Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Boot.Mebroot Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 HateTheSnow

HateTheSnow

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 02 April 2011 - 02:26 PM

Greetings,

Two days ago Norton NIS 2011 gave me a notification stating I had a Boot.Mebroot infection on drive 0x85 that it could not remove. As it appeared to still be there and was showing a high security risk, I immediately disconnected the system from the LAN & researched it a bit on a clean system. According to Symantec, all that needed to be done was to run FIXMBR to overwrite the virus, which I did on all three (3) physical drives in the system.

Upon Windows loading again, the same Norton Mebroot notification came up again with no options to remove it. It wasn't until I went into the Norton History for Unresolved Security Threats, selected the Mebroot entry, and chose <Options> that I was given a button to remove the file. When I did Norton reported the file was no longer on the system.

Here is a summary of what I have done since:

  • Ran a full system scan with NIS 2011 - Clean
  • Ran a full system scan with MalwareBytes Antimalware in Windows mode - Clean
  • Ran GMER's MBR.EXE utility on the boot drive - Clean
  • Started a new topic in the "Am I Infected" forum - was directed here
  • Ran SUPERAntiSpyware in safe mode on crypotdan's advice - Clean, except for a few tracking cookies and three false positives (log link)
While it appears to be gone, what I have read on this rootkit is that it very well may still be on the system. I do plan to perform a clean install to Windows 7 in the near future, but won't be able to get around to it for a little while longer due to time constraints. Any advice to help me determine that I have a reasonably secure system in the interim would be greatly appreciated.

Best regards,
HateTheSnow

System Details
Windows XP SP3, fully patched
Norton NIS 2011, up to date definitions
System is also behind two hardware firewalls

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by davide at  9:41:54.35 on Sat 04/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2831.2001 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\SlySoft\Game Jackal v4\Server.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
c:\program files\syslogd\syslogd_service.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERMICRO\SDIII\NTService.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\005 Software\Utilities - General\0 - Malware Diagnostic Tools\DSS\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [<NO NAME>] 
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\davide~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\supero~1.lnk - c:\program files\supermicro\sdiii\SuperoDoctor.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: antelopeclub.org\www
Trusted Zone: bankofamerica.com\sitekey
Trusted Zone: chase.com\cards
Trusted Zone: chase.com\chaseonline
Trusted Zone: chase.com\mfasa
Trusted Zone: chase.com\payments
Trusted Zone: chase.com\resources
Trusted Zone: chase.com\servicing
Trusted Zone: chase.com\stmts
Trusted Zone: cisco.com\tools
Trusted Zone: cisco.com\www
Trusted Zone: cityofbradenton.com\remote
Trusted Zone: creative.com\support
Trusted Zone: creative.com\us
Trusted Zone: ips-chat-service.com\server01
Trusted Zone: onpointsupply.com\www
Trusted Zone: paraord.com
Trusted Zone: remingtonle.com\www
Trusted Zone: saiga-12.com\forum
Trusted Zone: xbox.com\support
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://my.uo.com/fonts/tdserver.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://cobcitrix10/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137002214625
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137002274625
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://24.227.66.179/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
TCP: {1C4AEDBE-175C-46F5-847E-A4E208CFA908} = 192.168.1.1
TCP: {AC61186F-02F1-43AF-A521-9F64C42827FA} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\davide~1\applic~1\mozilla\firefox\profiles\rtp07pl5.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-5 64160]
R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [2010-11-11 20960]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2010-12-27 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2010-12-27 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 ISAIONT;ISAIONT;c:\windows\system32\drivers\IsaIoNt.sys [2010-10-23 4736]
R1 MemMapNt;MemMapNt;c:\windows\system32\drivers\memmapnt.sys [2010-10-23 3908]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SMBus;SMBus;c:\windows\system32\drivers\smbus.sys [2010-10-23 10496]
R1 superbmc;superbmc;c:\windows\system32\drivers\SUPERBMC.SYS [2006-2-12 14169]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2010-12-27 136312]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 GJService;Game Jackal Server;c:\program files\slysoft\game jackal v4\Server.exe [2009-12-29 3031624]
R2 Kiwi Syslog Daemon;Kiwi Syslog Daemon;c:\program files\syslogd\Syslogd_Service.exe [2007-1-23 1196032]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-7-30 3712]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2010-12-27 130000]
R2 PDFILTER;PDFILTER;c:\program files\dekart\private disk\pdfilter.sys [2007-11-30 31456]
R2 PDRJNDL;PDRJNDL;c:\program files\dekart\private disk\pdrjndl.sys [2007-11-30 26440]
R2 PRVDISK;PRVDISK;c:\program files\dekart\private disk\prvdisk.sys [2007-11-30 28000]
R2 SuperMicro Health Assistant;SuperMicro Health Assistant;c:\program files\supermicro\sdiii\NTService.exe [2010-10-23 167936]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-12 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110330.001\IDSXpx86.sys [2011-3-31 341944]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-10-16 46152]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110401.032\NAVENG.SYS [2011-4-2 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110401.032\NAVEX15.SYS [2011-4-2 1393144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-11 133104]
S2 mrtRate;mrtRate; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-10-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-22 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-22 8456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2011-1-2 27760]
S3 IVRQO;IVRQO;c:\docume~1\davide~1\locals~1\temp\IVRQO.exe [2011-4-1 576384]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-9-18 49399]
S3 TBIMount;TBIMount;c:\windows\system32\drivers\TBIMount.sys [2010-11-11 87648]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
.
=============== Created Last 30 ================
.
2011-04-02 04:21:00	--------	d-----w-	c:\docume~1\davide~1\applic~1\SUPERAntiSpyware.com
2011-04-02 04:21:00	--------	d-----w-	c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-02 04:20:53	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-03-31 20:42:15	--------	d-----w-	c:\docume~1\davide~1\locals~1\applic~1\NPE
2011-03-07 02:08:13	93552	----a-w-	c:\windows\system32\ElbyCDIO.dll
.
==================== Find3M  ====================
.
2011-03-17 00:01:12	398760	----a-r-	c:\windows\system32\cpnprt2.cid
2011-02-09 13:53:52	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53:52	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58:35	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-29 15:18:12	252080	----a-w-	c:\windows\system32\nvdrsdb0.bin
2011-01-29 15:18:12	1	----a-w-	c:\windows\system32\nvdrssel.bin
2011-01-29 15:18:11	252080	----a-w-	c:\windows\system32\nvdrsdb1.bin
2011-01-27 11:57:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44:37	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-10 05:47:20	61440	----a-w-	c:\windows\system32\LxrJD20Sat.dll
2011-01-10 05:47:20	53248	----a-w-	c:\windows\system32\LxrJD31s.exe
2011-01-10 05:47:20	249856	----a-w-	c:\windows\system32\LxrJD31.dll
2011-01-10 05:47:20	167936	----a-w-	c:\windows\system32\LxrJD31c.exe
2011-01-10 05:47:20	146432	----a-w-	c:\windows\system32\LxrJD31p.exe
2011-01-08 03:27:00	941160	----a-w-	c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00	837736	----a-w-	c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00	6397824	----a-w-	c:\windows\system32\nv4_disp.dll
2011-01-08 03:27:00	61440	----a-w-	c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00	4980736	----a-w-	c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00	2916968	----a-w-	c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00	2292678	----a-w-	c:\windows\system32\nvdata.bin
2011-01-08 03:27:00	2251368	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00	1958400	----a-w-	c:\windows\system32\nvapi.dll
2011-01-08 03:27:00	14671872	----a-w-	c:\windows\system32\nvoglnt.dll
2011-01-08 03:27:00	13004800	----a-w-	c:\windows\system32\nvcompiler.dll
2011-01-08 00:56:54	81920	----a-w-	c:\windows\system32\nvwddi.dll
2011-01-08 00:56:50	580200	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 00:56:48	277608	----a-w-	c:\windows\system32\nvmccs.dll
2011-01-08 00:56:48	156776	----a-w-	c:\windows\system32\nvsvc32.exe
2011-01-08 00:56:48	145000	----a-w-	c:\windows\system32\nvcolor.exe
2011-01-08 00:56:48	13880424	----a-w-	c:\windows\system32\nvcpl.dll
2011-01-08 00:56:48	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-01-07 14:09:02	290048	----a-w-	c:\windows\system32\atmfd.dll
2008-03-25 01:50:26	554008	----a-w-	c:\program files\common files\dao360.dll
1998-04-27 04:00:00	570128	----a-w-	c:\program files\common files\DAO350.DLL
.
============= FINISH:  9:42:40.09 ===============

