Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan - or some other malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 haden

haden

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 13 October 2011 - 12:28 PM

Yes indeed, I do have some kind of Trojan or other type of malware and am having a problem getting rid of it.
The indication is that I'm redirected to a shopping page any time I do a Google search in Firefox. Beyond that, for a time I couldn't run an antivirus program (it would start up and then just die) or even log into my account in safe mode (no password keystrokes showing).

What I've done so far is:

* disabled System Restore.
* rebooted into safe mode and run MalwareBytes (it reported and removed 15 different infections).

The hijacking hasn't completely ended, however. I'm including and attaching the log file created by Hijackthis and hoping that I'll get some feedback on which files/registry keys etc I should delete.

Thanks in advance for any advice on this!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:34 PM, on 10/13/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2012\avgdiagex.exe
E:\download\jacqueline.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKUS\S-1-5-19\..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ACDPhotoEditor Update] C:\Documents and Settings\Haden\Local Settings\Application Data\ACDPhotoEditor\ACDPhotoEditorUpdate\ACDPhotoEditorupdt32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE829B44-0F20-480F-BAB0-581E2E48D878}: NameServer = 68.237.161.12,71.243.0.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11377 bytes

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 16 October 2011 - 09:09 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 17 October 2011 - 01:22 PM

Hey Shannon,

Thank for getting back to me. What I've done since my first post is to run a few different AV programs. I did this because after running the first one (believe it was MalwareBytes - it reported/fixed something like 16 trojans), my browser was still being hijacked. So I've now used AVG, Ad-Aware, ESET as well as a couple root kit removers. The last two scans, performed yesterday, didn't show any infections and I'm running another one right now. However, I'm no expert on this, so I'd appreciate your help.

Below are the 3 reports you requested: the 2 OTL reports, followed by the RKU report.
Thanks so much for looking into this!

Haden

OTL logfile created on: 10/17/2011 11:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\amonia
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 435.22 Mb Available Physical Memory | 42.54% Memory free
3.15 Gb Paging File | 2.74 Gb Available in Paging File | 87.10% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 34.26 Gb Free Space | 46.02% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 48.29 Gb Free Space | 32.40% Space Free | Partition Type: NTFS
Drive G: | 1005.88 Mb Total Space | 942.91 Mb Free Space | 93.74% Space Free | Partition Type: FAT

Computer Name: HADENSCOMPUTER | User Name: Haden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 19:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\amonia\OTL.exe
PRC - [2011/10/13 12:33:39 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/09/02 10:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 10:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/25 18:53:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2005/02/16 17:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 12:33:39 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2006/06/22 14:39:14 | 000,049,152 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\wshosts.dll
MOD - [2006/06/22 14:38:16 | 000,073,728 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\wsfirscr.dll
MOD - [2006/06/22 14:38:08 | 000,311,296 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\ipspgp.dll
MOD - [2006/06/22 14:37:32 | 000,163,840 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\wsftplib.dll
MOD - [2005/08/11 16:26:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SYSTEM32\itechmonXP.dll
MOD - [2005/01/25 03:18:58 | 000,139,264 | ---- | M] () -- C:\WINDOWS\SYSTEM32\hde.dll
MOD - [2003/05/15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002/06/01 05:21:54 | 000,312,832 | ---- | M] () -- C:\Program Files\eSite Media\yEnc32\yEnc32Shell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (I81xadvtrtsa)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/14 16:32:53 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 17:40:29 | 000,246,600 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/11 17:34:07 | 001,872,320 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/02 10:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/25 18:53:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2008/05/21 10:41:37 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/04/13 11:39:30 | 000,038,912 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm_act) VoSKY CC (WDM)
DRV - [2007/04/10 13:36:36 | 000,062,794 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\jl2005c.sys -- (JL2005C)
DRV - [2005/09/19 11:05:00 | 000,309,632 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/09/19 11:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/09/19 11:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/19 11:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/05/15 10:30:16 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/09/23 18:16:57 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys -- (hardlock)
DRV - [2004/09/23 18:16:57 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/21 17:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys -- (MarvinBus)
DRV - [2003/09/26 03:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/11/07 09:49:42 | 000,012,661 | ---- | M] (SonicBlue Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RioS35.sys -- (RioS35)
DRV - [2002/03/19 11:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 12:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2001/06/22 06:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar_bak = http://websearch.drsnsrch.com/sidesearch.cgi?id=
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://crackspider.net/ie/assist.php
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Haden\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/12 17:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Mozilla\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/13 22:22:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Mozilla\Components

