Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple problems


  • This topic is locked This topic is locked
24 replies to this topic

#1 George1947

George1947

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 13 April 2011 - 07:23 PM

I seem to have so many problems that it could be easier to list what works, rather then what doesn't work.

Here goes with what does not work::

1 The task bar is not present without forcing it to appear by enabling Quick Launch. When it appears it does not allow anything to be visible on the task bar when minimizing.
2 Drag and drop do not function at all.
3 No copy and paste. The context menus have paste and paste special greyed out.
4 Search does not work at all.
5 System restore points are all gone, and I cannot create new restore points.
6 Sound output is disabled.
7 Send to on context menu does not allow files to be sent to cd drive.
8 Avast AV and Malware Bytes do not work at all.
Avast won't allow scans. Uninstall and reinstall does no good.
Malware Bytes does not load. It stops at a message stating vbalsgrid6.ocx is an older version.
Uninstal and reinstall does no good.

The system is an older eMachines Celeron.
Model T-2682, 2GB memory, 2HDD, XP Professional, SP3.

I have tried other spyware and malware programs, but nothing has found or fixed the problems. I tried AVG, Avira, Clamwin, SuperAntispyware, TDSkiller, Kaspersky ADVtool, Microsoft RootkitReveler to name a few.

I hope you can help me with the batch of problems. Thank you in advance. I hope I have all the information needed this time.Please let me know if more data is required.

George 1947
Attached File  DDS.txt   7.98KB   1 downloads
Attached File  GMER 1.0.15.15570.log   25.44KB   1 downloads

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 10:30:06.28 on Wed 04/13/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS.2\Explorer.EXE
C:\WINDOWS.2\SOUNDMAN.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\dds.scr
C:\WINDOWS.2\System32\svchost.exe -k netsvcs
C:\WINDOWS.2\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.Google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: UseDesktopiniCache = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.2\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\r7f3cdv7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter
R? MatSvc;Microsoft Automated Troubleshooting Service
R? osppsvc;Office Software Protection Platform
R? Revoflt;Revoflt
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? 64205971;64205971
S? acssrv;Agnitum Client Security Service
S? afw;Agnitum firewall driver
S? afwcore;afwcore
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? cpuz135;cpuz135
S? PSI;PSI
S? SandBox;SandBox
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? setup_9.0.0.722_05.04.2011_06-38drv;setup_9.0.0.722_05.04.2011_06-38drv
.
=============== Created Last 30 ================
.
2011-04-13 13:55:27 704384 ----a-w- c:\windows.2\system32\drivers\SandBox.sys
2011-04-13 13:55:17 257432 ----a-w- c:\windows.2\system32\drivers\afwcore.sys
2011-04-13 13:52:58 31128 ----a-w- c:\windows.2\system32\drivers\afw.sys
2011-04-13 13:52:50 -------- d-----w- c:\program files\Agnitum
2011-04-12 18:10:48 61960 ----a-w- c:\windows.2\system32\drivers\avgntflt.sys
2011-04-12 18:10:45 -------- d-----w- c:\program files\Avira
2011-04-12 18:10:45 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\Avira
2011-04-07 11:49:05 -------- d-sha-r- C:\cmdcons
2011-04-07 11:44:52 98816 ----a-w- c:\windows.2\sed.exe
2011-04-07 11:44:52 89088 ----a-w- c:\windows.2\MBR.exe
2011-04-07 11:44:52 256512 ----a-w- c:\windows.2\PEV.exe
2011-04-07 11:44:52 161792 ----a-w- c:\windows.2\SWREG.exe
2011-04-06 15:31:30 -------- d-----w- c:\program files\AVAST Software
2011-04-06 15:31:30 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\AVAST Software
2011-04-06 13:23:03 -------- d-----w- c:\docume~1\admini~1\applic~1\.clamwin
2011-04-06 13:22:26 -------- d-----w- c:\program files\ClamWin
2011-04-06 13:22:26 -------- d-----w- c:\documents and settings\all users.windows.2\.clamwin
2011-04-06 01:40:25 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\MFAData
2011-04-05 22:23:10 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\SUPERAntiSpyware.com
2011-04-05 22:23:10 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2011-04-05 22:22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-05 03:43:11 315408 ----a-w- c:\windows.2\system32\drivers\6420597.sys
2011-04-05 03:43:11 128016 ----a-w- c:\windows.2\system32\drivers\64205971.sys
2011-04-05 02:38:36 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\Kaspersky Lab Setup Files
2011-03-30 19:40:34 21992 ----a-w- c:\windows.2\system32\drivers\cpuz135_x32.sys
2011-03-30 19:40:33 -------- d-----w- c:\program files\CPUID
2011-03-24 19:18:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 19:18:46 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-24 19:18:46 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-24 19:18:45 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-24 19:18:45 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-24 19:18:45 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-24 19:18:45 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-24 19:18:45 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-17 01:54:45 -------- d-----w- C:\TEMP RECUVA
.
==================== Find3M ====================
.
2011-03-27 03:04:09 212992 ----a-w- c:\windows.2\system32\mfplat.dll
2011-03-03 18:52:59 86016 -c--a-w- c:\windows.2\system32\sl_anet.acm
2011-03-03 18:51:50 28672 -c--a-w- c:\windows.2\system32\dbnmpntw.dll
2011-03-03 18:51:50 24576 -c--a-w- c:\windows.2\system32\dbmsrpcn.dll
2011-03-03 18:51:46 77824 -c--a-w- c:\windows.2\system32\cliconfg.dll
2011-03-03 18:51:46 24576 -c--a-w- c:\windows.2\system32\cliconfg.rll
2011-03-03 18:51:46 20480 -c--a-w- c:\windows.2\system32\cliconfg.exe
2011-03-03 18:51:31 720896 -c----r- c:\windows.2\system32\Audio3D.dll
2011-03-03 18:51:30 8605696 -c----r- c:\windows.2\system32\ALSNDMGR.CPL
2011-03-03 18:51:29 765952 -c----r- c:\windows.2\system\crlds3d.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows.2\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows.2\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows.2\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows.2\system32\mstsc.exe
2011-01-21 14:44:37 439296 -c--a-w- c:\windows.2\system32\shimgvw.dll
.
============= FINISH: 10:33:04.23 ===============


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-13 19:51:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BB-22GUA0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxdcapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB203AA60]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB201FBF0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB203C920]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB201BF60]
SSDT F7A5F026 ZwCreateKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB20332B0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB2033BB0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB201AD10]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB2026E40]
SSDT F7A5F01C ZwCreateThread
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xB203FF30]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB2025B20]
SSDT F7A5F02B ZwDeleteKey
SSDT F7A5F035 ZwDeleteValueKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB2030BB0]
SSDT F7A5F03A ZwLoadKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB20266B0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB201EC10]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB2027FC0]
SSDT F7A5F008 ZwOpenProcess
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB201B580]
SSDT F7A5F00D ZwOpenThread
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB203BDA0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB20208A0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB202A750]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB202AFA0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB2039ED0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB202E590]
SSDT F7A5F044 ZwReplaceKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB203EA50]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB203ED70]
SSDT F7A5F03F ZwRestoreKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB202CC80]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB202D4D0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB203D480]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB2039440]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xB2040520]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB2021BF0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB20301C0]
SSDT F7A5F030 ZwSetValueKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB2038190]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB2038AC0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB203F770]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB20CF620]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB2037620]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB2031530]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB203B2B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 368 804E29D4 8 Bytes JMP ED70B203
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, 81, 03, B2, C0, 8A, 03, ...]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[224] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[224] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[224] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[224] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0059EB4C C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[248] kernel32.dll!LoadResource 7C80A055 5 Bytes JMP 0059E828 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[248] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0059EA88 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0059EB20 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[248] USER32.dll!EnableWindow 7E429849 5 Bytes JMP 0116944C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 0059EAF4 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[372] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[524] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[524] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[524] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[524] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[672] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[672] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[672] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[672] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[992] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[992] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[992] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[992] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1108] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1108] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1108] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1108] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1320] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1320] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1320] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1320] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1536] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1536] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1536] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1536] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1584] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1584] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1584] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\notepad.exe[1584] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1728] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1728] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1728] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1728] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[1772] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[1772] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[1772] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[1772] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[1872] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[1872] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[1872] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[1872] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[1896] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[1896] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[1896] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[1896] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1972] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1972] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1972] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1972] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\Ip6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\RawIp6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\Tcp6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\Udp6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 22 April 2011 - 07:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 April 2011 - 04:03 PM

Thanks for your reply.
I appreciate your direction. There is no need for you to apologize for anything. My time is yours and anybody who chooses to reply and help.
I cannot be more clear about what is wrong more than what I wrote in my original post. I could add that I don't think it all happened at once. It started with a big
system slowdown. Then the rest of the errors appeared and showed their ugly heads in small increments, to finally all the problems were visible. Or they were there and I didn't notice them until I needed to run a program or copy/move/paste a file.
I tried to run all the mentioned spyware scans, virus scans and malware programs in safe mode and standard mode. I had Malwarebytes, Avast and Spybot installed when this problem appeared. Now the only one that will run is Spybot. It finds no problems. All the others were DLed and used. I even ran some from a CD installation.
The machine has been OFF and offline since my original post. Nothing should have changed, but I ran current versions of DDS and GMER. Thanks in advance.