GMER Log
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-02 15:22:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000009e WDC_WD3000HLFS-01G6U3 rev.04.04V05
Running: cuyzi7rl.exe; Driver: C:\DOCUME~1\DAVIDE~1\LOCALS~1\Temp\uwtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            8891FAA0                                                                                                              ZwAlertResumeThread
SSDT            8891FB80                                                                                                              ZwAlertThread
SSDT            883B86C0                                                                                                              ZwAllocateVirtualMemory
SSDT            88923D68                                                                                                              ZwAssignProcessToJobObject
SSDT            896EF538                                                                                                              ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                            ZwCreateKey [0xA5E8D720]
SSDT            8891F7F0                                                                                                              ZwCreateMutant
SSDT            88923B88                                                                                                              ZwCreateSymbolicLinkObject
SSDT            88A362C0                                                                                                              ZwCreateThread
SSDT            88923E48                                                                                                              ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                            ZwDeleteKey [0xA5E8D9A0]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                            ZwDeleteValueKey [0xA5E8DF00]
SSDT            883B8850                                                                                                              ZwDuplicateObject
SSDT            883B8520                                                                                                              ZwFreeVirtualMemory
SSDT            8891F8E0                                                                                                              ZwImpersonateAnonymousToken
SSDT            8891F9C0                                                                                                              ZwImpersonateThread
SSDT            89A373B8                                                                                                              ZwLoadDriver
SSDT            883B8440                                                                                                              ZwMapViewOfSection
SSDT            8891F710                                                                                                              ZwOpenEvent
SSDT            883B89F0                                                                                                              ZwOpenProcess
SSDT            883B8790                                                                                                              ZwOpenProcessToken
SSDT            8891F550                                                                                                              ZwOpenSection
SSDT            883B8920                                                                                                              ZwOpenThread
SSDT            88923C78                                                                                                              ZwProtectVirtualMemory
SSDT            8891FC60                                                                                                              ZwResumeThread
SSDT            8891FF00                                                                                                              ZwSetContextThread
SSDT            8891FFC0                                                                                                              ZwSetInformationProcess
SSDT            88923F28                                                                                                              ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                            ZwSetValueKey [0xA5E8E150]
SSDT            8891F630                                                                                                              ZwSuspendProcess
SSDT            8891FD40                                                                                                              ZwSuspendThread
SSDT            88A34598                                                                                                              ZwTerminateProcess
SSDT            8891FE20                                                                                                              ZwTerminateThread
SSDT            883B8380                                                                                                              ZwUnmapViewOfSection
SSDT            883B85F0                                                                                                              ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

?               SYMDS.SYS                                                                                                             The system cannot find the file specified. !
?               SYMEFA.SYS                                                                                                            The system cannot find the file specified. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                              section is writeable [0xAC7AB3A0, 0x5FE082, 0xE8000020]
?               C:\DOCUME~1\DAVIDE~1\LOCALS~1\Temp\mbr.sys                                                                            The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!DialogBoxParamW                                      7E4247AB 5 Bytes  JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!SetWindowsHookExW                                    7E42820F 5 Bytes  JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!CallNextHookEx                                       7E42B3C6 5 Bytes  JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!CreateWindowExW                                      7E42D0A3 5 Bytes  JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!UnhookWindowsHookEx                                  7E42D5F3 5 Bytes  JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!DialogBoxIndirectParamW                              7E432072 5 Bytes  JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!MessageBoxIndirectA                                  7E43A082 5 Bytes  JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!DialogBoxParamA                                      7E43B144 5 Bytes  JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!MessageBoxExW                                        7E450838 5 Bytes  JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!MessageBoxExA                                        7E45085C 5 Bytes  JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!DialogBoxIndirectParamA                              7E456D7D 5 Bytes  JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] USER32.dll!MessageBoxIndirectW                                  7E4664D5 5 Bytes  JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] ole32.dll!CoCreateInstance                                      774FF1AC 5 Bytes  JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2792] ole32.dll!OleLoadFromStream                                     7752981B 5 Bytes  JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxParamW                                      7E4247AB 5 Bytes  JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!CreateWindowExW                                      7E42D0A3 5 Bytes  JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxIndirectParamW                              7E432072 5 Bytes  JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxIndirectA                                  7E43A082 5 Bytes  JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxParamA                                      7E43B144 5 Bytes  JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxExW                                        7E450838 5 Bytes  JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxExA                                        7E45085C 5 Bytes  JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxIndirectParamA                              7E456D7D 5 Bytes  JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxIndirectW                                  7E4664D5 5 Bytes  JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamW                                      7E4247AB 5 Bytes  JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SetWindowsHookExW                                    7E42820F 5 Bytes  JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CallNextHookEx                                       7E42B3C6 5 Bytes  JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateWindowExW                                      7E42D0A3 5 Bytes  JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!UnhookWindowsHookEx                                  7E42D5F3 5 Bytes  JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamW                              7E432072 5 Bytes  JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectA                                  7E43A082 5 Bytes  JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamA                                      7E43B144 5 Bytes  JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExW                                        7E450838 5 Bytes  JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExA                                        7E45085C 5 Bytes  JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamA                              7E456D7D 5 Bytes  JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectW                                  7E4664D5 5 Bytes  JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!CoCreateInstance                                      774FF1AC 5 Bytes  JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!OleLoadFromStream                                     7752981B 5 Bytes  JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\nvatabus \Device\0000009e                                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\nvatabus \Device\000000a0                                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\nvatabus \Device\000000a2                                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\nvatabus \Device\000000a4                                                                                     sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\USBSTOR \Device\000000b4                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\USBSTOR \Device\000000c2                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                             SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\nvatabus \Device\NvAta0                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\nvatabus \Device\NvAta1                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\USBSTOR \Device\000000ba                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\nvatabus \Device\NvAta2                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\nvatabus \Device\NvAta3                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\USBSTOR \Device\000000bf                                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x70 0x84 0x19 0x35 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x82 0xCE 0x21 0x0C ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x1A 0x48 0xAB 0x1C ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x22 0x51 0x07 0x4C ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x6E 0x2B 0x29 0xD0 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x31 0x64 0x08 0x7F ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x22 0x51 0x07 0x4C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x6E 0x2B 0x29 0xD0 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x31 0x64 0x08 0x7F ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x70 0x84 0x19 0x35 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x82 0xCE 0x21 0x0C ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x1A 0x48 0xAB 0x1C ...

---- EOF - GMER 1.0.15 ----

Edited by HateTheSnow, 03 April 2011 - 07:52 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 06 April 2011 - 09:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 HateTheSnow

HateTheSnow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 April 2011 - 05:21 PM

Thanks for the response myrti. I saw how fast the forum filled up with new topics/posts, so I understand completely how overwhelmed you all are.

Regarding the Mebroot infection, I haven't had any more reports from Norton since my original post. However, I'm far from an expert on rootkits, so an expert opinion as to its' absence would be greatly appreciated.