[2009/03/15 13:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Extensions
[2009/03/15 13:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2011/10/13 13:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions
[2011/10/13 21:18:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}
[2011/10/13 21:18:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}
[2011/07/18 14:42:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/06 10:40:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 08:42:27 | 000,000,000 | ---D | M] (EmailTheWeb.com) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c}
[2010/10/15 12:53:34 | 000,000,000 | ---D | M] (Operator) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
[2011/10/13 21:18:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}
[2009/10/05 08:42:30 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/24 15:19:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/10/12 17:40:43 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\avg@toolbar
[2008/03/03 19:03:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\moveplayer@movenetworks.com
[2011/10/13 13:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/10/07 21:07:44 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2005/04/27 17:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2003/06/26 21:21:12 | 000,196,608 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DXDllRegExe] dxdllreg.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe File not found
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [ACDPhotoEditor Update] C:\Documents and Settings\Haden\Local Settings\Application Data\ACDPhotoEditor\ACDPhotoEditorUpdate\ACDPhotoEditorupdt32.exe File not found
O4 - HKU\S-1-5-19..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe File not found
O4 - HKU\S-1-5-20..\Run: [ACDPhotoEditor Update] C:\Documents and Settings\Haden\Local Settings\Application Data\ACDPhotoEditor\ACDPhotoEditorUpdate\ACDPhotoEditorupdt32.exe File not found
O4 - HKU\S-1-5-20..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe File not found
O4 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007..\Run: [ACDPhotoEditor Update] C:\Documents and Settings\Haden\Local Settings\Application Data\ACDPhotoEditor\ACDPhotoEditorUpdate\ACDPhotoEditorupdt32.exe File not found
O4 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007..\Run: [Flickr Update] C:\Documents and Settings\Haden\Local Settings\Application Data\Flickr\FlickrUpdate\Flickrupdt32.exe File not found
O4 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007..\Run: [FWBootup] C:\Program Files\VoSKY Call Center\USBDRAM.exe (Actiontec Electronics Inc.)
O4 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} Reg Error: Value error. (Scanner.SysScanner)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.6008680556 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Value error.)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab (Yahoo! Toolbar)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{766BF9B8-F84B-46AB-B7B8-12EC9FE27E25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE829B44-0F20-480F-BAB0-581E2E48D878}: NameServer = 68.237.161.12,71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Haden\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Haden\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - blank File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 16:33:49 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/14 16:21:20 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/14 16:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/10/14 12:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\SUPERAntiSpyware.com
[2011/10/13 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/13 14:10:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Haden\Desktop\dds.scr
[2011/10/13 12:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/13 11:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/13 11:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/13 11:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/13 11:30:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/13 10:17:11 | 000,000,000 | ---D | C] -- C:\amonia
[2011/10/12 22:19:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of taskmgr.exe
[2011/10/12 22:17:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (2) of taskmgr.exe
[2011/10/12 22:16:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of taskmgr.exe
[2011/10/12 21:52:27 | 000,000,000 | ---D | C] -- C:\rsit
[2011/10/12 21:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/12 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\AVG2012
[2011/10/12 17:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/12 17:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\AVG Secure Search
[2011/10/12 17:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/12 17:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/12 17:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/10/12 16:57:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/10/12 16:48:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/12 16:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/12 16:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\Simply Super Software
[2011/10/12 15:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011/10/12 15:55:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011/10/12 15:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/10/12 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/10/12 13:29:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/12 12:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/12 12:53:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/12 12:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/11 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/11 17:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\My Documents\Simply Super Software
[2011/10/11 17:37:24 | 011,779,704 | ---- | C] (Simply Super Software ) -- C:\trjsetup682.exe
[2011/10/11 16:45:48 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/10/11 14:10:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\firefox.exe
[2011/10/11 12:58:22 | 000,000,000 | ---D | C] -- C:\sysinternals
[2011/10/11 12:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/05 12:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011/10/03 10:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/29 18:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 18:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2004/12/14 15:04:29 | 000,036,963 | ---- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Haden\*.tmp files -> C:\Documents and Settings\Haden\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/17 11:39:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5e5533d-00da-4b08-bb93-24e94a9181f8.job