To follow are the requested files.

.
DDS (Ver_11-03-05.01) - NTFSx86

Run by Administrator at 10:54:32.10 on Fri 04/22/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS.2\Explorer.EXE
C:\WINDOWS.2\SOUNDMAN.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\dds.scr
C:\WINDOWS.2\System32\svchost.exe -k netsvcs
C:\WINDOWS.2\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.Google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: UseDesktopiniCache = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.2\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\r7f3cdv7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter
R? MatSvc;Microsoft Automated Troubleshooting Service
R? osppsvc;Office Software Protection Platform
R? Revoflt;Revoflt
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? 64205971;64205971
S? acssrv;Agnitum Client Security Service
S? afw;Agnitum firewall driver
S? afwcore;afwcore
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? cpuz135;cpuz135
S? PSI;PSI
S? SandBox;SandBox
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? setup_9.0.0.722_05.04.2011_06-38drv;setup_9.0.0.722_05.04.2011_06-38drv
.
=============== Created Last 30 ================
.
2011-04-13 13:55:27 704384 ----a-w- c:\windows.2\system32\drivers\SandBox.sys
2011-04-13 13:55:17 257432 ----a-w- c:\windows.2\system32\drivers\afwcore.sys
2011-04-13 13:52:58 31128 ----a-w- c:\windows.2\system32\drivers\afw.sys
2011-04-13 13:52:50 -------- d-----w- c:\program files\Agnitum
2011-04-12 18:10:48 61960 ----a-w- c:\windows.2\system32\drivers\avgntflt.sys
2011-04-12 18:10:45 -------- d-----w- c:\program files\Avira
2011-04-12 18:10:45 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\Avira
2011-04-07 11:49:05 -------- d-sha-r- C:\cmdcons
2011-04-07 11:44:52 98816 ----a-w- c:\windows.2\sed.exe
2011-04-07 11:44:52 89088 ----a-w- c:\windows.2\MBR.exe
2011-04-07 11:44:52 256512 ----a-w- c:\windows.2\PEV.exe
2011-04-07 11:44:52 161792 ----a-w- c:\windows.2\SWREG.exe
2011-04-06 15:31:30 -------- d-----w- c:\program files\AVAST Software
2011-04-06 15:31:30 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\AVAST Software
2011-04-06 13:23:03 -------- d-----w- c:\docume~1\admini~1\applic~1\.clamwin
2011-04-06 13:22:26 -------- d-----w- c:\program files\ClamWin
2011-04-06 13:22:26 -------- d-----w- c:\documents and settings\all users.windows.2\.clamwin
2011-04-06 01:40:25 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\MFAData
2011-04-05 22:23:10 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\SUPERAntiSpyware.com
2011-04-05 22:23:10 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2011-04-05 22:22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-05 03:43:11 315408 ----a-w- c:\windows.2\system32\drivers\6420597.sys
2011-04-05 03:43:11 128016 ----a-w- c:\windows.2\system32\drivers\64205971.sys
2011-04-05 02:38:36 -------- d-----w- c:\docume~1\alluse~1.2\applic~1\Kaspersky Lab Setup Files
2011-03-30 19:40:34 21992 ----a-w- c:\windows.2\system32\drivers\cpuz135_x32.sys
2011-03-30 19:40:33 -------- d-----w- c:\program files\CPUID
2011-03-24 19:18:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 19:18:46 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-24 19:18:46 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-24 19:18:45 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-24 19:18:45 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-24 19:18:45 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-24 19:18:45 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-24 19:18:45 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
.
==================== Find3M ====================
.
2011-03-27 03:04:09 212992 ----a-w- c:\windows.2\system32\mfplat.dll
2011-03-03 18:52:59 86016 -c--a-w- c:\windows.2\system32\sl_anet.acm
2011-03-03 18:51:50 28672 -c--a-w- c:\windows.2\system32\dbnmpntw.dll
2011-03-03 18:51:50 24576 -c--a-w- c:\windows.2\system32\dbmsrpcn.dll
2011-03-03 18:51:46 77824 -c--a-w- c:\windows.2\system32\cliconfg.dll
2011-03-03 18:51:46 24576 -c--a-w- c:\windows.2\system32\cliconfg.rll
2011-03-03 18:51:46 20480 -c--a-w- c:\windows.2\system32\cliconfg.exe
2011-03-03 18:51:31 720896 -c----r- c:\windows.2\system32\Audio3D.dll
2011-03-03 18:51:30 8605696 -c----r- c:\windows.2\system32\ALSNDMGR.CPL
2011-03-03 18:51:29 765952 -c----r- c:\windows.2\system\crlds3d.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows.2\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows.2\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows.2\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows.2\system32\mstsc.exe
.
============= FINISH: 10:58:29.53 ===============




GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-22 16:27:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BB-22GUA0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxdcapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB203AA60]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB201FBF0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB203C920]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB201BF60]
SSDT F7A5152E ZwCreateKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB20332B0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB2033BB0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB201AD10]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB2026E40]
SSDT F7A51524 ZwCreateThread
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xB203FF30]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB2025B20]
SSDT F7A51533 ZwDeleteKey
SSDT F7A5153D ZwDeleteValueKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB2030BB0]
SSDT F7A51542 ZwLoadKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB20266B0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB201EC10]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB2027FC0]
SSDT F7A51510 ZwOpenProcess
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB201B580]
SSDT F7A51515 ZwOpenThread
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB203BDA0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB20208A0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB202A750]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB202AFA0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB2039ED0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB202E590]
SSDT F7A5154C ZwReplaceKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB203EA50]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB203ED70]
SSDT F7A51547 ZwRestoreKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB202CC80]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB202D4D0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB203D480]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB2039440]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xB2040520]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB2021BF0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB20301C0]
SSDT F7A51538 ZwSetValueKey
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB2038190]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB2038AC0]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB203F770]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB20CF620]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB2037620]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB2031530]
SSDT \??\C:\WINDOWS.2\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB203B2B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 368 804E29D4 8 Bytes JMP ED70B203
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, 81, 03, B2, C0, 8A, 03, ...]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[384] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[552] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[552] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[552] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\SOUNDMAN.EXE[552] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[596] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[596] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[596] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ClamWin\bin\ClamTray.exe[596] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[620] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[620] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[620] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[620] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0059EB4C C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[628] kernel32.dll!LoadResource 7C80A055 5 Bytes JMP 0059E828 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[628] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0059EA88 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0059EB20 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[628] USER32.dll!EnableWindow 7E429849 5 Bytes JMP 0116944C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 0059EAF4 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[712] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[712] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[712] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[712] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[764] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[764] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[764] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[764] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\winlogon.exe[996] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[1060] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[1060] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[1060] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\PSIA.exe[1060] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\system32\services.exe[1160] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1180] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1180] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1180] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1180] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1368] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1368] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1368] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1368] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1632] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1632] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1632] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Secunia\PSI\sua.exe[1632] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1752] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1752] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1752] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1752] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[2020] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[2020] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[2020] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS.2\Explorer.EXE[2020] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\Ip6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\RawIp6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\Tcp6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip6 \Device\Udp6 afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 23 April 2011 - 12:45 AM