Regards,
HateTheSnow

Here are the requested logs
OTL.txt Report
pOTL logfile created on: 4/6/2011 5:58:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\005 Software\Utilities - General\0 - Malware Diagnostic Tools\OTL Report
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 12 12E:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 158.94 Gb Free Space | 56.87% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 683.86 Gb Free Space | 73.41% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 913.76 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
 
Computer Name: GOLIATH | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/04/06 17:56:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\005 Software\Utilities - General\0 - Malware Diagnostic Tools\OTL Report\OTL.exe
PRC - [2011/03/07 09:48:19 | 004,886,136 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011/01/21 14:03:40 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/01/10 01:47:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2010/12/05 16:38:38 | 003,031,624 | ---- | M] () -- C:\Program Files\SlySoft\Game Jackal v4\Server.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/13 11:07:20 | 000,167,936 | ---- | M] () -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe
PRC - [2010/03/31 12:19:12 | 000,409,600 | ---- | M] () -- C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/26 17:32:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Volume Panel\VolPanlu.exe
PRC - [2008/06/05 05:09:18 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/21 19:28:13 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/02/01 11:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2007/01/23 20:38:12 | 001,196,032 | ---- | M] (Kiwi Enterprises) -- c:\Program Files\Syslogd\Syslogd_Service.exe
PRC - [2006/08/17 12:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/04/07 10:37:14 | 000,135,168 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2005/11/30 05:47:52 | 000,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido anti-malware\ewidoctrl.exe
PRC - [2005/06/16 19:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2004/03/18 10:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/12/17 16:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/04/06 17:56:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\005 Software\Utilities - General\0 - Malware Diagnostic Tools\OTL Report\OTL.exe
MOD - [2010/12/04 02:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/04 14:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 12:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2006/08/17 12:32:04 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004/03/18 10:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2004/03/18 10:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/03/18 10:26:12 | 000,005,120 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\KbdHook.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011/04/01 20:53:57 | 000,576,384 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\David\Local Settings\Temp\IVRQO.exe -- (IVRQO)
SRV - [2011/01/10 01:47:20 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2010/12/05 16:38:38 | 003,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files\SlySoft\Game Jackal v4\Server.exe -- (GJService)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/04/13 11:07:20 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe -- (SuperMicro Health Assistant)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/17 14:17:40 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/26 17:32:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/21 20:55:38 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/06/05 05:09:18 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/21 19:28:13 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/01 13:34:58 | 001,319,088 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/05/01 13:34:58 | 000,131,256 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/01/23 20:38:12 | 001,196,032 | ---- | M] (Kiwi Enterprises) [Auto | Running] -- c:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/11/30 05:47:52 | 000,013,888 | ---- | M] (ewido networks) [Auto | Running] -- C:\Program Files\ewido anti-malware\ewidoctrl.exe -- (ewido security suite control)
SRV - [2003/12/17 16:51:44 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/03/31 12:38:39 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110405.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 12:38:39 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110405.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110401.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/02/25 17:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/01/10 01:47:20 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2011/01/01 23:26:51 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/05 16:37:42 | 000,046,152 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maploml.sys -- (MaplomL)
DRV - [2010/12/05 16:37:22 | 000,029,768 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom)
DRV - [2010/12/01 20:17:38 | 000,087,648 | ---- | M] (TeraByte, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tbimount.sys -- (TBIMount)
DRV - [2010/12/01 15:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/12/01 01:24:00 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/23 00:59:15 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/11/23 00:59:15 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/11/23 00:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 00:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 22:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 21:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 22:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/10/19 17:39:37 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/15 09:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/11 13:56:55 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/11 13:56:55 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/08 17:14:36 | 000,020,960 | ---- | M] (TeraByte, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phylock.sys -- (phylock)
DRV - [2010/05/27 13:36:02 | 000,028,000 | ---- | M] (Dekart) [Kernel | Auto | Running] -- C:\Program Files\Dekart\Private Disk\prvdisk.sys -- (PRVDISK)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/03 12:53:52 | 000,031,456 | ---- | M] (Dekart) [Kernel | Auto | Running] -- C:\Program Files\Dekart\Private Disk\pdfilter.sys -- (PDFILTER)
DRV - [2010/03/31 01:00:00 | 000,027,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/18 22:22:22 | 000,010,496 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\smbus.sys -- (SMBus)
DRV - [2009/11/03 20:32:18 | 000,004,736 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\IsaIoNt.sys -- (ISAIONT)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/03/09 15:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/03/21 13:10:52 | 000,026,440 | ---- | M] (Dekart) [Kernel | Auto | Running] -- C:\Program Files\Dekart\Private Disk\pdrjndl.sys -- (PDRJNDL)
DRV - [2007/07/21 19:28:13 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/10 19:05:34 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/30 00:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/06/05 10:08:33 | 000,030,556 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/04/24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/04/14 20:09:06 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/04/14 20:09:04 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/07 17:50:20 | 000,049,399 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2005/09/14 17:31:52 | 000,014,169 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SUPERBMC.SYS -- (superbmc)
DRV - [2005/08/17 23:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/03/03 13:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 11:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/04/20 11:05:10 | 000,057,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2004/04/20 11:04:56 | 000,024,209 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2004/03/10 14:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/12/17 16:41:38 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2003/12/17 16:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2000/11/12 07:14:18 | 000,003,908 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\memmapnt.sys -- (MemMapNt)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/12/27 17:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/12/28 09:05:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/03 23:06:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 13:23:12 | 000,000,000 | ---D | M]
 
[2010/01/30 19:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/01/30 19:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\rtp07pl5.default\extensions
[2010/01/30 19:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\rtp07pl5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/30 19:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\rtp07pl5.default\extensions\staged-xpis
[2010/01/30 19:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/27 17:22:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2010/12/28 09:05:57 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2009/07/14 23:16:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
 