[2011/10/17 10:50:00 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/17 10:32:57 | 000,458,320 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/17 10:32:57 | 000,097,246 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/17 10:27:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/17 10:24:49 | 106,758,884 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/17 10:24:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/10/16 14:20:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/14 16:33:36 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/14 16:33:28 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/14 16:21:27 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/10/14 16:17:24 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8a31c8c6-59e2-4580-b7f1-548c0a51db36.job
[2011/10/14 13:32:11 | 000,001,192 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/10/13 18:33:13 | 000,000,436 | ---- | M] () -- C:\FILES00
[2011/10/13 18:33:13 | 000,000,000 | ---- | M] () -- C:\temp00
[2011/10/13 18:33:13 | 000,000,000 | ---- | M] () -- C:\f3m0.dat
[2011/10/13 18:33:13 | 000,000,000 | ---- | M] () -- C:\Created00
[2011/10/13 18:33:12 | 000,000,000 | ---- | M] () -- C:\WhiteDir
[2011/10/13 13:49:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Haden\Desktop\dds.scr
[2011/10/13 11:39:19 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/10/13 11:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2822197643
[2011/10/13 10:32:13 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Haden\Desktop\iexplore2.exe.lnk
[2011/10/12 21:26:22 | 000,781,383 | ---- | M] () -- C:\RSIT.exe
[2011/10/12 18:39:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/12 16:35:44 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 13:49:45 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/12 13:34:22 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\housecall.guid.cache
[2011/10/11 17:45:23 | 805,306,368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/10/11 13:24:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\firefox.exe
[2011/10/03 18:49:26 | 011,779,704 | ---- | M] (Simply Super Software ) -- C:\trjsetup682.exe
[2011/10/03 11:06:47 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\ff6bd702
[2011/10/03 11:06:12 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\1fb628fd
[2011/09/29 18:10:44 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\7713d802
[2011/09/29 15:12:55 | 000,008,154 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\0813a0f8
[2011/09/26 14:56:16 | 000,001,120 | ---- | M] () -- C:\WINDOWS\System32\index.xml
[2011/09/26 14:56:16 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/09/21 15:45:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Haden\My Documents\PDVD_MediaDisc.PlayList
[2011/09/21 11:52:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Haden\*.tmp files -> C:\Documents and Settings\Haden\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/17 10:24:49 | 106,758,884 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/17 10:24:16 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/10/14 22:37:38 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/14 16:21:27 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/10/14 14:02:58 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8a31c8c6-59e2-4580-b7f1-548c0a51db36.job
[2011/10/13 14:15:31 | 000,000,000 | ---- | C] () -- C:\f3m0.dat
[2011/10/13 14:15:30 | 000,000,000 | ---- | C] () -- C:\temp00
[2011/10/13 14:15:29 | 000,000,436 | ---- | C] () -- C:\FILES00
[2011/10/13 14:15:29 | 000,000,000 | ---- | C] () -- C:\WhiteDir
[2011/10/13 14:15:29 | 000,000,000 | ---- | C] () -- C:\Created00
[2011/10/13 14:10:25 | 000,302,592 | ---- | C] () -- C:\iexplore.exe
[2011/10/13 11:39:39 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5e5533d-00da-4b08-bb93-24e94a9181f8.job
[2011/10/13 11:39:19 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/10/13 10:28:14 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Haden\Desktop\iexplore2.exe.lnk
[2011/10/12 21:51:49 | 000,781,383 | ---- | C] () -- C:\RSIT.exe
[2011/10/12 15:55:49 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/10/12 15:55:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/10/12 15:55:48 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/10/12 13:49:12 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/12 13:34:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\housecall.guid.cache
[2011/09/29 18:58:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/29 15:32:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2822197643
[2011/09/26 10:58:30 | 000,008,154 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\0813a0f8
[2011/09/21 16:42:57 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\7713d802
[2011/09/21 15:52:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\1fb628fd
[2011/09/21 14:10:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\ff6bd702
[2011/03/03 18:44:10 | 000,000,575 | ---- | C] () -- C:\WINDOWS\BADMOJO.INI
[2011/03/01 18:50:17 | 000,000,076 | ---- | C] () -- C:\WINDOWS\eregreg.ini
[2011/03/01 18:49:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IFORCE.DLL
[2010/10/07 09:22:32 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/09/19 20:29:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 17:22:03 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2010/04/30 17:22:03 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2010/02/12 21:27:02 | 001,004,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/25 14:45:38 | 000,000,170 | ---- | C] () -- C:\WINDOWS\System32\kbiwkmlog.dat
[2009/05/29 09:39:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\PUTTY.RND
[2009/01/24 13:50:46 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/25 14:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/05/26 17:59:29 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/21 10:32:57 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/05/21 10:32:57 | 000,029,188 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/04/15 13:51:06 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\AutoGK.ini
[2008/04/15 13:46:38 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/04/08 13:54:32 | 000,007,966 | ---- | C] () -- C:\WINDOWS\TNT_BMNC.EXE
[2008/02/29 13:51:49 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/02/18 16:22:02 | 000,001,099 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/02/18 16:14:00 | 000,001,238 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2008/02/09 15:11:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\hde.dll
[2008/02/03 14:06:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/12/06 18:56:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/10/22 11:24:23 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/24 11:34:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/25 09:24:28 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/27 11:03:45 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/18 21:29:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/22 13:58:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/17 12:24:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/11/05 13:41:06 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/27 17:47:42 | 000,009,317 | ---- | C] () -- C:\WINDOWS\Froggersetup.ini
[2006/03/22 16:56:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/03/22 10:54:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\PLAY-DOH.INI