Hi George1947,

I'm going to assist you with your problem.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under Output select "Standard Output" checkbox.
  • Set Services, Drivers and Standard Registry to All.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#5 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 April 2011 - 09:24 AM

Thanks for your reply. I am sad to note that the file extras.txt was created and went to the taskbar, which does not work. Anything minimized there does not show up, nor can it be recovered. If I could redirect it's destination to the desktop or other directory it would be helpful. Search does not work so I cannot try to find it. Thanks for your input.
George

To follow is OTL.TXT:


OTL logfile created on: 4/23/2011 9:27:21 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.2 | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 72.78 Gb Free Space | 48.83% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/03/16 18:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/16 00:34:50 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/07/04 21:44:06 | 000,055,296 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.2\SOUNDMAN.EXE
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (All) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/03 14:48:34 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/03/03 14:36:41 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\6to4svc.dll -- (6to4)
SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/05 09:34:25 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2009/11/05 09:34:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\wudfsvc.dll -- (WudfSvc)
SRV - [2009/11/05 08:57:51 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/11/05 08:53:39 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/11/05 08:53:29 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\services.exe -- (PlugPlay)
SRV - [2009/11/05 08:53:29 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\services.exe -- (Eventlog)
SRV - [2009/11/05 08:53:23 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2009/11/05 08:53:14 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\es.dll -- (EventSystem)
SRV - [2009/11/05 08:52:58 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\advapi32.dll -- (Wmi)
SRV - [2009/10/09 17:23:10 | 001,107,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (PNRPSvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (p2psvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (p2pimsvc)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 07:00:00 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\netman.dll -- (Netman)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 07:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 07:00:00 | 000,175,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 07:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\rsvp.exe -- (RSVP)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 07:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 07:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 07:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 07:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 07:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\srvsvc.dll -- (LanmanServer)
SRV - [2008/04/14 07:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 07:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 07:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 07:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 07:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 07:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 07:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\sens.dll -- (SENS)
SRV - [2008/04/14 07:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 07:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\WINDOWS.2\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ups.exe -- (UPS)
SRV - [2008/04/14 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\alrsvc.dll -- (Alerter)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\snmptrap.exe -- (SNMPTRAP)
SRV - [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 07:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dllhost.exe -- (COMSysApp)
SRV - [2003/02/25 01:52:00 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Stopped] -- C:\WINDOWS.2\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS.2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/03 14:52:02 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS.2\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/09/11 01:39:49 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS.2\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/04 21:44:01 | 000,752,764 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2010/07/04 21:43:19 | 000,113,504 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2010/07/04 21:43:18 | 000,078,752 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2010/07/04 21:42:49 | 000,090,907 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\srv.sys -- (Srv)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 15:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/05 09:34:23 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\wudfrd.sys -- (WudfRd)
DRV - [2009/11/05 09:34:23 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\wudfpf.sys -- (WudfPf)
DRV - [2009/11/05 08:57:51 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\http.sys -- (HTTP)
DRV - [2009/11/05 08:57:51 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2009/11/05 08:57:51 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2009/11/05 08:57:51 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\aec.sys -- (aec)
DRV - [2009/11/05 08:57:51 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2009/11/05 08:57:51 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/11/05 08:57:51 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2009/11/05 08:57:51 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\parport.sys -- (Parport)
DRV - [2009/11/05 08:57:51 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2009/11/05 08:57:51 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\serial.sys -- (Serial)
DRV - [2009/11/05 08:57:51 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2009/11/05 08:57:51 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2009/11/05 08:57:51 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/11/05 08:57:51 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2009/11/05 08:57:51 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/11/05 08:57:51 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\imapi.sys -- (Imapi)
DRV - [2009/11/05 08:57:51 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2009/11/05 08:57:51 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/11/05 08:57:51 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2009/11/05 08:57:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/11/05 08:57:51 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\modem.sys -- (Modem)
DRV - [2009/11/05 08:57:51 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\fdc.sys -- (Fdc)
DRV - [2009/11/05 08:57:51 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2009/11/05 08:57:51 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2009/11/05 08:57:51 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2009/11/05 08:57:51 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2009/11/05 08:57:51 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\serenum.sys -- (serenum)
DRV - [2009/11/05 08:57:51 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/11/05 08:57:51 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\streamip.sys -- (streamip)
DRV - [2009/11/05 08:57:51 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2009/11/05 08:57:51 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\tunmp.sys -- (tunmp)
DRV - [2009/11/05 08:57:51 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS.2\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2009/11/05 08:57:51 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\slip.sys -- (SLIP)
DRV - [2009/11/05 08:57:51 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2009/11/05 08:57:51 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/11/05 08:57:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2009/11/05 08:57:51 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/11/05 08:57:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/11/05 08:57:51 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\swenum.sys -- (swenum)
DRV - [2009/11/05 08:57:51 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/11/05 08:57:16 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2009/11/05 08:57:16 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS.2\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2009/11/05 08:57:16 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2009/11/05 08:57:16 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2009/11/05 08:57:16 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2009/11/05 08:53:36 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/11/05 08:52:59 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\afd.sys -- (AFD)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\6420597.sys -- (setup_9.0.0.722_05.04.2011_06-38drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\64205971.sys -- (64205971)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/03/25 02:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/14 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 07:00:00 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 07:00:00 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 07:00:00 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/14 07:00:00 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 07:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS.2\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 07:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 07:00:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2008/04/14 07:00:00 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS.2\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/14 07:00:00 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 07:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/14 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 07:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS.2\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 07:00:00 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 07:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/04/14 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2008/04/14 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 07:00:00 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 07:00:00 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\raspti.sys -- (Raspti)
DRV - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2008/04/14 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 07:00:00 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/04/14 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS.2\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008/04/14 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\beep.sys -- (Beep)
DRV - [2008/04/14 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\null.sys -- (Null)
DRV - [2008/04/14 04:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 02:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/14 02:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 02:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 23:16:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 23:16:26 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 23:16:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 23:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 23:09:52 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 23:09:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 23:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 17:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\an983.sys -- (AN983)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001/12/03 11:57:22 | 000,145,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ICAM3D2.SYS -- (ICAM3NT5) Intel®
DRV - [2001/10/24 20:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.2\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.2\system32\blank.htm
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS.2\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.61
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS.2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/07 12:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 15:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:18:42 | 000,000,000 | ---D | M]

[2010/10/31 15:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/31 15:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/13 14:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7f3cdv7.default\extensions
[2011/03/09 19:08:58 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7f3cdv7.default\extensions\optout@dubfire.net
[2011/03/24 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 15:18:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2010/11/07 12:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS.2\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/07 08:37:49 | 000,000,027 | ---- | M]) - C:\WINDOWS.2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.2\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1177238915-492894223-2147063517-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopiniCache = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS.2\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS.2\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS.2\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS.2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS.2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS.2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS.2\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS.2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.2\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.2\system32\userinit.exe) - C:\WINDOWS.2\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS.2\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS.2\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS.2\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS.2\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS.2\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS.2\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS.2\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS.2\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS.2\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS.2\System32\wgalogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS.2\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS.2\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS.2\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS.2\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS.2\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS.2\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS.2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS.2\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS.2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS.2\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS.2\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/31 14:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 09:26:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/22 17:05:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/13 09:55:27 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\SandBox.sys
[2011/04/13 09:55:17 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\afwcore.sys
[2011/04/13 09:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Agnitum
[2011/04/13 09:52:58 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\afw.sys
[2011/04/13 09:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/04/12 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Avira
[2011/04/12 14:10:52 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\ssmdrv.sys
[2011/04/12 14:10:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avipbb.sys
[2011/04/12 14:10:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntflt.sys
[2011/04/12 14:10:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntdd.sys
[2011/04/12 14:10:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntmgr.sys
[2011/04/12 14:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/12 14:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Avira
[2011/04/11 23:09:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/04/08 12:32:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/07 09:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS.2\temp
[2011/04/07 07:49:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/07 07:44:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWREG.exe
[2011/04/07 07:44:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS.2\NIRCMD.exe
[2011/04/07 07:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWXCACLS.exe
[2011/04/07 07:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWSC.exe
[2011/04/07 07:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS.2\ERDNT
[2011/04/07 07:44:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/07 07:43:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/06 11:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/06 11:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\AVAST Software
[2011/04/06 09:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.clamwin
[2011/04/06 09:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\ClamWin Antivirus
[2011/04/06 09:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2011/04/06 09:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\.clamwin
[2011/04/05 21:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MFAData
[2011/04/05 18:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\SUPERAntiSpyware.com
[2011/04/05 18:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/04/05 18:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\SUPERAntiSpyware
[2011/04/05 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/04 23:43:11 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS.2\System32\drivers\6420597.sys
[2011/04/04 23:43:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS.2\System32\drivers\64205971.sys
[2011/04/04 23:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/04/04 22:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
[2011/03/30 21:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\VideoLAN
[2011/03/30 15:40:34 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS.2\System32\drivers\cpuz135_x32.sys
[2011/03/30 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\CPUID
[2011/03/30 15:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

