c:\windows\system32\drivers\raspptp.sys
- 2005-08-16 09:18 . 2008-04-13 19:19 48384 c:\windows\system32\drivers\raspptp.sys
- 2005-08-16 09:18 . 2008-04-13 18:57 41472 c:\windows\system32\drivers\raspppoe.sys
+ 2010-12-12 13:21 . 2008-04-13 18:57 41472 c:\windows\system32\drivers\raspppoe.sys
- 2005-08-16 09:18 . 2008-04-13 19:19 51328 c:\windows\system32\drivers\rasl2tp.sys
+ 2010-12-12 13:21 . 2008-04-13 19:19 51328 c:\windows\system32\drivers\rasl2tp.sys
- 2005-08-16 09:18 . 2008-04-13 18:56 69120 c:\windows\system32\drivers\psched.sys
+ 2010-12-12 13:21 . 2008-04-13 18:56 69120 c:\windows\system32\drivers\psched.sys
- 2004-08-04 03:59 . 2008-04-13 18:31 35840 c:\windows\system32\drivers\processr.sys
+ 2010-12-12 13:21 . 2008-04-13 18:31 35840 c:\windows\system32\drivers\processr.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys
- 2004-08-04 04:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys
+ 2010-12-12 13:21 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 19712 c:\windows\system32\drivers\partmgr.sys
- 2005-08-16 09:18 . 2008-04-13 18:40 19712 c:\windows\system32\drivers\partmgr.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 80128 c:\windows\system32\drivers\parport.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 80128 c:\windows\system32\drivers\parport.sys
- 2004-08-04 03:59 . 2008-04-13 18:31 42752 c:\windows\system32\drivers\p3.sys
+ 2010-12-12 13:21 . 2008-04-13 18:31 42752 c:\windows\system32\drivers\p3.sys
+ 2010-12-12 13:21 . 2008-04-13 18:56 88320 c:\windows\system32\drivers\nwlnkipx.sys
- 2005-08-16 09:18 . 2008-04-13 18:56 88320 c:\windows\system32\drivers\nwlnkipx.sys
- 2005-08-16 09:18 . 2008-04-13 18:32 30848 c:\windows\system32\drivers\npfs.sys
+ 2010-12-12 13:21 . 2008-04-13 18:32 30848 c:\windows\system32\drivers\npfs.sys
- 2005-08-16 09:18 . 2008-04-13 18:53 40320 c:\windows\system32\drivers\nmnt.sys
+ 2010-12-12 13:21 . 2008-04-13 18:53 40320 c:\windows\system32\drivers\nmnt.sys
+ 2010-12-12 13:21 . 2008-04-13 18:51 61824 c:\windows\system32\drivers\nic1394.sys
- 2004-08-04 03:58 . 2008-04-13 18:51 61824 c:\windows\system32\drivers\nic1394.sys
+ 2010-12-12 13:21 . 2008-04-13 18:56 34688 c:\windows\system32\drivers\netbios.sys
- 2005-08-16 09:18 . 2008-04-13 18:56 34688 c:\windows\system32\drivers\netbios.sys
+ 2010-12-12 13:21 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
- 2005-08-16 09:18 . 2008-04-13 19:20 91520 c:\windows\system32\drivers\ndiswan.sys
+ 2010-12-12 13:21 . 2008-04-13 19:20 91520 c:\windows\system32\drivers\ndiswan.sys
- 2004-08-04 04:03 . 2008-04-13 18:55 14592 c:\windows\system32\drivers\ndisuio.sys
+ 2010-12-12 13:21 . 2008-04-13 18:55 14592 c:\windows\system32\drivers\ndisuio.sys
- 2005-08-16 09:18 . 2008-04-13 18:57 10112 c:\windows\system32\drivers\ndistapi.sys
+ 2010-12-12 13:21 . 2008-04-13 18:57 10112 c:\windows\system32\drivers\ndistapi.sys
+ 2008-04-13 18:43 . 2008-04-13 18:43 12672 c:\windows\system32\drivers\mutohpen.sys
- 2008-08-26 04:32 . 2008-04-13 18:43 12672 c:\windows\system32\drivers\mutohpen.sys
- 2004-08-04 04:07 . 2008-04-13 18:36 15488 c:\windows\system32\drivers\mssmbios.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 15488 c:\windows\system32\drivers\mssmbios.sys
- 2005-08-16 09:18 . 2008-04-13 18:56 35072 c:\windows\system32\drivers\msgpc.sys
+ 2010-12-12 13:21 . 2008-04-13 18:56 35072 c:\windows\system32\drivers\msgpc.sys
+ 2010-12-12 13:21 . 2008-04-13 18:32 19072 c:\windows\system32\drivers\msfs.sys
- 2005-08-16 09:18 . 2008-04-13 18:32 19072 c:\windows\system32\drivers\msfs.sys
+ 2005-08-16 09:18 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
- 2005-08-16 09:18 . 2008-04-13 18:39 42368 c:\windows\system32\drivers\mountmgr.sys
+ 2010-12-12 13:21 . 2008-04-13 18:39 42368 c:\windows\system32\drivers\mountmgr.sys
+ 2010-12-12 13:21 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys
- 2004-08-04 03:58 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2010-12-12 13:21 . 2008-04-13 19:00 30080 c:\windows\system32\drivers\modem.sys