[2006/03/02 22:42:50 | 000,000,629 | ---- | C] () -- C:\WINDOWS\tlknw6.ini
[2006/02/22 15:50:04 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/02/20 01:01:38 | 000,002,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/18 23:37:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MksRegEdit.INI
[2006/02/18 21:22:14 | 000,000,872 | ---- | C] () -- C:\WINDOWS\rprtvwr.ini
[2006/02/13 22:48:49 | 000,000,733 | ---- | C] () -- C:\WINDOWS\wldtlk5.ini
[2006/02/13 22:33:47 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2006/02/12 13:31:29 | 000,001,097 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2006/02/08 16:53:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\itechmonXP.dll
[2006/01/31 16:18:29 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2006/01/31 16:16:54 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\RepUtil.DLL
[2006/01/31 15:49:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/01/26 17:35:24 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2006/01/25 13:52:08 | 000,000,190 | ---- | C] () -- C:\WINDOWS\Qtw.ini
[2006/01/12 15:16:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\SC2K4WIN.INI
[2005/11/22 14:50:18 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\rx_audio.Cache
[2005/11/22 14:48:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\rx_image.Cache
[2005/10/11 12:50:28 | 000,000,076 | ---- | C] () -- C:\WINDOWS\gifcon.ini
[2005/08/29 18:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/14 10:56:25 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/06/21 15:57:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/30 21:57:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/05/13 15:09:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\dm.ini
[2005/04/21 22:48:13 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2005/04/21 22:47:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/04/16 15:54:09 | 000,000,357 | ---- | C] () -- C:\WINDOWS\farmmext (1).ini
[2005/04/08 15:21:00 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2005/04/04 21:27:59 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\msdrvn.drv
[2005/04/02 23:11:59 | 000,065,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2005/03/27 14:50:19 | 000,018,944 | ---- | C] () -- C:\WINDOWS\eraser.exe
[2005/03/26 18:05:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/03/24 23:44:20 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2005/03/24 23:44:19 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2005/03/24 23:43:50 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2005/03/24 23:43:50 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2005/03/24 23:43:46 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/01/21 13:45:23 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/01/20 19:16:29 | 000,008,018 | ---- | C] () -- C:\WINDOWS\7thLevel.ini
[2005/01/11 12:10:32 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/12/23 13:11:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\imageCache7.db
[2004/11/20 15:34:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/20 15:34:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/20 15:34:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/20 15:34:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/20 15:34:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/20 15:34:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/11 20:59:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/08 14:22:23 | 000,004,271 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2004/09/23 18:16:57 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2004/09/23 18:16:50 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2004/09/08 19:04:54 | 000,000,646 | ---- | C] () -- C:\WINDOWS\NETG.INI
[2004/09/06 11:22:46 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2004/08/10 22:29:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BFFGHLMQ.ini
[2004/08/03 21:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 21:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 21:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 21:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 21:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 21:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 21:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 21:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 21:07:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/21 16:12:25 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Haden.ini
[2004/07/08 22:49:33 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/05/29 23:52:24 | 000,000,476 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/16 21:39:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/05/12 21:53:30 | 000,105,168 | ---- | C] () -- C:\WINDOWS\MozillaUninstall.exe
[2004/05/12 21:53:24 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/05/12 21:53:23 | 000,016,116 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/10 23:18:18 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/02 17:16:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/05/02 16:28:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/01 23:28:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/04/27 22:00:33 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\PFP110JPR.{PB
[2004/04/27 22:00:33 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\PFP110JCM.{PB
[2004/04/16 22:07:10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\fusioncache.dat
[2004/04/09 19:31:22 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/01 21:20:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/01 21:14:07 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/01 21:11:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/01 20:59:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/04/01 20:57:30 | 000,458,320 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/04/01 20:57:30 | 000,097,246 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/04/01 20:45:18 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/22 19:00:48 | 001,594,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/22 18:59:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/22 18:58:10 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/01/05 03:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1996/11/17 02:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\whiteHat2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\whiteHat.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\MrChubby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\harmonica2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\harmonica1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\gymboree.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\GandD.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\Exiting.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\broom2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\bromm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\Bday1.jpg:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