O1 HOSTS File: ([2010/12/23 23:56:10 | 000,618,213 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1  www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1  phpadsnew.abac.com
O1 - Hosts: 127.0.0.1  a.abnad.net
O1 - Hosts: 127.0.0.1  b.abnad.net
O1 - Hosts: 127.0.0.1  c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1  d.abnad.net
O1 - Hosts: 127.0.0.1  e.abnad.net
O1 - Hosts: 127.0.0.1  t.abnad.net
O1 - Hosts: 127.0.0.1  z.abnad.net
O1 - Hosts: 127.0.0.1  banners.absolpublisher.com
O1 - Hosts: 127.0.0.1  tracking.absolstats.com
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  gtb5.acecounter.com
O1 - Hosts: 127.0.0.1  gtb19.acecounter.com
O1 - Hosts: 127.0.0.1  gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1  gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16514 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006..\Run: [NVIDIA nTune]  File not found
O4 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006..\Run: [updateMgr]  File not found
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run:  = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: antelopeclub.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: bankofamerica.com ([sitekey] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([cards] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([chaseonline] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([mfasa] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([payments] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([resources] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([servicing] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: chase.com ([stmts] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: cisco.com ([tools] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: cisco.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: cityofbradenton.com ([remote] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: creative.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: creative.com ([us] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: ips-chat-service.com ([server01] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: onpointsupply.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: onpointsupply.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: paraord.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: remingtonle.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: saiga-12.com ([forum] http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Domains: xbox.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-1547161642-839522115-1006\..Trusted Ranges: Range3 ([http] in Trusted sites)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://my.uo.com/fonts/tdserver.cab (TDServer Control)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15030/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://cobcitrix10/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab (Citrix ICA Client)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab (FilePlanet Download Control Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137002214625 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137002274625 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://24.227.66.179/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido anti-malware\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/11 00:21:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d973943b-9f70-11dc-8281-003048558653}\Shell - "" = AutoRun
O33 - MountPoints2\{d973943b-9f70-11dc-8281-003048558653}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d973943b-9f70-11dc-8281-003048558653}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O33 - MountPoints2\{d973943c-9f70-11dc-8281-003048558653}\Shell - "" = AutoRun
O33 - MountPoints2\{d973943c-9f70-11dc-8281-003048558653}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d973943c-9f70-11dc-8281-003048558653}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - 
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4031A519-D58C-97DD-1412-416DD52B047F} - NetShow
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
ActiveX: {DCBC852E-C8D8-72C8-221B-43602DE953A4} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.VIFP - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/04/02 00:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
[2011/04/02 00:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/02 00:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/02 00:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/01 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/31 16:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\NPE
[2008/03/24 21:50:26 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[2006/08/17 12:11:02 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2006/01/14 19:59:59 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[2005/08/07 18:13:46 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/04/06 17:50:36 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5EE85B70-FC6E-40E9-82E4-FF6328C92404}.job
[2011/04/06 17:48:59 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/06 17:48:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/06 17:48:42 | 000,010,126 | ---- | M] () -- C:\WINDOWS\System32\SuperD.ini
[2011/04/06 17:48:27 | 000,000,168 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/04/06 17:48:14 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/06 17:48:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/05 22:55:17 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/04/05 22:55:17 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/04/05 22:55:17 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/04/05 22:05:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/05 12:33:13 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\David\Desktop\COB OWA.url
[2011/04/03 17:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/03 10:31:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/02 09:24:02 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\David\defogger_reenable
[2011/04/02 09:23:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Defogger.exe
[2011/04/02 09:22:31 | 000,001,015 | ---- | M] () -- D:\000 Data\My Documents\ax_files.xml
[2011/04/02 00:20:55 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/01 20:54:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\VF
[2011/03/22 18:00:22 | 000,176,640 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/16 20:01:12 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/03/15 13:09:06 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Student Loan.url
[2011/03/15 12:59:17 | 000,000,195 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Federal Student Aid Application.url
[2011/03/13 11:58:42 | 000,554,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 11:58:42 | 000,107,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/08 22:52:41 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/04/02 09:23:56 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\David\defogger_reenable
[2011/04/02 09:23:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Defogger.exe
[2011/04/02 00:20:55 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/01 20:54:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VF
[2011/03/15 13:08:30 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Student Loan.url
[2011/03/15 12:49:25 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Federal Student Aid Application.url
[2011/02/26 00:15:53 | 000,431,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/26 00:15:53 | 000,431,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1547161642-839522115-1006-0.dat
[2011/01/22 10:37:30 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/01/22 10:37:30 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/01/22 10:37:30 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/01/22 10:37:30 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/01/22 10:37:30 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/01/10 01:46:26 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2011/01/10 01:46:26 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2011/01/10 01:46:26 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2011/01/10 01:46:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2011/01/10 01:46:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2010/11/11 17:30:23 | 000,084,480 | ---- | C] () -- C:\WINDOWS\tbicd2hd.exe
[2010/10/23 12:00:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES.dll
[2010/10/23 12:00:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhtw.dll
[2010/10/23 12:00:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhcn.dll
[2010/10/23 12:00:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\supermon.dll
[2010/10/23 12:00:19 | 000,010,126 | ---- | C] () -- C:\WINDOWS\System32\SuperD.ini
[2010/10/23 12:00:19 | 000,004,761 | ---- | C] () -- C:\WINDOWS\System32\MEMDIMM.ini
[2010/08/22 12:20:58 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/22 12:20:56 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/22 12:20:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/22 11:11:44 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/21 16:08:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2010/06/13 15:35:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/13 15:35:44 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/13 15:35:44 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/13 15:35:43 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/18 02:39:27 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES_ru.dll
[2010/02/18 02:39:27 | 000,012,063 | ---- | C] () -- C:\WINDOWS\System32\SuperDOpt.ini
[2010/02/17 19:59:12 | 000,000,173 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2010/02/10 14:15:38 | 000,000,500 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/08 08:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010/01/30 19:23:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/04/03 08:11:42 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2009/04/02 21:32:00 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/03/19 00:15:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/27 20:16:49 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/11/27 20:16:49 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/09/18 17:22:57 | 000,222,552 | ---- | C] () -- C:\WINDOWS\RM.exe
[2008/08/02 11:06:47 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\David\Application Data\default.pls
[2008/08/02 11:06:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/11 15:50:28 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/04/20 10:20:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\dmw.ini
[2008/04/09 08:29:22 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/27 18:21:25 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\keyfile3.drm
[2008/01/02 20:33:30 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/02 20:33:30 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\David\Application Data\PnkBstrK.sys
[2008/01/02 20:33:11 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/01/02 20:33:10 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/01/02 20:33:08 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/12/06 23:04:56 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\David\Application Data\AutoGK.ini
[2007/12/06 22:33:58 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2007/05/11 20:07:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\sndmail.exe
[2007/05/11 20:07:59 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2007/05/11 20:07:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SMBiosInfo.exe
[2007/05/11 20:07:59 | 000,003,238 | ---- | C] () -- C:\WINDOWS\System32\WinIo.sys
[2007/02/04 21:46:39 | 000,000,168 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/12/27 01:21:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2006/12/26 20:59:25 | 000,000,004 | ---- | C] () -- C:\WINDOWS\storedt.ini
[2006/12/26 18:20:06 | 000,000,385 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/26 14:41:15 | 000,031,808 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/12/26 10:32:48 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2006/12/23 19:29:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006/12/23 19:29:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006/12/09 22:05:10 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/08 14:29:31 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/01 21:50:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2006/11/01 20:06:28 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\David\Application Data\.zreglib
[2006/09/27 17:47:40 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/08/17 12:33:54 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/17 12:32:08 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/17 12:22:58 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/17 12:22:58 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/17 12:14:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/08/17 12:14:06 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/17 12:11:52 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/17 12:11:38 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/17 12:11:38 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/17 12:11:10 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/17 12:11:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/17 12:11:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/07/24 20:10:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2006/07/07 22:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/06/24 12:06:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/04/06 19:34:45 | 000,000,429 | ---- | C] () -- C:\WINDOWS\ao97pr.ini
[2006/04/06 19:31:58 | 000,001,950 | ---- | C] () -- C:\WINDOWS\ao2000pr.ini
[2006/04/05 11:19:53 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/20 14:36:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/02/19 20:13:00 | 000,001,011 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/02/19 00:06:44 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\sw.win.dll
[2006/02/18 22:23:39 | 000,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2006/02/18 22:23:39 | 000,019,200 | ---- | C] () -- C:\WINDOWS\WEPUTIL.DLL
[2006/02/12 10:53:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SUPERDLL.DLL
[2006/02/12 10:53:29 | 000,014,169 | ---- | C] () -- C:\WINDOWS\System32\drivers\SUPERBMC.SYS
[2006/02/09 21:18:30 | 000,160,256 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2006/02/09 21:18:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\sw.wab.dll
[2006/02/09 21:18:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/01/30 19:29:44 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/01/28 11:29:35 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2006/01/28 01:47:42 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2006/01/24 23:02:05 | 000,000,871 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2006/01/24 19:58:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2006/01/23 21:49:51 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/23 19:36:49 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2006/01/21 12:17:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\David\Application Data\$_hpcst$.hpc
[2006/01/21 11:09:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/01/17 21:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/14 20:35:43 | 000,001,212 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/01/14 20:34:37 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2006/01/14 20:17:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini
[2006/01/14 20:16:59 | 000,000,358 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2006/01/14 19:59:59 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/01/14 19:59:59 | 000,073,184 | ---- | C] () -- C:\Program Files\Common Files\DAO2535.TLB
[2006/01/14 19:59:58 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2006/01/14 19:37:45 | 000,000,156 | ---- | C] () -- C:\WINDOWS\QHI.INI
[2006/01/14 19:36:04 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/01/14 19:33:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/14 18:10:39 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/01/12 21:32:52 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2006/01/12 21:32:52 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2006/01/12 21:32:52 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/01/12 21:32:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/01/12 21:22:58 | 000,176,640 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/12 21:11:13 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/01/11 19:54:44 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/11 09:20:22 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2006/01/11 00:23:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/11 00:20:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/10 19:16:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/10 19:15:51 | 001,682,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/09 18:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 18:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/06/21 10:49:38 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/03 10:03:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2004/01/03 20:23:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ResolveX.dll
[2002/10/15 18:54:04 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/03 15:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,554,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,107,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/19 19:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 18:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2002/03/19 18:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2002/03/19 18:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2000/07/22 16:49:46 | 000,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[1999/01/04 14:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 03:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:166B6EC75BC09D09
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF08C48A