- 2004-08-04 04:08 . 2008-04-13 19:00 30080 c:\windows\system32\drivers\modem.sys
- 2004-08-04 04:07 . 2008-04-13 18:36 63744 c:\windows\system32\drivers\mf.sys
+ 2010-12-12 13:21 . 2008-04-13 18:36 63744 c:\windows\system32\drivers\mf.sys
+ 2010-12-12 13:04 . 2006-06-19 19:26 12672 c:\windows\system32\drivers\mdmxsdk.sys
+ 2010-11-26 12:43 . 2010-04-29 21:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-11-26 12:43 . 2010-04-29 21:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2010-12-12 13:21 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
- 2005-08-16 09:18 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
- 2006-11-30 17:53 . 2008-04-13 18:39 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2010-12-12 13:21 . 2008-04-13 18:39 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2010-12-12 13:21 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2004-08-04 03:58 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2001-08-17 18:58 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys
+ 2010-12-12 13:21 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys
- 2005-08-16 09:33 . 2008-04-13 18:54 11264 c:\windows\system32\drivers\irenum.sys
+ 2010-12-12 13:21 . 2008-04-13 18:54 11264 c:\windows\system32\drivers\irenum.sys
- 2005-08-16 09:18 . 2008-04-13 19:19 75264 c:\windows\system32\drivers\ipsec.sys
+ 2010-12-12 13:21 . 2008-04-13 19:19 75264 c:\windows\system32\drivers\ipsec.sys
- 2005-08-16 09:18 . 2008-04-13 18:57 20864 c:\windows\system32\drivers\ipinip.sys
+ 2010-12-12 13:21 . 2008-04-13 18:57 20864 c:\windows\system32\drivers\ipinip.sys
- 2005-08-16 09:18 . 2008-04-13 18:53 36608 c:\windows\system32\drivers\ip6fw.sys
+ 2010-12-12 13:22 . 2008-04-13 18:53 36608 c:\windows\system32\drivers\ip6fw.sys
+ 2010-12-12 13:22 . 2008-04-13 18:31 36352 c:\windows\system32\drivers\intelppm.sys
- 2004-08-04 03:59 . 2008-04-13 18:31 36352 c:\windows\system32\drivers\intelppm.sys
- 2004-08-04 04:00 . 2008-04-13 18:40 42112 c:\windows\system32\drivers\imapi.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 42112 c:\windows\system32\drivers\imapi.sys
- 2004-08-04 04:14 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2010-12-12 13:21 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
- 2005-08-17 02:27 . 2008-04-13 18:41 18560 c:\windows\system32\drivers\i2omp.sys
+ 2010-12-12 13:21 . 2008-04-13 18:41 18560 c:\windows\system32\drivers\i2omp.sys
- 2006-11-30 17:52 . 2008-04-13 18:45 10368 c:\windows\system32\drivers\hidusb.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 10368 c:\windows\system32\drivers\hidusb.sys
- 2004-08-04 04:08 . 2008-04-13 18:45 24960 c:\windows\system32\drivers\hidparse.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 24960 c:\windows\system32\drivers\hidparse.sys
+ 2010-12-12 13:22 . 2008-04-13 18:45 19200 c:\windows\system32\drivers\hidir.sys
- 2005-08-17 02:06 . 2008-04-13 18:45 19200 c:\windows\system32\drivers\hidir.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 36864 c:\windows\system32\drivers\hidclass.sys
- 2004-08-04 04:08 . 2008-04-13 18:45 36864 c:\windows\system32\drivers\hidclass.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 25600 c:\windows\system32\drivers\hidbth.sys
- 2008-08-26 04:32 . 2008-04-13 18:46 25600 c:\windows\system32\drivers\hidbth.sys
- 2008-08-26 04:32 . 2008-04-13 18:36 46464 c:\windows\system32\drivers\gagp30kx.sys
+ 2008-04-13 18:36 . 2008-04-13 18:36 46464 c:\windows\system32\drivers\gagp30kx.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 20480 c:\windows\system32\drivers\flpydisk.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2010-12-12 13:21 . 2008-04-13 18:33 44544 c:\windows\system32\drivers\fips.sys
- 2005-08-16 09:18 . 2008-04-13 18:33 44544 c:\windows\system32\drivers\fips.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 27392 c:\windows\system32\drivers\fdc.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 27392 c:\windows\system32\drivers\fdc.sys
- 2004-08-04 04:00 . 2008-04-13 18:38 71168 c:\windows\system32\drivers\dxg.sys