OTL Extras logfile created on: 10/17/2011 11:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\amonia
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 435.22 Mb Available Physical Memory | 42.54% Memory free
3.15 Gb Paging File | 2.74 Gb Available in Paging File | 87.10% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 34.26 Gb Free Space | 46.02% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 48.29 Gb Free Space | 32.40% Space Free | Partition Type: NTFS
Drive G: | 1005.88 Mb Total Space | 942.91 Mb Free Space | 93.74% Space Free | Partition Type: FAT

Computer Name: HADENSCOMPUTER | User Name: Haden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = jsfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [open_e_project] -- "C:\Program Files\e\e.exe" "%1" ()
Directory [PFrank] -- "C:\Program Files\PFrank\PFrank.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Winamp2.81\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Winamp2.81\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Winamp2.81\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Mozilla\mozilla.exe" = C:\Mozilla\mozilla.exe:*:Enabled:Mozilla
"C:\Digital Fusion\DFusion.exe" = C:\Digital Fusion\DFusion.exe:*:Disabled:Digital Fusion is a multi-threaded compositing & visual effects package.
"C:\DF Render Node\DFRNode.exe" = C:\DF Render Node\DFRNode.exe:*:Disabled:Digital Fusion Render Node is a multi-threaded compositing & visual effects package.
"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp" = C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÁTorrent -- ()
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19024EBA-7B29-4491-BB4E-ECF9446819E4}" = Sony DVD Architect 3.0c
"{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}" = Sony ACID Pro 6.0
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2E24CA51-DA62-4A61-A212-D11E952AF1F6}" = VoSKY Call Center
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{300EBE97-0E16-4bf4-B2DD-CEDA6CB46C9C}" = 2400_2500Help
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{34770A96-B7B2-4436-A50F-F783BF6F30AC}" = EasyScreenCaptureVideo
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B4FF449-09F0-4dcc-8822-3D7BB7F5FED1}" = 2400
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5C2EBBF9-B81F-47b7-9136-EE70E6740C2A}" = 2400_2500trb
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype˘ 3.5
"{5E4EEE1C-0F5B-4237-BE17-E0F4F66948A3}" = Sony Sound Series Loops and Samples Reference Library v2.01
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = Storybase
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9112E78D-4A03-48df-9B68-786E6479CF41}" = 23_24_2500Tour
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}" = InterVideo DVDCopy 2
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E321DCB-3AC5-466C-B214-4CD340EE3A13}" = Rio Music Manager
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}" = HP Install Network Printer Wizard
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Fran┴ais, Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9F4A23-99C3-45C8-A4D3-F9D9BA5FA996}" = Sony Preset Manager 2.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D9D76D84-F59D-43AA-B302-6B36CE1DE9F1}" = Dorling Kindersley XP Update
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB10AF3B-E30E-49F9-84AC-26785D689E13}" = MainConcept MPEG Demo Encoder
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E06C6D71-ACAB-4290-8547-917C7FB1FD4E}" = AVG 2012
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6969419-A1E8-4DF0-B145-858F8C0F29A1}" = TextPad 4.6
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC6BAAC5-F5E0-48D4-B4B6-7C654DD54086}" = Sony Vegas 7.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.1
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 8 Professional - English, Fran┴ais, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced html forms" = Advanced html forms
"AMPro" = AttributeMagic Pro
"Aptana Studio 2.0" = Aptana Studio 2.0
"a-squared Free_is1" = a-squared Free 3.5
"AutoGK" = Auto Gordian Knot 2.45
"AVG" = AVG 2012
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"Bad Mojo" = Bad Mojo
"BitTorrent" = BitTorrent 5.0.7
"CCleaner" = CCleaner (remove only)
"Charts" = Microsoft Excel 97 Custom Chart Types(Remove only)
"CollabNet Automatic Update" = CollabNet Automatic Update 1.1
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.6
"ConTEXTEditor_is1" = ConTEXT
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"D.I.K.O. Free_is1" = DIKO 0.78 Beta 1
"D'Accord Guitar Chord Dictionary 2.0_is1" = D'Accord Guitar Chord Dictionary 2.0
"Descent2DeinstKey" = DESCENT II
"DIKO Free_is1" = DIKO 0.78B3 Upgrade
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDate_is1" = DVDate 5.0 En
"DVD-lab PRO_is1" = DVD-lab PRO 1.00
"DVDXCopy" = DVDXCopy (remove only)
"e_is1" = e - v1.0.42b
"Easy CD-DA Extractor 5.0" = Easy CD-DA Extractor 5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC" = FLAC 1.2.1b (remove only)
"Flickr Uploadr" = Flickr Uploadr 3.1.4
"Forte Agent" = Fort╚ Agent
"Free Sound Recorder" = Free Sound Recorder
"GearDrivers" = GearDrivers
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"HexDataEdit_is1" = HexDataEdit Ver 1.21
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Image Converter .EXE_is1" = Image Converter .EXE 2.0.0.81
"ImgBurn" = ImgBurn
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"InstallShield_{DB10AF3B-E30E-49F9-84AC-26785D689E13}" = MainConcept MPEG Demo Encoder
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.7
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.85 Full
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LeechFTP" = LeechFTP
"Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Movie Looks Vegas HD" = Movie Looks Vegas HD
"Mozilla (1.6)" = Mozilla (1.6)
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NetActive Launcher" = NetActive Launcher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PFPortChecker" = PFPortChecker 1.0.32
"PFrank_is1" = Peter's Flexible RenAmiNg Kit (PFrank) 2.12
"PianoFX STUDIO 4.0_is1" = PianoFX STUDIO 4.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"PuTTY_is1" = PuTTY version 0.60
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 2.3.0
"Rainbow Client Activator 2.0 English" = Client Activator 2.0 - English (2)
"Rainbow Client Activator 2.0 English All" = Client Activator 2.0 - English (All)
"RealAlt_is1" = Real Alternative 1.33
"Registry Mechanic_is1" = Registry Mechanic
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Replay Music3.5" = Replay Music
"Ruby-186-27" = Ruby-186-27
"Shutterfly Plugin" = Shutterfly Plugin
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SmartUndelete_is1" = SmartUndelete
"SnagIt32" = SnagIt32 v4.3
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"t@b ZS4_is1" = t@b ZS4 v0.941-686
"The Meaning of Life" = The Meaning of Life 1.0
"Tomb Raider III" = Tomb Raider III
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUpMedia" = TuneUp Companion 1.9.0
"Tunnelier" = Bitvise Tunnelier 4.28 (remove only)
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Piano_is1" = Virtual Piano 3.0
"VobSub" = VobSub v2.23 (Remove Only)
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Weapons of Mass Downloading" = Weapons of Mass Downloading
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"WinAVI VideoConverter_is1" = WinAVI VideoConverter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows SA" = Windows SA
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
"yEnc32" = yEnc32 (remove only)
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Haden
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"uTorrent" = ÁTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2011 12:54:13 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\671a.msi is not permitted due to an error in
software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 12:57:51 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 1:00:11 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 1:00:16 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 1:00:35 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 1:11:37 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 1:11:42 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 1:17:58 PM | Computer Name = HADENSCOMPUTER | Source = MsiInstaller | ID = 1008
Description = The installation of G:\Adaware.msi is not permitted due to an error
in software restriction policy processing. The object cannot be trusted.