< End of report >

Extras.txt Report
OTL Extras logfile created on: 4/6/2011 5:58:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\005 Software\Utilities - General\0 - Malware Diagnostic Tools\OTL Report
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 12 12E:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 158.94 Gb Free Space | 56.87% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 683.86 Gb Free Space | 73.41% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 913.76 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
 
Computer Name: GOLIATH | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = 0
"FirstRunDisabled" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- ()
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XI.SP2\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\DOCUME~1\DAVIDE~1\LOCALS~1\Temp\IXP000.TMP\done.exe" = C:\DOCUME~1\DAVIDE~1\LOCALS~1\Temp\IXP000.TMP\done.exe:*:Enabled:Connection Guard
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\Steam\SteamApps\common\prey\prey.exe" = C:\Program Files\Steam\SteamApps\common\prey\prey.exe:*:Enabled:Prey -- (Human Head Studios)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{065D9868-DD39-4DE6-8F6F-85A8423BE641}" = D-Link AirPremier AG AP Manager for DWL-7200AP
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{1511AACF-4D88-46AF-88A1-D1194010CA2E}" = Quake 4(TM) 1.0.4 Patch
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{175E8381-759B-4CAF-BFEB-260472F7ADFD}" = FIREHOUSE Software Installation Wrapper
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{243DA072-8E39-424A-86A3-F63152021383}" = Adobe Glyphlet Creation Tool CS3
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}" = Adobe Creative Suite 3 Production Premium
"{410D4391-66A5-48E4-AD3A-D13E0648C425}" = PlexTools Professional V2.35
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{41ACCC24-090A-40B4-8FB7-769E6CD930A4}" = Cybercelebs's Cyber Extruder.
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A7A3985-3D9B-4420-AC85-F9FF8DB2170C}" = Microsoft SQL Server Management Studio Express
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe Update
"{4F593F48-CC6C-4B52-B01A-462CC206060B}" = Oceanlog 2.x
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626F32D6-007C-41D5-8157-9509AB1428BE}" = Unreal II
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66022DA4-0E8D-45C7-A533-B70A38876854}" = LC5
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{69B02159-7624-4DBB-B9EE-F933039830AD}" = QuickBooks Premier Edition 2006
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3F23CD-46F6-43A0-BE41-731321C1E947}" = DS2 All*Saves v2
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E710E82-6D67-4889-9DCF-9D07587628C5}" = FL Studio Creative Edition
"{6FDD4688-E063-401D-B6BE-7234E20B9173}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C595E7-5E6E-4906-BE4A-268BCAC6C98B}" = Diskeeper 2009 Pro Premier
"{79918EFC-5E93-4798-A8F6-F43851D01456}" = Supero Doctor III
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}" = Microsoft MapPoint North America 2006
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CC76EAB-2F05-413B-9566-D7EE57FDBF5F}" = Microsoft Tool Web Package : INSTALER.EXE
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D361AE4-2A2D-4DD1-9EF3-01EA9AAA67BE}" = Oceanlog 2.x
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A30965BD-2D4D-45CE-8F04-6A6889818CF1}" = Microsoft SQL Server 2005 Tools
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACFE1EFB-2752-4440-B6E1-014364323150}" = Exbal Ballistic Calculator
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DE9317-0822-4A65-A496-3505D63FAEB6}" = TMPGEnc DVD Author 3 with DivX Authoring
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}" = Adobe Setup
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}" = Norton Ghost
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Professional Business XI.SP2 (Win64/32/CE)
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC017035-1939-425F-8F86-63B462C76C6A}" = PDF Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F65A10A6-905E-497A-8D4F-2776802DF4C2}_is1" = TeraByte OS Deployment Tool Suite Professional version 1.27
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.6 Professional
"Adobe Acrobat 8 Professional_826" = Adobe Acrobat 8.2.6 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_aefc483f26b23ab60cc5653016d5017" = Add or Remove Adobe Creative Suite 3 Production Premium
"Advanced Office 2000 Password Recovery" = Advanced Office 2000 Password Recovery
"AnyDVD" = AnyDVD
"AOL Instant Messenger" = AOL Instant Messenger
"AtomTime Pro_is1" = AtomTime Pro 3.1a
"AudioCS" = Creative Audio Control Panel
"AutoGK" = Auto Gordian Knot 2.45
"AviSynth" = AviSynth 2.5
"Baldur's Gate" = Baldur's Gate
"Battle.net" = Battle.net
"BOWEP setup" = BOWEP setup
"CaseCAD_is1" = CaseCAD
"CCleaner" = CCleaner
"CED Data Collector" = CED Data Collector
"Celestial Information Tool 3.0" = Celestial Information Tool 3.0
"Cinema Craft Encoder SP" = Cinema Craft Encoder SP Version 2.50
"Cisco TFTP Server v1.1" = Cisco TFTP Server v1.1
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"ClonyXXL_is1" = ClonyXXL
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"Console Launcher" = Creative Console Launcher
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Media Toolbox" = Creative Media Toolbox
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Volume Panel" = Volume Panel
"Cubasis VST 4" = Cubasis VST 4
"D2SRoBa" = D2SRoBa 3.80
"DC++" = DC++ 0.707
"Dekart Private Disk" = Dekart Private Disk 2.12
"Desktop Encyclopedia" = Desktop Encyclopedia
"Diablo" = Diablo
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DreamSuite" = Uninstall DreamSuite
"DriverCleanerDotNET" = Driver Cleaner.NET
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"DungeonSiege2" = Dungeon Siege 2
"DVD2SVCD Software Bundle_is1" = DVD2SVCD 1.2.3 Build 1
"EASEUS Partition Master Server Edition_is1" = EASEUS Partition Master 7.0.1 Server Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ewidoantimalware" = ewido anti-malware
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FIREHOUSE Software 6" = FIREHOUSE Software 6
"FIREHOUSE Software 6 Documentation" = FIREHOUSE Software 6 Documentation
"FIREHOUSE Software 7" = FIREHOUSE Software 7
"FIREHOUSE Software 7 Documentation" = FIREHOUSE Software 7 Documentation
"fishMaus99" = fishMaus Screen Saver
"foobar2000" = foobar2000 v0.9.6.5
"FTDICOMM" = USB Download Interface Driver
"Game Jackal v4_is1" = Game Jackal v4.1.1.2 (32 bit)
"Game Jackal_is1" = Game Jackal v3.2.1.4 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"Handmark® Monopoly® for Pocket PC" = Handmark® Monopoly® for Pocket PC
"Hellfire" = Hellfire
"HijackThis" = HijackThis 1.99.1
"HP Photo & Imaging" = HP Image Zone 4.7
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"Icon Extractor Package Version 1.1_is1" = Icon Extractor Package Version 1.1
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"IGN Download Manager" = IGN Download Manager 2.2.1
"Image for Windows (V2)_is1" = Image for Windows 2.61
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IsoBuster_is1" = IsoBuster 1.9
"JDSecure" = JD Secure 3.1
"Juniper Network Connect 5.1.0" = Juniper Networks Network Connect 5.1.0
"Juniper Network Connect 5.4.0" = Juniper Networks Network Connect 5.4.0
"Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
"Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0
"Kiwi Syslog Daemon" = Kiwi Syslog Daemon 8.2.3  (Service Edition)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Loran and GPS Vault 75c Eval (95/98/NT/2K)" = Loran and GPS Vault 75c Eval (95/98/NT/2K)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microangelo 5.0" = Microangelo 5.5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"NFIRS 5 Alive" = NFIRS 5 Alive 2004.6
"NFIRS 5 Alive - Tools" = NFIRS 5 Alive - Tools 2004.6
"NIS" = Norton Internet Security
"nLite_is1" = nLite 1.4.5 beta 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 0.7.14
"OpenAL" = OpenAL
"PFPortChecker" = PFPortChecker 1.0.36
"PowerISO" = PowerISO
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Quicken WillMaker Plus 2007" = Quicken WillMaker Plus 2007
"QuicktimeAlt_is1" = QuickTime Alternative 1.66
"RealAlt_is1" = Real Alternative 1.45
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SFBM" = SoundFont Bank Manager
"Shop for HP Supplies" = Shop for HP Supplies
"Sierra I6" = Sierra I6
"Sierra I6 Update" = Sierra I6 Update
"Sierra Utilities" = Sierra Utilities
"Smart Wedding 4.0" = Smart Wedding 4.0
"ST5UNST #1" = Ballistics
"ST5UNST #2" = QuickLOAD
"ST6UNST #1" = Brad Smith Easy MD5 Creator
"ST6UNST #2" = Brad Smith Easy SFV Creator
"Steam App 420" = Half-Life 2: Episode Two
"Steam(TM)" = Steam(TM)
"SysInfo" = Creative System Information
"Tag&Rename_is1" = Tag&Rename
"TBIView_is1" = TBIView 4.24 - TBIMount 1.06
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.22
"UltraISO_is1" = UltraISO V7.21 SR-2
"Unreal Tournament CTF EAL Files" = Unreal Tournament CTF EAL Files
"Unreal Tournament Death Match EAL Files" = Unreal Tournament Death Match EAL Files
"Unreal Tournament EAX Patcher" = Unreal Tournament EAX Patcher
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"UT2003" = Unreal Tournament 2003
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VISPROR" = Microsoft Office Visio Professional 2007
"VisualRoute" = VisualRoute
"VobSub" = VobSub v2.23 (Remove Only)
"Waterworld Charts User Manual" = Waterworld Charts User Manual
"Waterworld Charts User Manual 15" = Waterworld Charts User Manual 15
"Waterworld Charts Web Ver 15b" = Waterworld Charts Web Ver 15b
"Waterworld Charts Web Ver 16" = Waterworld Charts Web Ver 16
"Waterworld xTides32 and Currents 2.5" = Waterworld xTides32 and Currents 2.5
"WaveLab Lite" = WaveLab Lite
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"xp-AntiSpy" = xp-AntiSpy 3.97-3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Zuma Deluxe RA" = Zuma Deluxe RA
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1123561945-1547161642-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CED USB Data Collector" = CED USB Data Collector
"Steam App 360" = Half-Life Deathmatch: Source
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ OSession Events ]
Error - 9/27/2009 3:30:48 AM | Computer Name = GOLIATH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/22/2010 12:50:02 PM | Computer Name = GOLIATH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 106
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 4/4/2011 12:40:49 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 4/4/2011 12:40:49 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error:   %%2
 