+ 2010-12-12 13:21 . 2008-04-13 18:38 71168 c:\windows\system32\drivers\dxg.sys
- 2006-11-28 07:37 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2010-12-12 13:21 . 2008-04-13 18:45 52864 c:\windows\system32\drivers\dmusic.sys
- 2006-11-28 07:37 . 2008-04-13 18:45 52864 c:\windows\system32\drivers\dmusic.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 14208 c:\windows\system32\drivers\diskdump.sys
- 2005-08-16 09:18 . 2008-04-13 18:40 14208 c:\windows\system32\drivers\diskdump.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
+ 2010-12-12 13:21 . 2008-04-13 18:31 36736 c:\windows\system32\drivers\crusoe.sys
- 2004-08-04 03:59 . 2008-04-13 18:31 36736 c:\windows\system32\drivers\crusoe.sys
- 2005-08-16 09:18 . 2008-04-13 19:16 49536 c:\windows\system32\drivers\classpnp.sys
+ 2010-12-12 13:21 . 2008-04-13 19:16 49536 c:\windows\system32\drivers\classpnp.sys
- 2008-08-26 04:32 . 2008-04-14 00:11 15423 c:\windows\system32\drivers\ch7xxnt5.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 15423 c:\windows\system32\drivers\ch7xxnt5.dll
- 2004-08-04 03:59 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-12-12 13:21 . 2008-04-13 19:14 63744 c:\windows\system32\drivers\cdfs.sys
- 2005-08-16 09:18 . 2008-04-13 19:14 63744 c:\windows\system32\drivers\cdfs.sys
- 2008-08-26 04:32 . 2008-04-13 18:46 18944 c:\windows\system32\drivers\bthusb.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 18944 c:\windows\system32\drivers\bthusb.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 36480 c:\windows\system32\drivers\bthprint.sys
- 2008-08-26 04:32 . 2008-04-13 18:46 36480 c:\windows\system32\drivers\bthprint.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 37888 c:\windows\system32\drivers\bthmodem.sys
- 2008-08-26 04:32 . 2008-04-13 18:46 37888 c:\windows\system32\drivers\bthmodem.sys
- 2008-08-26 04:32 . 2008-04-13 18:46 17024 c:\windows\system32\drivers\bthenum.sys
+ 2008-04-13 18:46 . 2008-04-13 18:46 17024 c:\windows\system32\drivers\bthenum.sys
- 2005-08-16 09:18 . 2008-04-13 18:53 71552 c:\windows\system32\drivers\bridge.sys
+ 2010-12-12 13:21 . 2008-04-13 18:53 71552 c:\windows\system32\drivers\bridge.sys
- 2008-08-26 04:32 . 2008-04-14 00:11 17279 c:\windows\system32\drivers\atv10nt5.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 17279 c:\windows\system32\drivers\atv10nt5.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 14143 c:\windows\system32\drivers\atv06nt5.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 14143 c:\windows\system32\drivers\atv06nt5.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 25471 c:\windows\system32\drivers\atv04nt5.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 25471 c:\windows\system32\drivers\atv04nt5.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 11359 c:\windows\system32\drivers\atv02nt5.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 11359 c:\windows\system32\drivers\atv02nt5.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 21183 c:\windows\system32\drivers\atv01nt5.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 21183 c:\windows\system32\drivers\atv01nt5.dll
+ 2010-12-12 13:21 . 2008-04-13 18:51 55808 c:\windows\system32\drivers\atmlane.sys
- 2005-08-16 09:18 . 2008-04-13 18:51 55808 c:\windows\system32\drivers\atmlane.sys
- 2005-08-16 09:18 . 2008-04-13 18:51 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2010-12-12 13:21 . 2008-04-13 18:51 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 63488 c:\windows\system32\drivers\atinxsxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 63488 c:\windows\system32\drivers\atinxsxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 31744 c:\windows\system32\drivers\atinxbxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 31744 c:\windows\system32\drivers\atinxbxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 73216 c:\windows\system32\drivers\atintuxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 73216 c:\windows\system32\drivers\atintuxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 