Error - 10/14/2011 11:22:00 PM | Computer Name = HADENSCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x030529f0.

Error - 10/14/2011 11:22:47 PM | Computer Name = HADENSCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ System Events ]
Error - 10/16/2011 2:06:13 PM | Computer Name = HADENSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/16/2011 2:18:20 PM | Computer Name = HADENSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/16/2011 2:24:16 PM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 10/16/2011 2:24:19 PM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 10/16/2011 2:25:23 PM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 10/17/2011 10:26:06 AM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 10/17/2011 10:36:32 AM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/17/2011 10:36:46 AM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/17/2011 10:38:45 AM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/17/2011 11:38:58 AM | Computer Name = HADENSCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF9D5000 C:\WINDOWS\System32\nv4_disp.dll 3338240 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 45.02 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2180352 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2180352 bytes
0x804D7000 RAW 2180352 bytes
0x804D7000 WMIxWDM 2180352 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6200000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1265664 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.02 )
0xF6104000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF76E0000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEC8E4000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xEBD77000 C:\WINDOWS\System32\drivers\hardlock.sys 454656 bytes (Aladdin Knowledge Systems, Hardlock Device Driver for Windows NT)
0xEC806000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF602E000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xECABD000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEBC5D000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xECB3A000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 311296 bytes (Sonic Solutions, CD-UDF NT Filesystem Driver)
0xECA76000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEB3E6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEC7CF000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF6087000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7812000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEBE20000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76B3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEB687000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEC875000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEC98D000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF77BC000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF60E0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xEC784000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6192000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF61C9000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEC8C2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEC8A0000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xECA55000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xEBA85000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF7784000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77E2000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xECBA6000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 122880 bytes (Sonic Solutions, Win2000 Framework for Packet Write Driver)
0xF7698000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77A4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEC6CC000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF776D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF60C9000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB890000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF601A000 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 81920 bytes (Pinnacle Systems GmbH, Pinnacle Marvin/MarvinPro Bus Enumerator)
0xF61B5000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF61EC000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xECB15000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xEBE0E000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 73728 bytes (Rainbow Technologies, Inc., Sentinel System Driver (NT Parallel driver))
0xF7801000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF60B8000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEBEA5000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7911000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF79A1000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6E5D000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF79E1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78D1000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7871000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF79D1000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEBEE5000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEB0B6000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF7A61000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7881000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7A91000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF79C1000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF78C1000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7991000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A01000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF78A1000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEC0DD000 C:\WINDOWS\System32\drivers\Haspnt.sys 49152 bytes (Aladdin Knowledge Systems, HASP Kernel Device Driver for Windows NT)
0xF78E1000 PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7A21000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78F1000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF79B1000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7891000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7A11000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7A81000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 40960 bytes (Oak Technology Inc., Audio File System)
0xF7A51000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7A41000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF79F1000 C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys 40960 bytes (Eugene V. Muzychenko, Kernel-mode WDM driver)
0xEB4A7000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF78B1000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6E6D000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7AB1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7981000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7861000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A31000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7AC1000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7AA1000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7BC9000 C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS 32768 bytes (CNet Technology, Inc. , NDIS 5.0 driver )
0xF7C31000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7BF9000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 32768 bytes (VSO Software, Patin-Couffin low level access layer for CD devices)
0xF7B81000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7AF1000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF7BD1000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7C41000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AE1000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7BC1000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B91000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7BD9000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C01000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C49000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7C69000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF7C21000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B31000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF7C29000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7C09000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7AE9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BE9000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BF1000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7BE1000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7BB9000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B19000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7C75000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xEC1D1000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7D29000 C:\WINDOWS\system32\drivers\pclepci.sys 16384 bytes (Pinnacle Systems GmbH, PCLEPCI)
0xF7D39000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEBF45000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF7C71000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEC764000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7D21000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6012000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7D45000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF633D000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D91000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7DA3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D65000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7DD1000 C:\WINDOWS\System32\drivers\ds1410d.sys 8192 bytes
0xF7E11000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7DA1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D9D000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7D61000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DA5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DC7000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DA7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D93000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D9B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D63000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E73000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7FA2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F31000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E29000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 17 October 2011 - 07:57 PM