Error - 4/4/2011 10:19:29 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 4/4/2011 10:19:29 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error:   %%2
 
Error - 4/5/2011 12:15:26 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 4/5/2011 12:15:26 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error:   %%2
 
Error - 4/5/2011 5:20:44 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 4/5/2011 5:20:44 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error:   %%2
 
Error - 4/6/2011 5:48:53 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 4/6/2011 5:48:53 PM | Computer Name = GOLIATH | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error:   %%2
 
 
< End of report >

Edited by HateTheSnow, 06 April 2011 - 05:22 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 06 April 2011 - 05:49 PM

Hi,

fixmbr will usually take good care of a mbr infection. However it is possible that there are leftovers from the infection.

I would like you to run a scan with TDSSKiller:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 HateTheSnow

HateTheSnow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 April 2011 - 05:59 PM

Done, and all looks good.

Posted Image

TDSSKiller Logfile
2011/04/06 18:53:59.0453 5296	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 18:54:00.0265 5296	================================================================================
2011/04/06 18:54:00.0265 5296	SystemInfo:
2011/04/06 18:54:00.0265 5296	
2011/04/06 18:54:00.0265 5296	OS Version: 5.1.2600 ServicePack: 3.0
2011/04/06 18:54:00.0265 5296	Product type: Workstation
2011/04/06 18:54:00.0265 5296	ComputerName: GOLIATH
2011/04/06 18:54:00.0265 5296	UserName: David
2011/04/06 18:54:00.0265 5296	Windows directory: C:\WINDOWS
2011/04/06 18:54:00.0265 5296	System windows directory: C:\WINDOWS
2011/04/06 18:54:00.0265 5296	Processor architecture: Intel x86
2011/04/06 18:54:00.0265 5296	Number of processors: 4
2011/04/06 18:54:00.0265 5296	Page size: 0x1000
2011/04/06 18:54:00.0265 5296	Boot type: Normal boot
2011/04/06 18:54:00.0265 5296	================================================================================
2011/04/06 18:54:00.0609 5296	Initialize success
2011/04/06 18:54:04.0625 4524	================================================================================
2011/04/06 18:54:04.0625 4524	Scan started
2011/04/06 18:54:04.0625 4524	Mode: Manual; 
2011/04/06 18:54:04.0625 4524	================================================================================
2011/04/06 18:54:05.0156 4524	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/06 18:54:05.0218 4524	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/06 18:54:05.0265 4524	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/06 18:54:05.0296 4524	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/06 18:54:05.0390 4524	AmdK8           (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/04/06 18:54:05.0406 4524	AmdPPM          (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/04/06 18:54:05.0468 4524	AnyDVD          (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/04/06 18:54:05.0656 4524	Aspi32          (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\aspi32.sys
2011/04/06 18:54:05.0687 4524	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/06 18:54:05.0703 4524	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/06 18:54:05.0750 4524	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/06 18:54:05.0781 4524	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/06 18:54:05.0828 4524	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/06 18:54:05.0921 4524	BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/06 18:54:05.0953 4524	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/06 18:54:06.0000 4524	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/06 18:54:06.0015 4524	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/06 18:54:06.0046 4524	cdrbsdrv        (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/04/06 18:54:06.0062 4524	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/06 18:54:06.0171 4524	CT20XUT         (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
2011/04/06 18:54:06.0234 4524	CT20XUT.SYS     (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
2011/04/06 18:54:06.0265 4524	ctac32k         (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/04/06 18:54:06.0296 4524	ctaud2k         (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/04/06 18:54:06.0343 4524	ctdvda2k        (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/04/06 18:54:08.0203 4524	CTEXFIFX        (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
2011/04/06 18:54:08.0250 4524	CTEXFIFX.SYS    (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
2011/04/06 18:54:08.0281 4524	CTHWIUT         (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
2011/04/06 18:54:08.0312 4524	CTHWIUT.SYS     (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
2011/04/06 18:54:08.0328 4524	ctprxy2k        (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/04/06 18:54:08.0359 4524	ctsfm2k         (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/04/06 18:54:08.0421 4524	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/06 18:54:08.0468 4524	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/06 18:54:08.0500 4524	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/06 18:54:08.0515 4524	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/06 18:54:08.0531 4524	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/06 18:54:08.0578 4524	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/06 18:54:08.0609 4524	dsNcAdpt        (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/04/06 18:54:08.0703 4524	eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/06 18:54:08.0765 4524	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/04/06 18:54:08.0781 4524	ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/04/06 18:54:08.0812 4524	emupia          (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/04/06 18:54:08.0843 4524	epmntdrv        (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/04/06 18:54:08.0859 4524	EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/06 18:54:08.0890 4524	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/04/06 18:54:08.0937 4524	EverestDriver   (898ad7d508f6ade242d94752e09f4152) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
2011/04/06 18:54:08.0953 4524	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/06 18:54:08.0984 4524	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/06 18:54:09.0000 4524	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/06 18:54:09.0015 4524	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/06 18:54:09.0031 4524	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/06 18:54:09.0062 4524	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/06 18:54:09.0093 4524	FTDIBUS         (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/04/06 18:54:09.0125 4524	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/06 18:54:09.0156 4524	FTSER2K         (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/04/06 18:54:09.0218 4524	GhPciScan       (3a7c94ed99fe7fe05d88b26f97614626) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
2011/04/06 18:54:09.0281 4524	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/06 18:54:09.0312 4524	grmnusb         (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/04/06 18:54:09.0375 4524	ha20x2k         (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
2011/04/06 18:54:09.0437 4524	HCF_MSFT        (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2011/04/06 18:54:09.0468 4524	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/06 18:54:09.0515 4524	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/06 18:54:09.0531 4524	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/06 18:54:09.0578 4524	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/06 18:54:09.0609 4524	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/06 18:54:09.0671 4524	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/06 18:54:09.0781 4524	IDSxpx86        (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSxpx86.sys
2011/04/06 18:54:09.0796 4524	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/06 18:54:09.0859 4524	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/06 18:54:09.0906 4524	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/06 18:54:09.0953 4524	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/06 18:54:09.0968 4524	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/06 18:54:09.0984 4524	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/06 18:54:10.0015 4524	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/06 18:54:10.0046 4524	ISAIONT         (8b816a37060c4e1f0a34f24e59938c12) C:\WINDOWS\system32\drivers\ISAIONT.sys
2011/04/06 18:54:10.0078 4524	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/06 18:54:10.0109 4524	itchfltr        (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2011/04/06 18:54:10.0125 4524	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/06 18:54:10.0156 4524	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/06 18:54:10.0187 4524	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/06 18:54:10.0234 4524	L8042Kbd        (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/04/06 18:54:10.0265 4524	Lbd             (52320254d74ea11b6f129e7df1016975) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/06 18:54:10.0296 4524	LBeepKE         (ac3b39817bfde9735f5654468dbf7d49) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/04/06 18:54:10.0343 4524	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/04/06 18:54:10.0375 4524	LHidKe          (dd40c03d85649205ec086722474c8a63) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/04/06 18:54:10.0390 4524	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/04/06 18:54:10.0406 4524	LMouKE          (2ebd4c02d259944869630a912ec86bce) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/04/06 18:54:10.0437 4524	LxrJD31d        (3f6f7993ae46aded2db2886ed3080c80) C:\WINDOWS\system32\Drivers\LxrJD31d.sys