========== Files - Modified Within 30 Days ==========

[2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/23 08:44:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS.2\bootstat.dat
[2011/04/22 10:53:50 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.scr.lnk
[2011/04/22 10:39:15 | 000,002,228 | ---- | M] () -- C:\WINDOWS.2\System32\wpa.dbl
[2011/04/12 16:01:20 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shutdown.lnk
[2011/04/12 15:39:38 | 000,188,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 15:38:59 | 000,000,444 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SEAGATE_2TB (H).lnk
[2011/04/12 14:11:20 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Avira AntiVir Control Center.lnk
[2011/04/12 13:54:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS.2\System32\CONFIG.NT
[2011/04/12 13:34:19 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2011/04/12 12:53:29 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2011/04/11 23:41:04 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\explorer.exe.lnk
[2011/04/07 21:25:10 | 000,000,331 | -HS- | M] () -- C:\boot.ini
[2011/04/07 08:37:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS.2\System32\drivers\etc\hosts
[2011/04/07 00:47:20 | 000,002,243 | ---- | M] () -- C:\WINDOWS.2\epplauncher.mif
[2011/04/06 09:22:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\ClamWin Antivirus.lnk
[2011/04/05 18:22:59 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/05 08:28:15 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Paint.lnk
[2011/04/04 07:40:27 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\control.exe.lnk
[2011/04/04 02:53:05 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to PandaCloudAntivirus.exe.lnk
[2011/04/04 01:36:25 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to uTorrent.exe.lnk
[2011/04/03 22:08:00 | 000,000,584 | -H-- | M] () -- C:\WINDOWS.2\tasks\DataUpload.job
[2011/04/02 10:08:03 | 000,000,620 | -H-- | M] () -- C:\WINDOWS.2\tasks\ConfigExec.job
[2011/03/30 21:57:36 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\VLC media player.lnk
[2011/03/30 21:05:28 | 000,495,276 | ---- | M] () -- C:\WINDOWS.2\System32\perfh009.dat
[2011/03/30 21:05:28 | 000,085,208 | ---- | M] () -- C:\WINDOWS.2\System32\perfc009.dat
[2011/03/30 15:50:58 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Recuva.lnk
[2011/03/30 15:40:39 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CPUID CPU-Z.lnk
[2011/03/29 15:13:11 | 000,000,839 | ---- | M] () -- C:\WINDOWS.2\LEXSTAT.INI
[2011/03/26 23:04:09 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\System32\mfplat.dll
[2011/03/26 22:45:23 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Disk Cleanup.lnk
[2011/03/25 12:27:12 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CCleaner.lnk
[2011/03/24 15:18:52 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 15:18:52 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/04/22 10:53:50 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.scr.lnk
[2011/04/13 14:54:14 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2011/04/13 09:53:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS.2\transp.gif
[2011/04/12 14:11:19 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Avira AntiVir Control Center.lnk
[2011/04/07 07:49:14 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2011/04/07 07:49:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/07 07:44:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS.2\PEV.exe
[2011/04/07 07:44:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS.2\sed.exe
[2011/04/07 07:44:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS.2\MBR.exe
[2011/04/07 07:44:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS.2\grep.exe
[2011/04/07 07:44:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS.2\zip.exe
[2011/04/07 00:47:20 | 000,002,243 | ---- | C] () -- C:\WINDOWS.2\epplauncher.mif
[2011/04/06 09:22:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\ClamWin Antivirus.lnk
[2011/04/05 18:22:59 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/05 08:28:15 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Paint.lnk
[2011/04/04 07:40:15 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\control.exe.lnk
[2011/04/04 02:53:05 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to PandaCloudAntivirus.exe.lnk
[2011/04/04 01:36:25 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to uTorrent.exe.lnk
[2011/04/04 01:19:09 | 000,001,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\explorer.exe.lnk
[2011/03/30 21:57:36 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\VLC media player.lnk
[2011/03/30 21:38:33 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Secunia PSI.lnk
[2011/03/30 15:40:39 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CPUID CPU-Z.lnk
[2011/03/24 15:18:52 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Mozilla Firefox.lnk
[2010/11/08 13:51:32 | 000,000,839 | ---- | C] () -- C:\WINDOWS.2\LEXSTAT.INI
[2010/11/06 22:15:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS.2\System32\secupd.dat
[2010/11/06 22:15:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS.2\System32\perfi009.dat
[2010/11/06 22:15:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS.2\System32\perfd009.dat
[2010/11/06 22:15:26 | 000,004,463 | ---- | C] () -- C:\WINDOWS.2\System32\oembios.dat
[2010/11/06 22:15:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS.2\System32\oembios.bin
[2010/11/06 22:15:01 | 000,673,088 | ---- | C] () -- C:\WINDOWS.2\System32\mlang.dat
[2010/11/06 22:15:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS.2\System32\mib.bin
[2010/11/06 22:13:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS.2\System32\dssec.dat
[2010/11/06 22:13:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS.2\System32\Dcache.bin
[2010/11/01 01:03:58 | 000,188,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 15:47:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS.2\nsreg.dat
[2010/10/31 14:11:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS.2\bootstat.dat
[2010/10/31 14:03:58 | 000,022,748 | ---- | C] () -- C:\WINDOWS.2\System32\emptyregdb.dat
[2010/10/31 04:24:01 | 000,004,249 | ---- | C] () -- C:\WINDOWS.2\ODBCINST.INI
[2010/10/31 04:22:34 | 000,138,848 | ---- | C] () -- C:\WINDOWS.2\System32\FNTCACHE.DAT
[2008/07/21 17:14:10 | 000,073,728 | R--- | C] () -- C:\WINDOWS.2\System32\RtNicProp32.dll
[2008/04/14 07:00:00 | 000,495,276 | ---- | C] () -- C:\WINDOWS.2\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS.2\System32\msjetol1.dll
[2008/04/14 07:00:00 | 000,085,208 | ---- | C] () -- C:\WINDOWS.2\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS.2\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users.WINDOWS.2\Application Data\TEMP:07BF512B

< End of report >

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 23 April 2011 - 06:09 PM

Well done George. The OTL.TXT is at the moment what we need most. :thumbup2:

I see a vital service and some important system files are missing. Before taking action I need another log. But since you can't copy and paste please try to be precise with typing.

Download Farbar Recovery Scan Tool from: http://download.bleepingcomputer.com/farbar/FRST.exe and save it to your desktop.
  • Run the tool.
  • When the tool opens click Yes to disclaimer.
  • Type the following in the edit box after "Search:".

    wuauserv.dll;hidserv.dll;rpcss.dll

    Note: The file names should be separated by semicolon (;)

    Click Search button and post the log it makes to your reply.


#7 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 23 April 2011 - 10:53 PM

Thanks again. I must report that the tool will not run on the infected machine. Upon double clicking on the .exe a small window opens with a 7 second countdown. When zero is reached another small window opens and reads, "The tool will close now. You need to run the tool once more" and the second window closes. I opened the Task Manager Processes and can see the exe start to work but after a few seconds stops and the both windows close. I have executed the file several times, same result. I even rebooted and no change.
FYI I ran the tool on another XP machine to see if the .exe was defective. I didn't proceed past the main opening window, but it loaded in split seconds and I assumed it would run fully as you described in you previous reply. It also was tested on a WIN7 machine and it loaded in seconds. The .exe file is fine.
Thanks for your kind attention,
George

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 24 April 2011 - 05:45 AM

Thanks George for your detailed feed back. We will take care of that. The missing system files and stopped services don't allow many tools to run properly but we will take care of that the next round.