Hi-

Thanks for the logs. There is some stuff to clean up, but before then -

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Then, download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
In your reply, please copy in the contents of the ComboFix, the MBAM, and the Security Check reports. How is your computer running now?
Shannon

#5 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 18 October 2011 - 05:04 PM

Hey Shannon,

In answer to you question 'How is my computer running', I would say much, much better than a few days ago.
But since my experience so far is that I run a AV program and it find several different infections, then I run another AV program and it finds 27 diffent infections (my numbers aren't totally accurate - but you get the idea), I'm wondering if I'll ever know for sure that there are no viruses on my computer.

ComboFix reported that it found Rootkit.ZeroAccess and that it is a very hard virus to remove. Please let me know about that one. I couldn't tell from it's log that it was removed.

MalwareBytes shows no infections nor (as far as I can see) does SecurityCheck. So that's good.

So, after you've looked at the log files (added below) you can tell me that my computer is virus free, that will be great! Thank you for your assistance!

Haden




ComboFix 11-10-18.01 - Haden 10/18/2011 10:25:19.1.1 - x86
Running from: c:\documents and settings\Haden\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CEPx2814.tmp
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oa3018cf.default\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}\install.rdf
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}\chrome\xulcache.jar
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}\defaults\preferences\xulcache.js
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{0ffb64da-ca8f-41bb-9295-71a07bb42572}\install.rdf
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}\chrome\xulcache.jar
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}\defaults\preferences\xulcache.js
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{103b290f-f8eb-4a4c-a047-c41602c858b0}\install.rdf
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}\chrome\xulcache.jar
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}\defaults\preferences\xulcache.js
c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{a98cf326-ab5d-43d7-bcb2-10c0c1724276}\install.rdf
c:\documents and settings\Haden\My Documents\DPE.DUS
c:\documents and settings\Haden\rztkfjutan.tmp
c:\documents and settings\Haden\WINDOWS
C:\DSC_5021.jpg
c:\program files\Image Converter .EXE
c:\program files\Image Converter .EXE\blank.gif
c:\program files\Image Converter .EXE\compare template.html
c:\program files\Image Converter .EXE\detail template.html
c:\program files\Image Converter .EXE\Help\CommandLines.htm
c:\program files\Image Converter .EXE\Help\pv_registration.mht
c:\program files\Image Converter .EXE\imageconverter.exe
c:\program files\Image Converter .EXE\license.txt
c:\program files\Image Converter .EXE\logfile.txt
c:\program files\Image Converter .EXE\thumbnail template.html
c:\program files\Image Converter .EXE\unins000.dat
c:\program files\Image Converter .EXE\unins000.exe
c:\program files\Image Converter .EXE\Web\Image Converter .EXE Home Page.url
c:\program files\Image Converter .EXE\Web\Order Image Converter .EXE.url
c:\program files\Image Converter .EXE\Web\SoftTech InterCorp.url
c:\program files\MBKWBar
c:\windows\$NtUninstallKB17158$
c:\windows\$NtUninstallKB17158$\1093332280
c:\windows\$NtUninstallKB17158$\2337355688\@
c:\windows\$NtUninstallKB17158$\2337355688\bckfg.tmp
c:\windows\$NtUninstallKB17158$\2337355688\cfg.ini
c:\windows\$NtUninstallKB17158$\2337355688\Desktop.ini
c:\windows\$NtUninstallKB17158$\2337355688\keywords
c:\windows\$NtUninstallKB17158$\2337355688\kwrd.dll
c:\windows\$NtUninstallKB17158$\2337355688\L\qododrdo
c:\windows\$NtUninstallKB17158$\2337355688\lsflt7.ver
c:\windows\$NtUninstallKB17158$\2337355688\U\00000001.@
c:\windows\$NtUninstallKB17158$\2337355688\U\00000002.@
c:\windows\$NtUninstallKB17158$\2337355688\U\80000000.@
c:\windows\$NtUninstallKB17158$\2337355688\U\80000032.@
c:\windows\41.jpg
c:\windows\43.jpg
c:\windows\70.jpg
c:\windows\system32\Cache
c:\windows\system32\kbiwkmlog.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_8b5137a8
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-17 17:01 . 2011-10-17 17:17 -------- d-----w- c:\documents and settings\Haden\Application Data\Wise Registry Cleaner
2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-10-16 17:13 . 2011-10-16 17:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-10-15 02:37 . 2011-10-14 20:33 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-14 20:33 . 2011-10-14 20:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-14 20:21 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-14 16:55 . 2011-10-14 16:55 -------- d-----w- c:\documents and settings\Haden\Application Data\SUPERAntiSpyware.com
2011-10-14 00:55 . 2011-10-14 00:55 -------- d-----w- c:\program files\ESET
2011-10-13 22:21 . 2011-10-13 22:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-13 18:10 . 2011-07-17 02:21 302592 ----a-w- C:\iexplore.exe
2011-10-13 16:33 . 2011-10-13 16:33 -------- d-----w- c:\program files\AVG Secure Search