2011/04/06 18:54:10.0500 4524	mamotou         (406ea3b1bd43a2c14eeee06c49df0d5d) C:\WINDOWS\system32\DRIVERS\mamotou.sys
2011/04/06 18:54:10.0531 4524	Maplom          (32860fcaa587d88e42cb09e854a27740) C:\WINDOWS\system32\drivers\Maplom.sys
2011/04/06 18:54:10.0546 4524	MaplomL         (c9720fb5c0e79df4d6c641388f4a61f6) C:\WINDOWS\system32\drivers\MaplomL.sys
2011/04/06 18:54:10.0578 4524	MaRdPnp         (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/04/06 18:54:10.0609 4524	MemMapNt        (b4f4ae2e4f58f808f46153f7f573b23f) C:\WINDOWS\system32\drivers\MemMapNt.sys
2011/04/06 18:54:10.0656 4524	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/06 18:54:10.0703 4524	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/06 18:54:10.0734 4524	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/06 18:54:10.0750 4524	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/06 18:54:10.0796 4524	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/06 18:54:10.0828 4524	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/06 18:54:10.0875 4524	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/06 18:54:10.0921 4524	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/06 18:54:10.0953 4524	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/06 18:54:10.0968 4524	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/06 18:54:10.0984 4524	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/06 18:54:11.0000 4524	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/06 18:54:11.0031 4524	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/06 18:54:11.0109 4524	NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS
2011/04/06 18:54:11.0156 4524	NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS
2011/04/06 18:54:11.0203 4524	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/06 18:54:11.0234 4524	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/06 18:54:11.0250 4524	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/06 18:54:11.0265 4524	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/06 18:54:11.0281 4524	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/06 18:54:11.0312 4524	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/06 18:54:11.0328 4524	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/06 18:54:11.0390 4524	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/06 18:54:11.0406 4524	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/06 18:54:11.0453 4524	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/06 18:54:11.0640 4524	nv              (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/06 18:54:11.0812 4524	nvata           (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/04/06 18:54:11.0843 4524	nvatabus        (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/04/06 18:54:11.0875 4524	NVENETFD        (97724affdd7a5a47c3bc07ccd1b88745) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/06 18:54:11.0906 4524	nvnetbus        (82c2b3a89b9edfa6287c5aba1a4e6a99) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/06 18:54:11.0921 4524	nvraid          (b65ce56c36f573113ff2f6d0f07b7563) C:\WINDOWS\system32\DRIVERS\nvraid.sys
2011/04/06 18:54:11.0968 4524	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/06 18:54:12.0000 4524	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/06 18:54:12.0046 4524	ossrv           (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/04/06 18:54:12.0093 4524	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/06 18:54:12.0109 4524	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/06 18:54:12.0156 4524	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/06 18:54:12.0156 4524	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/06 18:54:12.0203 4524	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/06 18:54:12.0234 4524	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/06 18:54:12.0296 4524	PDFILTER        (b961c18e6c05f53c0b249f872a607461) C:\program files\dekart\private disk\PDFILTER.SYS
2011/04/06 18:54:12.0359 4524	PDRJNDL         (56408642f95c1b6a421559aca1d87994) C:\program files\dekart\private disk\PDRJNDL.SYS
2011/04/06 18:54:12.0453 4524	phylock         (aba988df7d1b85f1df71396f2afc7dca) C:\WINDOWS\system32\drivers\phylock.sys
2011/04/06 18:54:12.0515 4524	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/06 18:54:12.0531 4524	Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/06 18:54:12.0562 4524	PRVDISK         (779e92d5614e50bae4a16ec298c9e0dd) C:\program files\dekart\private disk\PRVDISK.SYS
2011/04/06 18:54:12.0578 4524	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/06 18:54:12.0593 4524	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/06 18:54:12.0609 4524	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/06 18:54:12.0703 4524	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/06 18:54:12.0750 4524	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/06 18:54:12.0765 4524	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/06 18:54:12.0781 4524	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/06 18:54:12.0812 4524	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/06 18:54:12.0828 4524	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/06 18:54:12.0843 4524	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/06 18:54:12.0890 4524	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/06 18:54:12.0921 4524	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/06 18:54:13.0000 4524	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/06 18:54:13.0015 4524	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/06 18:54:13.0046 4524	SCDEmu          (64a5841a6c8942ebe9621ed4fed66869) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/04/06 18:54:13.0093 4524	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/06 18:54:13.0125 4524	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/06 18:54:13.0140 4524	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/06 18:54:13.0203 4524	sfdrv01         (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/04/06 18:54:13.0218 4524	sfhlp02         (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/04/06 18:54:13.0250 4524	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/06 18:54:13.0265 4524	sfsync02        (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/04/06 18:54:13.0328 4524	SMBus           (fb250e42a967e09ac8f61c9f63aba932) C:\WINDOWS\system32\drivers\SMBus.sys
2011/04/06 18:54:13.0406 4524	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/06 18:54:13.0437 4524	sptd            (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\System32\Drivers\sptd.sys
2011/04/06 18:54:13.0515 4524	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/06 18:54:13.0578 4524	SRTSP           (a7a104a61c4e30de9c58f8c372a5c209) C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/06 18:54:13.0609 4524	SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/06 18:54:13.0640 4524	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/06 18:54:13.0671 4524	superbmc        (9014c3616a77433a13bd51dada591356) C:\WINDOWS\system32\drivers\superbmc.sys
2011/04/06 18:54:13.0703 4524	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/06 18:54:13.0718 4524	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/06 18:54:13.0796 4524	SymDS           (bdf077b897b5f9f929b6bf0cfd436962) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/06 18:54:13.0843 4524	SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/06 18:54:13.0875 4524	SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/04/06 18:54:13.0906 4524	SymIM           (b571a32ca2752f13b69f1da01ae03cbe) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/04/06 18:54:13.0921 4524	SymIMMP         (b571a32ca2752f13b69f1da01ae03cbe) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/04/06 18:54:14.0000 4524	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/06 18:54:14.0031 4524	SYMTDI          (8c07683bf02b63ad71bcb2cf28af2d06) C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS
2011/04/06 18:54:14.0093 4524	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/06 18:54:14.0125 4524	TBIMount        (ca17a20aebd5a253e129187396e7751d) C:\WINDOWS\System32\drivers\tbimount.sys
2011/04/06 18:54:14.0171 4524	Tcpip           (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/06 18:54:14.0203 4524	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/06 18:54:14.0234 4524	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/06 18:54:14.0250 4524	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/06 18:54:14.0312 4524	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/06 18:54:14.0375 4524	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/06 18:54:14.0421 4524	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/06 18:54:14.0453 4524	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/06 18:54:14.0468 4524	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/06 18:54:14.0500 4524	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/06 18:54:14.0531 4524	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/06 18:54:14.0546 4524	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/06 18:54:14.0593 4524	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/04/06 18:54:14.0609 4524	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/06 18:54:14.0625 4524	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/04/06 18:54:14.0656 4524	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/06 18:54:14.0687 4524	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/06 18:54:14.0750 4524	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/06 18:54:14.0765 4524	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/04/06 18:54:14.0812 4524	Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/06 18:54:14.0859 4524	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/06 18:54:14.0953 4524	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/06 18:54:15.0078 4524	================================================================================
2011/04/06 18:54:15.0078 4524	Scan finished
2011/04/06 18:54:15.0078 4524	================================================================================
2011/04/06 18:57:23.0359 5432	Deinitialize success