  • Please delete your FRST.exe and download the latest update of Farbar Recovery Scan Tool and save it to your desktop.
    • Run the tool.
    • Click "Yes to disclaimer".
    • Type the following in the edit box after "Search:".

      rpcss.dll;wuauserv.dll;hidserv.dll;diskmgmt.msc
      Note: The file names should be separated by semicolon (;)

      Click Search button and post the log it makes to your reply.
    Note: Only in case the tool didn't run again proceed with the next step.

  • If the FRST.exe did not run again please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      :filefind
      rpcss.dll
      wuauserv.dll
      hidserv.dll
      diskmgmt.msc
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


#9 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 April 2011 - 09:41 AM

It's me again. The newwer FRST.EXE did the same as previous file. I DLed the Systemlook.exe an upon execution a window opened, plain white with two buttons, LOOK and EXIT. When I click on LOOK an error windows opens, stating "script required" and that's it. I tried to DL the files again to be sure they were OK and same result. Thanks again, I await your kind attention.
George

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 24 April 2011 - 10:26 AM

Please download the attached look.bat file. Run it, a black command windows opens, wait until it closes. There will be a result.txt file on the desktop. Please post it to your reply.

#11 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 April 2011 - 10:43 AM

Got it ! It ran ! Results are as follows:

Volume in drive C is WD_160
Volume Serial Number is 8CAE-6514

Directory of c:\WINDOWS.2\system32

11/05/2009 08:53 AM 401,408 rpcss.dll

Directory of c:\WINDOWS.2\system32

04/14/2008 07:00 AM 6,656 wuauserv.dll
2 File(s) 408,064 bytes

Directory of c:\WINDOWS.2\system32\dllcache

11/05/2009 08:53 AM 401,408 rpcss.dll

Directory of c:\WINDOWS.2\system32\dllcache

04/14/2008 07:00 AM 6,656 wuauserv.dll
2 File(s) 408,064 bytes

Directory of c:\WinDriver Ghost\All_Drivers_07-04-10\HID-compliant consumer control device

09/11/2010 01:34 AM 21,504 hidserv.dll
1 File(s) 21,504 bytes

Directory of c:\z Progr DL Storage\Win_Driver_Ghost\WinDriver Ghost 2.06 Build.1699\WinDriver Ghost\%SystemRoot%\INF

07/04/2010 09:37 PM 21,504 hidserv.dll
1 File(s) 21,504 bytes

Directory of c:\z Progr DL Storage\Win_Driver_Ghost\WinDriver Ghost 2.06 Build.1699\WinDriver Ghost\%SystemRoot%\Options\Cabs

07/04/2010 09:37 PM 21,504 hidserv.dll
1 File(s) 21,504 bytes

Total Files Listed:
7 File(s) 880,640 bytes
0 Dir(s) 78,136,111,104 bytes free

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 24 April 2011 - 11:08 AM

Well done. :thumbup2:

We are going to restore some vital services.

Please download fix.bat and ServicesFix.reg files.
Run fix.bat. It flashes for a second and closes. It is normal.
Then run ServicesFix.reg, click Yes and OK to the Registry Editor prompts.
Now reboot and tell me how the system is running.
Also please run OTL with the same setting as before and post the log(s).

#13 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 April 2011 - 01:47 PM

farbar:

I am not moved very often to speechless or wordless, but the past few minutes almost place me there. On a scale of 1 to 10 this is a 20.

As of the system reboot, I am pleased to report the following:

Sound
has been restored
Desktop items can be moved and re-arranged
Taskbar now works as the designers planned
Copy/Paste/Move also operates as they were designed
Search is functional
System Restore points are visible, but I didn't execute one. I am sure it works
Send to works
Malwarebytes and Avast could not be tested as they are uninstalled at this point. After your permission is granted, I will reinstall them and get rid of all the other ones cluttering my desktop
Network now operates as designed and permissions I gave in better days. I forgot to add this to the original list, but the network was one way. The troubled machine could log others on the net, but others would not log the eMachine

I see the WinDrivwerGhost was handy. I am grateful it was usable. I have used it's files in the past to restore drivers after reformat and reinstall on other systems.

What next Boss? I hesitate to reinstall or remove anything until you give me the OK.

I am amazed and thankful for your help, patience and knowledge to fix my problem.

One question I would like an answer to after we are finished here is: What happened and how can I prevent a recurrence of the situation? Or if necessary what I did wrong.
I await your reply,
George




OTL logfile created on: 4/23/2011 9:27:21 AM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.2 | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 72.78 Gb Free Space | 48.83% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/03/16 18:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/16 00:34:50 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/07/04 21:44:06 | 000,055,296 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.2\SOUNDMAN.EXE
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (All) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/03 14:48:34 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/03/03 14:36:41 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\6to4svc.dll -- (6to4)
SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/05 09:34:25 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2009/11/05 09:34:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\wudfsvc.dll -- (WudfSvc)
SRV - [2009/11/05 08:57:51 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/11/05 08:53:39 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/11/05 08:53:29 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\services.exe -- (PlugPlay)
SRV - [2009/11/05 08:53:29 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\services.exe -- (Eventlog)
SRV - [2009/11/05 08:53:23 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2009/11/05 08:53:14 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\es.dll -- (EventSystem)
SRV - [2009/11/05 08:52:58 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\advapi32.dll -- (Wmi)
SRV - [2009/10/09 17:23:10 | 001,107,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (PNRPSvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (p2psvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (p2pimsvc)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 07:00:00 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\netman.dll -- (Netman)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 07:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 07:00:00 | 000,175,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 07:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\rsvp.exe -- (RSVP)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 07:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 07:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 07:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 07:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 07:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\srvsvc.dll -- (LanmanServer)
SRV - [2008/04/14 07:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 07:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 07:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 07:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 07:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 07:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 07:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\sens.dll -- (SENS)
SRV - [2008/04/14 07:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 07:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\WINDOWS.2\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ups.exe -- (UPS)
SRV - [2008/04/14 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\alrsvc.dll -- (Alerter)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\snmptrap.exe -- (SNMPTRAP)
SRV - [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 07:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dllhost.exe -- (COMSysApp)
SRV - [2003/02/25 01:52:00 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Stopped] -- C:\WINDOWS.2\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS.2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/03 14:52:02 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS.2\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/09/11 01:39:49 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS.2\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/04 21:44:01 | 000,752,764 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2010/07/04 21:43:19 | 000,113,504 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2010/07/04 21:43:18 | 000,078,752 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2010/07/04 21:42:49 | 000,090,907 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\srv.sys -- (Srv)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 15:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/05 09:34:23 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\wudfrd.sys -- (WudfRd)
DRV - [2009/11/05 09:34:23 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\wudfpf.sys -- (WudfPf)
DRV - [2009/11/05 08:57:51 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\http.sys -- (HTTP)
DRV - [2009/11/05 08:57:51 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2009/11/05 08:57:51 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2009/11/05 08:57:51 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\aec.sys -- (aec)
DRV - [2009/11/05 08:57:51 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2009/11/05 08:57:51 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/11/05 08:57:51 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2009/11/05 08:57:51 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\parport.sys -- (Parport)
DRV - [2009/11/05 08:57:51 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2009/11/05 08:57:51 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\serial.sys -- (Serial)
DRV - [2009/11/05 08:57:51 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2009/11/05 08:57:51 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2009/11/05 08:57:51 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/11/05 08:57:51 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2009/11/05 08:57:51 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/11/05 08:57:51 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\imapi.sys -- (Imapi)
DRV - [2009/11/05 08:57:51 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2009/11/05 08:57:51 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/11/05 08:57:51 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2009/11/05 08:57:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/11/05 08:57:51 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\modem.sys -- (Modem)
DRV - [2009/11/05 08:57:51 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\fdc.sys -- (Fdc)
DRV - [2009/11/05 08:57:51 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2009/11/05 08:57:51 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2009/11/05 08:57:51 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2009/11/05 08:57:51 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2009/11/05 08:57:51 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\serenum.sys -- (serenum)
DRV - [2009/11/05 08:57:51 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/11/05 08:57:51 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\streamip.sys -- (streamip)
DRV - [2009/11/05 08:57:51 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2009/11/05 08:57:51 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\tunmp.sys -- (tunmp)
DRV - [2009/11/05 08:57:51 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS.2\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2009/11/05 08:57:51 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\slip.sys -- (SLIP)
DRV - [2009/11/05 08:57:51 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2009/11/05 08:57:51 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/11/05 08:57:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2009/11/05 08:57:51 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/11/05 08:57:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/11/05 08:57:51 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\swenum.sys -- (swenum)
DRV - [2009/11/05 08:57:51 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/11/05 08:57:16 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2009/11/05 08:57:16 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS.2\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2009/11/05 08:57:16 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2009/11/05 08:57:16 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2009/11/05 08:57:16 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2009/11/05 08:53:36 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/11/05 08:52:59 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\afd.sys -- (AFD)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\6420597.sys -- (setup_9.0.0.722_05.04.2011_06-38drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\64205971.sys -- (64205971)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/03/25 02:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/14 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS.2\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 07:00:00 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 07:00:00 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 07:00:00 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/14 07:00:00 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 07:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS.2\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 07:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 07:00:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2008/04/14 07:00:00 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS.2\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/14 07:00:00 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 07:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS.2\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/14 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 07:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS.2\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS.2\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 07:00:00 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 07:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/04/14 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2008/04/14 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 07:00:00 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 07:00:00 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS.2\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\raspti.sys -- (Raspti)
DRV - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2008/04/14 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 07:00:00 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/04/14 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS.2\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008/04/14 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS.2\System32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\beep.sys -- (Beep)
DRV - [2008/04/14 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\null.sys -- (Null)
DRV - [2008/04/14 04:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 02:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/14 02:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 02:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 00:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 23:16:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 23:16:26 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 23:16:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 23:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 23:09:52 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 23:09:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 23:02:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 17:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\an983.sys -- (AN983)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001/12/03 11:57:22 | 000,145,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ICAM3D2.SYS -- (ICAM3NT5) Intel®
DRV - [2001/10/24 20:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.2\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.2\system32\blank.htm
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS.2\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.61
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS.2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/07 12:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 15:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:18:42 | 000,000,000 | ---D | M]