13824 c:\windows\system32\drivers\atinttxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 13824 c:\windows\system32\drivers\atinttxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 28672 c:\windows\system32\drivers\atinsnxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 28672 c:\windows\system32\drivers\atinsnxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 52224 c:\windows\system32\drivers\atinraxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 52224 c:\windows\system32\drivers\atinraxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 14336 c:\windows\system32\drivers\atinpdxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 14336 c:\windows\system32\drivers\atinpdxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 13824 c:\windows\system32\drivers\atinmdxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 13824 c:\windows\system32\drivers\atinmdxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 57856 c:\windows\system32\drivers\atinbtxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 57856 c:\windows\system32\drivers\atinbtxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 34735 c:\windows\system32\drivers\ati1xsxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 34735 c:\windows\system32\drivers\ati1xsxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 29455 c:\windows\system32\drivers\ati1xbxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 29455 c:\windows\system32\drivers\ati1xbxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 36463 c:\windows\system32\drivers\ati1tuxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 36463 c:\windows\system32\drivers\ati1tuxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 21343 c:\windows\system32\drivers\ati1ttxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 21343 c:\windows\system32\drivers\ati1ttxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 26367 c:\windows\system32\drivers\ati1snxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 26367 c:\windows\system32\drivers\ati1snxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 63663 c:\windows\system32\drivers\ati1rvxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 63663 c:\windows\system32\drivers\ati1rvxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 30671 c:\windows\system32\drivers\ati1raxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 30671 c:\windows\system32\drivers\ati1raxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 12047 c:\windows\system32\drivers\ati1pdxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 12047 c:\windows\system32\drivers\ati1pdxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 11615 c:\windows\system32\drivers\ati1mdxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 11615 c:\windows\system32\drivers\ati1mdxx.sys
+ 2010-11-24 15:28 . 2004-08-04 04:29 56623 c:\windows\system32\drivers\ati1btxx.sys
- 2008-08-26 04:32 . 2004-08-04 03:29 56623 c:\windows\system32\drivers\ati1btxx.sys
+ 2010-12-12 13:21 . 2008-04-13 18:40 96512 c:\windows\system32\drivers\atapi.sys
- 2004-08-04 03:59 . 2008-04-13 18:40 96512 c:\windows\system32\drivers\atapi.sys
+ 2010-12-12 13:21 . 2008-04-13 18:57 14336 c:\windows\system32\drivers\asyncmac.sys
- 2005-08-16 09:18 . 2008-04-13 18:57 14336 c:\windows\system32\drivers\asyncmac.sys
+ 2010-12-12 13:21 . 2008-04-13 18:51 60800 c:\windows\system32\drivers\arp1394.sys
- 2004-08-04 03:58 . 2008-04-13 18:51 60800 c:\windows\system32\drivers\arp1394.sys
+ 2010-12-12 13:22 . 2008-04-13 18:31 37760 c:\windows\system32\drivers\amdk7.sys
- 2004-08-04 03:59 . 2008-04-13 18:31 37760 c:\windows\system32\drivers\amdk7.sys
- 2004-08-04 03:59 . 2008-04-13 18:31 37376 c:\windows\system32\drivers\amdk6.sys
+ 2010-12-12 13:21 . 2008-04-13 18:31 37376 c:\windows\system32\drivers\amdk6.sys
- 2005-08-17 02:15 . 2008-04-13 18:36 43008 c:\windows\system32\drivers\amdagp.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 43008 c:\windows\system32\drivers\amdagp.sys