Edited by HateTheSnow, 06 April 2011 - 06:01 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 06 April 2011 - 06:17 PM

Hi,

that is looking good. Please also run ascan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 HateTheSnow

HateTheSnow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 April 2011 - 06:35 PM

Done!

  • Removed the current version, which was up-to-date via online patches...previously ran a Full Scan in Windows mode & came up clean after the Mebroot FIXMBR cleanup
  • Installed the current version (v1.5.0.1100)
  • Definitions were updated
  • Ran a Quick Scan in Windows mode...came up clean

mbam-log-2011-01-06 (19-32-33).txt
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6291

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/6/2011 7:32:33 PM
mbam-log-2011-04-06 (19-32-33).txt

Scan type: Quick scan
Objects scanned: 185689
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by HateTheSnow, 06 April 2011 - 06:37 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 06 April 2011 - 06:48 PM

Hi,

oh I didn't know the version you had was updated. Since Malwarebytes doesn't update automatically in the free version, we usually see very outdated versions if we don't ask for a reinstall.

This is all looking good. Have you had any suspicious activities after Norton cleaned the PC?

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 HateTheSnow

HateTheSnow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 April 2011 - 07:17 PM

No problems at all from what I can tell.

I have always made a practice of patching any security apps before running a scan. Despite the infection, that's one of the benefits of running a bastion network with critical data stored on a centralized server...a change of a cable puts the comprimised workstation on the DMZ with minimal risk to sensitive data. The external router/firewall is from our Internet provider (w/ a few of my own custom rules thrown in for good measure), but the internal router/firewall is a Cisco product that is fairly well locked down with my home-brew config. The system has been on the DMZ since the first notice of infection, but I have not seen any indications of problems since running the FIXMBR tool on all drives. I have been running a utility to catpture packets on the workstation after running FIXMBR and I cannot see any unexplained network traffic.

With that in mind, everything appears to be clean, but I am not going to even pretend to be an expert on removing rootkit infections like this.

Edited by HateTheSnow, 06 April 2011 - 07:22 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 06 April 2011 - 07:25 PM

Hi,

I can see no indication of leftovers either. There are basically 3 "big groups" of infection that you see for the MBR infections: TDL, Sinowal and Whistler.

Both Sinowal and TDL are able of logging keystrokes and stealing data, while Whistler is more harmless. Both TDL and Whistler show symptoms on the infected PC: A PC infected with TDL would show googlen redirects, while an infection with Whistler would cause popups.

The leftovers of sinowal would show an executable file outside of the partition boundaries or a modification of the helpassistant account and an activation of remote help.

I can see none of these things: That leaves three possibilities: 1) We are looking at a new MBR based infection, 2)we're looking at either TDL or Whistler which were "gone" after running fixmbr, 3) we're looking at a false positive from Norton.

This being said, I don't know where or what drive 0x85 is and if it is currently attached at the PC, I guess you know. An MBR infection is not active as long as you don't boot from the PC. So attaching the drive will not execute the MBR. Since we have no backup of the previous MBR we can also not take a closer look to see what was really in it.
I guess it is ultimately up to you whether you deem the PC safe enough or not now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 HateTheSnow

HateTheSnow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 06 April 2011 - 07:49 PM

Thanks myrti.

I have no idea what drive 0x85 is either...my guess is it's symantec code for "we think we know, but don't want you to think we don't know."

It's possible the notice could be from one of the removeable drives I have which were not scanned. While they are only attached to systems at my workplace, I have less confidence in what's on that network than what I have a home. I will set up a system on the DMZ to scan those drives before re-using them on the local network...or better yet, just wipe them clean after recovering the data, pending a scan with no alerts.

Just to be on the safe side of a new MBR technique, I will leave the current system on the DMZ until I can zero-wipe the drives and install Win 7. In the interim, if I seen any new activity I will start a new topic in the appropriate forum. While the other systems I have for daily tasks are considerably slower, it's the safer bet IMO.

Thanks again for all the help.

Regards,
HateTheSnow

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 07 April 2011 - 04:12 AM

Hi,

that sounds like a good option. If you don't have any more questions, I'll lock the topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 HateTheSnow

HateTheSnow
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 07 April 2011 - 11:57 AM

I don't see anything left to do at this point except rebuild the workstation when I have some free time, so you can close this topic.

Again, thanks for the assistance, as well as all the work you and the rest of the team are doing here. It's a valuable resource to the community and is very much appreciated.

Take care,
HateTheSnow

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:28 PM

Posted 07 April 2011 - 12:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users