[2010/10/31 15:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/31 15:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/13 14:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7f3cdv7.default\extensions
[2011/03/09 19:08:58 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7f3cdv7.default\extensions\optout@dubfire.net
[2011/03/24 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 15:18:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2010/11/07 12:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS.2\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/07 08:37:49 | 000,000,027 | ---- | M]) - C:\WINDOWS.2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.2\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1177238915-492894223-2147063517-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopiniCache = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS.2\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS.2\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS.2\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS.2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS.2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS.2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS.2\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS.2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.2\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.2\system32\userinit.exe) - C:\WINDOWS.2\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS.2\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS.2\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS.2\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS.2\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS.2\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS.2\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS.2\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS.2\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS.2\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS.2\System32\wgalogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS.2\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS.2\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS.2\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS.2\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS.2\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS.2\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS.2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS.2\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS.2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS.2\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS.2\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/31 14:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 09:26:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/22 17:05:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/13 09:55:27 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\SandBox.sys
[2011/04/13 09:55:17 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\afwcore.sys
[2011/04/13 09:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Agnitum
[2011/04/13 09:52:58 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\afw.sys
[2011/04/13 09:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/04/12 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Avira
[2011/04/12 14:10:52 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\ssmdrv.sys
[2011/04/12 14:10:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avipbb.sys
[2011/04/12 14:10:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntflt.sys
[2011/04/12 14:10:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntdd.sys
[2011/04/12 14:10:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntmgr.sys
[2011/04/12 14:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/12 14:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Avira
[2011/04/11 23:09:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/04/08 12:32:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/07 09:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS.2\temp
[2011/04/07 07:49:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/07 07:44:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWREG.exe
[2011/04/07 07:44:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS.2\NIRCMD.exe
[2011/04/07 07:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWXCACLS.exe
[2011/04/07 07:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWSC.exe
[2011/04/07 07:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS.2\ERDNT
[2011/04/07 07:44:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/07 07:43:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/06 11:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/06 11:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\AVAST Software
[2011/04/06 09:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.clamwin
[2011/04/06 09:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\ClamWin Antivirus
[2011/04/06 09:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2011/04/06 09:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\.clamwin
[2011/04/05 21:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MFAData
[2011/04/05 18:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\SUPERAntiSpyware.com
[2011/04/05 18:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/04/05 18:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\SUPERAntiSpyware
[2011/04/05 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/04 23:43:11 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS.2\System32\drivers\6420597.sys
[2011/04/04 23:43:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS.2\System32\drivers\64205971.sys
[2011/04/04 23:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool
[2011/04/04 22:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
[2011/03/30 21:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\VideoLAN
[2011/03/30 15:40:34 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS.2\System32\drivers\cpuz135_x32.sys
[2011/03/30 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\CPUID
[2011/03/30 15:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

========== Files - Modified Within 30 Days ==========

[2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/23 08:44:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS.2\bootstat.dat
[2011/04/22 10:53:50 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.scr.lnk
[2011/04/22 10:39:15 | 000,002,228 | ---- | M] () -- C:\WINDOWS.2\System32\wpa.dbl
[2011/04/12 16:01:20 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shutdown.lnk
[2011/04/12 15:39:38 | 000,188,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 15:38:59 | 000,000,444 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SEAGATE_2TB (H).lnk
[2011/04/12 14:11:20 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Avira AntiVir Control Center.lnk
[2011/04/12 13:54:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS.2\System32\CONFIG.NT
[2011/04/12 13:34:19 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2011/04/12 12:53:29 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2011/04/11 23:41:04 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\explorer.exe.lnk
[2011/04/07 21:25:10 | 000,000,331 | -HS- | M] () -- C:\boot.ini
[2011/04/07 08:37:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS.2\System32\drivers\etc\hosts
[2011/04/07 00:47:20 | 000,002,243 | ---- | M] () -- C:\WINDOWS.2\epplauncher.mif
[2011/04/06 09:22:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\ClamWin Antivirus.lnk
[2011/04/05 18:22:59 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/05 08:28:15 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Paint.lnk
[2011/04/04 07:40:27 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\control.exe.lnk
[2011/04/04 02:53:05 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to PandaCloudAntivirus.exe.lnk
[2011/04/04 01:36:25 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to uTorrent.exe.lnk
[2011/04/03 22:08:00 | 000,000,584 | -H-- | M] () -- C:\WINDOWS.2\tasks\DataUpload.job
[2011/04/02 10:08:03 | 000,000,620 | -H-- | M] () -- C:\WINDOWS.2\tasks\ConfigExec.job
[2011/03/30 21:57:36 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\VLC media player.lnk
[2011/03/30 21:05:28 | 000,495,276 | ---- | M] () -- C:\WINDOWS.2\System32\perfh009.dat
[2011/03/30 21:05:28 | 000,085,208 | ---- | M] () -- C:\WINDOWS.2\System32\perfc009.dat
[2011/03/30 15:50:58 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Recuva.lnk
[2011/03/30 15:40:39 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CPUID CPU-Z.lnk
[2011/03/29 15:13:11 | 000,000,839 | ---- | M] () -- C:\WINDOWS.2\LEXSTAT.INI
[2011/03/26 23:04:09 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\System32\mfplat.dll
[2011/03/26 22:45:23 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Disk Cleanup.lnk
[2011/03/25 12:27:12 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CCleaner.lnk
[2011/03/24 15:18:52 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 15:18:52 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/04/22 10:53:50 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to dds.scr.lnk
[2011/04/13 14:54:14 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2011/04/13 09:53:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS.2\transp.gif
[2011/04/12 14:11:19 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Avira AntiVir Control Center.lnk
[2011/04/07 07:49:14 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2011/04/07 07:49:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/07 07:44:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS.2\PEV.exe
[2011/04/07 07:44:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS.2\sed.exe
[2011/04/07 07:44:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS.2\MBR.exe
[2011/04/07 07:44:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS.2\grep.exe
[2011/04/07 07:44:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS.2\zip.exe
[2011/04/07 00:47:20 | 000,002,243 | ---- | C] () -- C:\WINDOWS.2\epplauncher.mif
[2011/04/06 09:22:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\ClamWin Antivirus.lnk
[2011/04/05 18:22:59 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/05 08:28:15 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Paint.lnk
[2011/04/04 07:40:15 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\control.exe.lnk
[2011/04/04 02:53:05 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to PandaCloudAntivirus.exe.lnk
[2011/04/04 01:36:25 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to uTorrent.exe.lnk
[2011/04/04 01:19:09 | 000,001,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\explorer.exe.lnk
[2011/03/30 21:57:36 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\VLC media player.lnk
[2011/03/30 21:38:33 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Secunia PSI.lnk
[2011/03/30 15:40:39 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CPUID CPU-Z.lnk
[2011/03/24 15:18:52 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Mozilla Firefox.lnk
[2010/11/08 13:51:32 | 000,000,839 | ---- | C] () -- C:\WINDOWS.2\LEXSTAT.INI
[2010/11/06 22:15:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS.2\System32\secupd.dat
[2010/11/06 22:15:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS.2\System32\perfi009.dat
[2010/11/06 22:15:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS.2\System32\perfd009.dat
[2010/11/06 22:15:26 | 000,004,463 | ---- | C] () -- C:\WINDOWS.2\System32\oembios.dat
[2010/11/06 22:15:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS.2\System32\oembios.bin
[2010/11/06 22:15:01 | 000,673,088 | ---- | C] () -- C:\WINDOWS.2\System32\mlang.dat
[2010/11/06 22:15:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS.2\System32\mib.bin
[2010/11/06 22:13:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS.2\System32\dssec.dat
[2010/11/06 22:13:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS.2\System32\Dcache.bin
[2010/11/01 01:03:58 | 000,188,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 15:47:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS.2\nsreg.dat
[2010/10/31 14:11:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS.2\bootstat.dat
[2010/10/31 14:03:58 | 000,022,748 | ---- | C] () -- C:\WINDOWS.2\System32\emptyregdb.dat
[2010/10/31 04:24:01 | 000,004,249 | ---- | C] () -- C:\WINDOWS.2\ODBCINST.INI
[2010/10/31 04:22:34 | 000,138,848 | ---- | C] () -- C:\WINDOWS.2\System32\FNTCACHE.DAT
[2008/07/21 17:14:10 | 000,073,728 | R--- | C] () -- C:\WINDOWS.2\System32\RtNicProp32.dll
[2008/04/14 07:00:00 | 000,495,276 | ---- | C] () -- C:\WINDOWS.2\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS.2\System32\msjetol1.dll
[2008/04/14 07:00:00 | 000,085,208 | ---- | C] () -- C:\WINDOWS.2\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS.2\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users.WINDOWS.2\Application Data\TEMP:07BF512B