- 2005-08-17 02:15 . 2008-04-13 18:36 42752 c:\windows\system32\drivers\alim1541.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 42752 c:\windows\system32\drivers\alim1541.sys
- 2005-08-17 02:20 . 2008-04-13 18:36 44928 c:\windows\system32\drivers\agpcpq.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 44928 c:\windows\system32\drivers\agpcpq.sys
- 2005-08-16 09:34 . 2008-04-13 18:36 42368 c:\windows\system32\drivers\agp440.sys
+ 2010-12-12 13:22 . 2008-04-13 18:36 42368 c:\windows\system32\drivers\agp440.sys
+ 2008-09-01 11:53 . 2004-08-10 10:00 71040 c:\windows\system32\drivers\_003367_.tmp.dll
+ 2010-11-24 17:05 . 2004-08-10 10:00 71040 c:\windows\system32\drivers\_003337_.tmp.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 56320 c:\windows\system32\dot3msm.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 56320 c:\windows\system32\dot3msm.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 39936 c:\windows\system32\dot3gpclnt.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 39936 c:\windows\system32\dot3gpclnt.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 57856 c:\windows\system32\dot3cfg.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 57856 c:\windows\system32\dot3cfg.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 26112 c:\windows\system32\dot3api.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 26112 c:\windows\system32\dot3api.dll
+ 2010-11-24 16:09 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-12-15 00:03 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2005-08-16 09:18 . 2004-08-10 10:00 25600 c:\windows\system32\dllcache\twunk_32.exe
+ 2005-08-16 09:18 . 2004-08-10 10:00 49680 c:\windows\system32\dllcache\twunk_16.exe
+ 2008-08-26 04:33 . 2007-04-02 16:36 16384 c:\windows\system32\dllcache\tcptsat.dll
+ 2008-08-26 04:33 . 2008-04-14 00:12 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2005-08-16 09:18 . 2008-04-14 00:12 25088 c:\windows\system32\dllcache\slayerxp.dll
+ 2008-08-26 04:32 . 2008-04-14 00:12 16437 c:\windows\system32\dllcache\shtml.exe
+ 2008-08-26 04:32 . 2008-04-14 00:12 20536 c:\windows\system32\dllcache\shtml.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 65024 c:\windows\system32\dllcache\shimeng.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 77312 c:\windows\system32\dllcache\sdbinst.exe
+ 2005-08-16 09:18 . 2008-04-14 00:12 64000 c:\windows\system32\dllcache\samlib.dll
+ 2010-11-24 14:25 . 2001-08-17 20:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2006-11-28 07:35 . 2009-03-08 10:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 84992 c:\windows\system32\dllcache\olepro32.dll
+ 2005-08-16 09:40 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\oledb32r.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 20511 c:\windows\system32\dllcache\odtext32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 20510 c:\windows\system32\dllcache\odpdx32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 20510 c:\windows\system32\dllcache\odfox32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 20510 c:\windows\system32\dllcache\odexl32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 20511 c:\windows\system32\dllcache\oddbse32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:10 53279 c:\windows\system32\dllcache\odbcji32.dll
+ 2005-08-16 09:18 . 2008-04-13 17:26 94208 c:\windows\system32\dllcache\odbcint.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\odbccu32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\odbccr32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 69632 c:\windows\system32\dllcache\odbcconf.exe
+ 2005-08-16 09:18 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\odbcad32.exe
+ 2005-08-16 09:18 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\odbc32gt.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 67584 c:\windows\system32\dllcache\ocmanage.dll
+ 2005-08-16 09:18 . 2004-08-10 10:00 17408 c:\windows\system32\dllcache\nwapi16.dll
+ 2010-12-15 00:03 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2005-08-16 09:18 . 2008-04-13 19:20 91520 c:\windows\system32\dllcache\ndiswan.sys