< End of report >

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 24 April 2011 - 02:46 PM

Great. :thumbsup:

We will come back to your question and also installing Malwarebytes.

The OTL log that is posted is the same old log. You may remove all the old logs from your desktop, run OTL again with the following setting:
Check Scan all Users.
set Services, Drivers, Standard Registry and Extra Registry to All.
Click Run Scan it will make two logs, please post both of them.

#15 George1947

George1947
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 April 2011 - 03:55 PM

As requested:


OTL logfile created on: 4/24/2011 4:05:51 PM - Run 4

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.2 | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 73.01 Gb Free Space | 48.98% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 22:22:33 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/16 00:34:50 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/07/04 21:44:06 | 000,055,296 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.2\SOUNDMAN.EXE
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (All) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/03 14:48:34 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/03/03 14:36:41 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/11 01:34:41 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\hidserv.dll -- (HidServ)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\6to4svc.dll -- (6to4)
SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/05 09:34:25 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2009/11/05 09:34:23 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\wudfsvc.dll -- (WudfSvc)
SRV - [2009/11/05 08:57:51 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/11/05 08:53:39 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/11/05 08:53:29 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/11/05 08:53:29 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\services.exe -- (PlugPlay)
SRV - [2009/11/05 08:53:29 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\services.exe -- (Eventlog)
SRV - [2009/11/05 08:53:23 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2009/11/05 08:53:14 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\es.dll -- (EventSystem)
SRV - [2009/11/05 08:52:58 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\advapi32.dll -- (Wmi)
SRV - [2009/10/09 17:23:10 | 001,107,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS.2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (PNRPSvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (p2psvc)
SRV - [2008/04/14 07:00:00 | 000,554,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2psvc.dll -- (p2pimsvc)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 07:00:00 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\netman.dll -- (Netman)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 07:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 07:00:00 | 000,175,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 07:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 07:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\rsvp.exe -- (RSVP)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 07:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 07:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 07:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 07:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 07:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\srvsvc.dll -- (LanmanServer)
SRV - [2008/04/14 07:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 07:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 07:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 07:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 07:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 07:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 07:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS.2\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\sens.dll -- (SENS)
SRV - [2008/04/14 07:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 07:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS.2\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\ups.exe -- (UPS)
SRV - [2008/04/14 07:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS.2\system32\alrsvc.dll -- (Alerter)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS.2\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\snmptrap.exe -- (SNMPTRAP)
SRV - [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 07:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS.2\System32\dllhost.exe -- (COMSysApp)
SRV - [2003/02/25 01:52:00 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS.2\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS.2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS.2\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/04 21:44:01 | 000,752,764 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 15:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS.2\system32\drivers\6420597.sys -- (setup_9.0.0.722_05.04.2011_06-38drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\64205971.sys -- (64205971)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS.2\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/03/25 02:29:52 | 000,130,432 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.2\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 17:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\an983.sys -- (AN983)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS.2\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001/12/03 11:57:22 | 000,145,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\ICAM3D2.SYS -- (ICAM3NT5) Intel®
DRV - [2001/10/24 20:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.2\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.2\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.2\system32\blank.htm
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS.2\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1177238915-492894223-2147063517-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.61
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS.2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/11/07 12:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 15:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 15:18:42 | 000,000,000 | ---D | M]

[2010/10/31 15:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/31 15:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/23 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7f3cdv7.default\extensions
[2011/04/23 22:29:19 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r7f3cdv7.default\extensions\optout@dubfire.net
[2011/03/24 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 15:18:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R7F3CDV7.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2010/11/07 12:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS.2\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/07 08:37:49 | 000,000,027 | ---- | M]) - C:\WINDOWS.2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.2\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1177238915-492894223-2147063517-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [IE8] C:\WINDOWS.2\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopiniCache = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS.2\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS.2\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS.2\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS.2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS.2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS.2\system32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS.2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS.2\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS.2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.2\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.2\system32\userinit.exe) - C:\WINDOWS.2\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS.2\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS.2\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS.2\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS.2\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS.2\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS.2\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS.2\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS.2\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS.2\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS.2\System32\wgalogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS.2\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS.2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS.2\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS.2\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.2\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS.2\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS.2\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS.2\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS.2\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS.2\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS.2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS.2\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS.2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS.2\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS.2\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/31 14:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/24 16:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HoldForDelete
[2011/04/24 15:15:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/23 09:26:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/13 09:55:27 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\SandBox.sys
[2011/04/13 09:55:17 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\afwcore.sys
[2011/04/13 09:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Agnitum
[2011/04/13 09:52:58 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS.2\System32\drivers\afw.sys
[2011/04/13 09:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/04/12 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Avira
[2011/04/12 14:10:52 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\ssmdrv.sys
[2011/04/12 14:10:48 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avipbb.sys
[2011/04/12 14:10:48 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntflt.sys
[2011/04/12 14:10:48 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntdd.sys
[2011/04/12 14:10:48 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS.2\System32\drivers\avgntmgr.sys
[2011/04/12 14:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/12 14:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Avira
[2011/04/08 12:32:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/07 09:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS.2\temp
[2011/04/07 07:49:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/07 07:44:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWREG.exe
[2011/04/07 07:44:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS.2\NIRCMD.exe
[2011/04/07 07:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWXCACLS.exe
[2011/04/07 07:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS.2\SWSC.exe
[2011/04/07 07:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS.2\ERDNT
[2011/04/07 07:44:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/07 07:43:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/06 11:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/06 11:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\AVAST Software
[2011/04/06 09:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.clamwin
[2011/04/06 09:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\ClamWin Antivirus
[2011/04/06 09:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2011/04/06 09:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\.clamwin
[2011/04/05 21:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MFAData
[2011/04/05 18:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\SUPERAntiSpyware.com
[2011/04/05 18:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/04/05 18:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\SUPERAntiSpyware
[2011/04/05 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/04 23:43:11 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS.2\System32\drivers\6420597.sys
[2011/04/04 23:43:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS.2\System32\drivers\64205971.sys
[2011/04/04 22:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
[2011/03/30 21:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\VideoLAN
[2011/03/30 15:40:34 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS.2\System32\drivers\cpuz135_x32.sys
[2011/03/30 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\CPUID
[2011/03/30 15:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

========== Files - Modified Within 30 Days ==========

[2011/04/24 15:24:37 | 000,495,276 | ---- | M] () -- C:\WINDOWS.2\System32\perfh009.dat
[2011/04/24 15:24:37 | 000,085,208 | ---- | M] () -- C:\WINDOWS.2\System32\perfc009.dat
[2011/04/24 15:20:48 | 000,000,620 | -H-- | M] () -- C:\WINDOWS.2\tasks\ConfigExec.job
[2011/04/24 15:19:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS.2\bootstat.dat
[2011/04/24 15:11:47 | 000,000,444 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to SEAGATE_2TB (H).lnk
[2011/04/24 14:08:00 | 000,000,584 | -H-- | M] () -- C:\WINDOWS.2\tasks\DataUpload.job
[2011/04/23 09:26:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/22 10:39:15 | 000,002,228 | ---- | M] () -- C:\WINDOWS.2\System32\wpa.dbl
[2011/04/12 16:01:20 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shutdown.lnk
[2011/04/12 15:39:38 | 000,188,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/12 14:11:20 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Avira AntiVir Control Center.lnk
[2011/04/12 13:54:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS.2\System32\CONFIG.NT
[2011/04/12 13:34:19 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2011/04/12 12:53:29 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2011/04/07 21:25:10 | 000,000,331 | -HS- | M] () -- C:\boot.ini
[2011/04/07 08:37:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS.2\System32\drivers\etc\hosts
[2011/04/07 00:47:20 | 000,002,243 | ---- | M] () -- C:\WINDOWS.2\epplauncher.mif
[2011/04/06 09:22:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\ClamWin Antivirus.lnk
[2011/04/05 18:22:59 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/05 08:28:15 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Paint.lnk
[2011/04/04 02:53:05 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to PandaCloudAntivirus.exe.lnk
[2011/04/04 01:36:25 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to uTorrent.exe.lnk
[2011/03/30 21:57:36 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\VLC media player.lnk
[2011/03/30 15:50:58 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Recuva.lnk
[2011/03/30 15:40:39 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CPUID CPU-Z.lnk
[2011/03/29 15:13:11 | 000,000,839 | ---- | M] () -- C:\WINDOWS.2\LEXSTAT.INI
[2011/03/26 23:04:09 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.2\System32\mfplat.dll
[2011/03/26 22:45:23 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Disk Cleanup.lnk

========== Files Created - No Company Name ==========

[2011/04/13 09:53:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS.2\transp.gif
[2011/04/12 14:11:19 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\Avira AntiVir Control Center.lnk
[2011/04/07 07:49:14 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2011/04/07 07:49:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/07 07:44:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS.2\PEV.exe
[2011/04/07 07:44:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS.2\sed.exe
[2011/04/07 07:44:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS.2\MBR.exe
[2011/04/07 07:44:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS.2\grep.exe
[2011/04/07 07:44:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS.2\zip.exe
[2011/04/07 00:47:20 | 000,002,243 | ---- | C] () -- C:\WINDOWS.2\epplauncher.mif
[2011/04/06 09:22:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\ClamWin Antivirus.lnk
[2011/04/05 18:22:59 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\SUPERAntiSpyware Professional.lnk
[2011/04/05 08:28:15 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Paint.lnk
[2011/04/04 02:53:05 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to PandaCloudAntivirus.exe.lnk
[2011/04/04 01:36:25 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to uTorrent.exe.lnk
[2011/03/30 21:57:36 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\VLC media player.lnk
[2011/03/30 21:38:33 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Start Menu\Programs\Secunia PSI.lnk
[2011/03/30 15:40:39 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.2\Desktop\CPUID CPU-Z.lnk
[2010/11/08 13:51:32 | 000,000,839 | ---- | C] () -- C:\WINDOWS.2\LEXSTAT.INI
[2010/11/06 22:15:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS.2\System32\secupd.dat
[2010/11/06 22:15:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS.2\System32\perfi009.dat
[2010/11/06 22:15:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS.2\System32\perfd009.dat
[2010/11/06 22:15:26 | 000,004,463 | ---- | C] () -- C:\WINDOWS.2\System32\oembios.dat
[2010/11/06 22:15:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS.2\System32\oembios.bin
[2010/11/06 22:15:01 | 000,673,088 | ---- | C] () -- C:\WINDOWS.2\System32\mlang.dat
[2010/11/06 22:15:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS.2\System32\mib.bin
[2010/11/06 22:13:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS.2\System32\dssec.dat
[2010/11/06 22:13:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS.2\System32\Dcache.bin
[2010/11/01 01:03:58 | 000,188,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 15:47:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS.2\nsreg.dat
[2010/10/31 14:11:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS.2\bootstat.dat
[2010/10/31 14:03:58 | 000,022,748 | ---- | C] () -- C:\WINDOWS.2\System32\emptyregdb.dat
[2010/10/31 04:24:01 | 000,004,249 | ---- | C] () -- C:\WINDOWS.2\ODBCINST.INI
[2010/10/31 04:22:34 | 000,138,848 | ---- | C] () -- C:\WINDOWS.2\System32\FNTCACHE.DAT
[2008/07/21 17:14:10 | 000,073,728 | R--- | C] () -- C:\WINDOWS.2\System32\RtNicProp32.dll
[2008/04/14 07:00:00 | 000,495,276 | ---- | C] () -- C:\WINDOWS.2\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS.2\System32\msjetol1.dll
[2008/04/14 07:00:00 | 000,085,208 | ---- | C] () -- C:\WINDOWS.2\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS.2\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users.WINDOWS.2\Application Data\TEMP:07BF512B

< End of report >



OTL Extras logfile created on: 4/24/2011 4:05:51 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.2 | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 73.01 Gb Free Space | 48.98% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS.2\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS.2\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS.2\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS.2\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS.2\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS.2\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS.2\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS.2\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS.2\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS.2\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS.2\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS.2\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS.2\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1177238915-492894223-2147063517-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS.2\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS.2\system32\rundll32.exe" "C:\WINDOWS.2\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1" = Index.dat Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Defraggler" = Defraggler
"IE8" = Sereby's Updatepack - IE8 Addon Version 1.0.7
"Lexmark Z600 Series" = Lexmark Z600 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Office14.WORD" = Microsoft Word 2010
"Product Key Explorer_is1" = Product Key Explorer 2.3.5
"Recuva" = Recuva
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Speccy" = Speccy
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"WinImage" = WinImage
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2011 6:57:18 PM | Computer Name = EMACHINE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800706ba.

Error - 4/7/2011 8:10:02 PM | Computer Name = EMACHINE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800706ba.

Error - 4/7/2011 8:29:17 PM | Computer Name = EMACHINE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800706ba.

Error - 4/12/2011 2:23:17 PM | Computer Name = EMACHINE | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x800706ba.

Error - 4/12/2011 2:49:59 PM | Computer Name = EMACHINE | Source = MBAMService | ID = 131073
Description =

Error - 4/12/2011 2:50:25 PM | Computer Name = EMACHINE | Source = MBAMService | ID = 131073
Description =

Error - 4/24/2011 1:39:03 PM | Computer Name = EMACHINE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x800706BA .

Error - 4/24/2011 1:40:09 PM | Computer Name = EMACHINE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x800706BA .

Error - 4/24/2011 3:19:51 PM | Computer Name = EMACHINE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x800706BA .

Error - 4/24/2011 3:20:34 PM | Computer Name = EMACHINE | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x800706BA .

[ System Events ]
Error - 4/11/2011 11:14:37 PM | Computer Name = EMACHINE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 4/13/2011 2:56:24 PM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/13/2011 3:07:31 PM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/13/2011 3:11:03 PM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/22/2011 11:04:15 AM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/22/2011 12:21:10 PM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/22/2011 1:14:26 PM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/22/2011 1:14:41 PM | Computer Name = EMACHINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/24/2011 1:39:43 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/24/2011 3:20:14 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users