- 2008-08-26 04:32 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll
+ 2008-04-13 17:27 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll
+ 2005-08-16 09:40 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2005-08-16 09:18 . 2008-04-13 18:30 61440 c:\windows\system32\dllcache\msvcrt40.dll
- 2008-03-25 04:50 . 2008-03-25 04:50 60192 c:\windows\system32\dllcache\msjter40.dll
+ 2005-08-16 09:18 . 2008-03-25 04:50 60192 c:\windows\system32\dllcache\msjter40.dll
- 2007-08-14 00:01 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 00:01 . 2009-03-08 10:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-11-28 07:35 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 00:32 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-14 00:32 . 2009-03-08 10:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-12-16 16:43 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 20480 c:\windows\system32\dllcache\msdatt.dll
+ 2005-08-16 09:40 . 2008-04-13 17:26 16384 c:\windows\system32\dllcache\msdasqlr.dll
+ 2005-08-16 09:40 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msdaremr.dll
+ 2005-08-16 09:40 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msdaprsr.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 36864 c:\windows\system32\dllcache\mscpxl32.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msador15.dll
+ 2005-08-16 09:40 . 2008-04-13 17:26 24576 c:\windows\system32\dllcache\msader15.dll
+ 2005-08-16 09:40 . 2008-04-13 17:25 24576 c:\windows\system32\dllcache\msaddsr.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 53248 c:\windows\system32\dllcache\msadcs.dll
+ 2005-08-16 09:40 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msadcor.dll
+ 2005-08-16 09:40 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msadcfr.dll
+ 2005-08-16 09:40 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2005-08-16 09:40 . 2008-04-13 17:25 20480 c:\windows\system32\dllcache\msadcer.dll
+ 2010-11-24 15:16 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2010-11-24 15:16 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2010-11-24 15:16 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2010-11-24 15:16 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2010-11-24 15:16 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2005-08-16 09:18 . 2008-04-14 00:11 22528 c:\windows\system32\dllcache\mfcsubs.dll
+ 2007-08-14 00:44 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2005-08-16 09:19 . 2006-10-19 03:47 11264 c:\windows\system32\dllcache\laprxy.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\isatq.dll
+ 2005-08-16 09:18 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys
+ 2006-11-28 07:35 . 2009-03-08 10:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 13312 c:\windows\system32\dllcache\infoadmn.dll
+ 2010-11-24 14:25 . 2004-08-10 10:00 19968 c:\windows\system32\dllcache\inetsloc.dll
+ 2007-08-14 00:36 . 2009-03-08 10:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 36921 c:\windows\system32\dllcache\imeshare.dll
+ 2008-08-26 04:32 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\iisrstas.exe
+ 2010-11-24 14:25 . 2004-08-10 10:00 14336 c:\windows\system32\dllcache\iisreset.exe
+ 2008-08-26 04:32 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\iismap.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\iisext51.dll
- 2007-12-16 16:43 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-12-16 16:43 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-14 00:39 . 2009-03-08 10:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-12-16 16:43 . 2009-03-08 10:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 00:18 . 2009-03-08 10:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-08-26 04:32 . 2008-04-14 00:12 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2008-08-26 04:32 . 2008-04-14 00:11 20541 c:\windows\system32\dllcache\fpexedll.dll
+ 2008-08-26 04:32 . 2008-04-14 00:12 15120 c:\windows\system32\dllcache\fp98sadm.exe
+ 2008-08-26 04:32 . 2008-04-14 00:11 49212 c:\windows\system32\dllcache\fp4awebs.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 41020 c:\windows\system32\dllcache\fp4avnb.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 49210 c:\windows\system32\dllcache\fp4areg.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 16384 c:\windows\system32\dllcache\ds32gt.dll
+ 2005-08-16 09:19 . 2004-08-10 10:00 92672 c:\windows\system32\dllcache\drmstor.dll
+ 2005-08-16 09:18 . 2008-04-14 11:41 32768 c:\windows\system32\dllcache\dispex.dll
+ 2005-08-16 09:18 . 2004-08-10 10:00 27136 c:\windows\system32\dllcache\ctl3d32.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cryptsvc.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\cryptnet.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 53760 c:\windows\system32\dllcache\cryptext.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 33280 c:\windows\system32\dllcache\cryptdll.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 74752 c:\windows\system32\dllcache\cryptdlg.dll
+ 2010-11-24 15:16 . 2009-03-08 10:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2008-08-26 04:32 . 2008-04-14 00:11 46592 c:\windows\system32\dllcache\coadmin.dll
+ 2005-08-16 09:18 . 2008-04-14 00:09 16896 c:\windows\system32\dllcache\cfgmgr32.dll
+ 2008-08-26 04:32 . 2008-04-14 00:12 16439 c:\windows\system32\dllcache\author.exe
+ 2008-08-26 04:32 . 2008-04-14 00:11 20540 c:\windows\system32\dllcache\author.dll
+ 2005-08-16 09:18 . 2008-04-14 00:11 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2005-08-16 09:18 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2005-08-16 09:18 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\ahui.exe
+ 2008-08-26 04:32 . 2008-04-14 00:11 43520 c:\windows\system32\dllcache\admwprox.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2008-08-26 04:32 . 2008-04-14 00:12 16439 c:\windows\system32\dllcache\admin.exe
+ 2008-08-26 04:32 . 2008-04-14 00:11 20540 c:\windows\system32\dllcache\admin.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 39936 c:\windows\system32\dimsroam.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 39936 c:\windows\system32\dimsroam.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 19456 c:\windows\system32\dimsntfy.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 19456 c:\windows\system32\dimsntfy.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 48640 c:\windows\system32\dhcpqec.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 48640 c:\windows\system32\dhcpqec.dll
- 2005-08-16 09:18 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2010-12-12 13:21 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 12800 c:\windows\system32\credssp.dll
- 2008-08-26 04:32 . 2008-04-14 00:11 12800 c:\windows\system32\credssp.dll
+ 2005-08-16 09:18 . 2009-03-08 10:33 18944 c:\windows\system32\corpol.dll
+ 2010-12-12 14:33 . 2010-12-12 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010121220101213\index.dat
+ 2010-12-12 14:33 . 2010-12-12 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010112220101129\index.dat
+ 2006-11-30 17:53 . 2011-02-04 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-11-30 17:53 . 2010-04-17 22:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-16 22:55 . 2010-04-17 22:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-11-22 16:08 . 2011-02-04 02:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-12-12 13:21 . 2008-04-14 00:12 19968 c:\windows\system32\cacls.exe
- 2005-08-16 09:18 . 2008-04-14 00:12 19968 c:\windows\system32\cacls.exe
- 2008-08-26 04:32 . 2008-04-14 00:11 32768 c:\windows\system32\ativtmxx.dll
+ 2008-04-14 00:11 . 2008-04-14 00:11 32768 c:\windows\system32\ativtmxx.dll
+ 2005-08-16 09:18 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 72704 c:\windows\system32\admparse.dll
- 2008-08-26 04:32 . 2008-04-14 00:12 32866 c:\windows\slrundll.exe
+ 2008-04-14 00:12 . 2008-04-14 00:12 32866 c:\windows\slrundll.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users