2011-10-13 15:39 . 2011-10-13 15:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-10-13 15:39 . 2011-10-13 15:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-13 15:39 . 2011-10-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-13 15:30 . 2011-10-13 15:30 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-13 14:17 . 2011-10-17 16:18 -------- d-----w- C:\amonia
2011-10-13 02:19 . 2004-08-04 01:07 135680 ----a-w- c:\windows\system32\Copy (3) of taskmgr.exe
2011-10-13 02:17 . 2004-08-04 01:07 135680 ----a-w- c:\windows\system32\Copy (2) of taskmgr.exe
2011-10-13 02:16 . 2004-08-04 01:07 135680 ----a-w- c:\windows\system32\Copy of taskmgr.exe
2011-10-13 01:52 . 2011-10-13 01:52 -------- d-----w- C:\rsit
2011-10-13 01:51 . 2011-10-13 01:26 781383 ----a-w- C:\RSIT.exe
2011-10-13 01:28 . 2011-10-13 01:28 -------- d-----w- c:\program files\Trend Micro
2011-10-12 22:08 . 2011-10-12 22:08 -------- d-----w- c:\documents and settings\Haden\Application Data\AVG2012
2011-10-12 21:40 . 2011-10-12 21:40 -------- d-----w- c:\documents and settings\Haden\Application Data\AVG Secure Search
2011-10-12 21:40 . 2011-10-12 21:40 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-10-12 21:39 . 2011-10-18 13:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-12 21:39 . 2011-10-12 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-12 20:57 . 2011-10-12 20:57 -------- d-----w- C:\$AVG
2011-10-12 20:48 . 2011-10-12 20:48 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-12 20:48 . 2011-10-18 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-12 20:03 . 2011-10-12 20:03 -------- d-----w- c:\documents and settings\Haden\Application Data\Simply Super Software
2011-10-12 19:56 . 2011-10-12 19:56 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-12 19:55 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-10-12 19:55 . 2011-10-12 19:55 -------- d-----w- c:\program files\Trojan Remover
2011-10-12 19:55 . 2011-10-12 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2011-10-12 19:55 . 2011-10-12 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2011-10-12 19:54 . 2011-10-12 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ipswitch
2011-10-12 16:53 . 2011-10-13 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-12 16:53 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 21:40 . 2011-10-12 17:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-11 21:37 . 2011-10-03 22:49 11779704 ----a-w- C:\trjsetup682.exe
2011-10-11 20:45 . 2011-10-11 20:45 -------- d-----w- C:\Adobe
2011-10-11 18:10 . 2011-10-11 17:24 9852544 ----a-w- C:\firefox.exe
2011-10-11 16:58 . 2011-10-11 16:58 -------- d-----w- C:\sysinternals
2011-10-05 16:25 . 2011-10-05 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2011-10-03 15:22 . 2011-10-03 15:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-03 14:25 . 2011-10-03 14:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-29 20:54 . 2011-09-29 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 15:36 . 2004-08-04 01:07 64896 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-13 10:30 . 2011-09-13 10:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-08 10:08 . 2011-08-08 10:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2003-08-27 19:19 . 2004-12-14 19:04 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-13 16:33 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-13 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-08-26 23090984]
"FWBootup"="c:\program files\VoSKY Call Center\USBDRAM.exe" [2007-07-05 53248]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-01 43008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-13 218440]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2011-05-18 1233856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-10-14 1191216]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=c:\windows\pss\20-20 Shortcut Bar.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Haden^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Haden^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"NBService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/14/2011 4:21 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 EuMusDesignVirtualAudioCableWdm_act;VoSKY CC (WDM);c:\windows\SYSTEM32\DRIVERS\vrtaucbl.sys [8/31/2007 9:31 PM 38912]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [5/5/2003 3:20 PM 32192]
S1 4fdw;4fdw;\??\c:\windows\system32\4fdw.dll --> c:\windows\system32\4fdw.dll [?]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/12/2011 5:40 PM 246600]
S3 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [9/14/2008 7:57 PM 1872320]
S3 I81xadvtrtsa;I81xadvtrtsa; [x]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]
S3 RioS35;RioS35S driver;c:\windows\SYSTEM32\DRIVERS\RioS35.sys [10/16/2004 11:58 AM 12661]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 20:33]
.
2011-10-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8a31c8c6-59e2-4580-b7f1-548c0a51db36.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-10-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a5e5533d-00da-4b08-bb93-24e94a9181f8.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EE829B44-0F20-480F-BAB0-581E2E48D878}: NameServer = 68.237.161.12,71.243.0.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE}
FF - ProfilePath - c:\documents and settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bac23a119-ff97-4e9f-8677-2501abc50ee4%7D&mid=cc0fd950921bfba784aa19a10c202e10-d7b9b234c7bbb1adb3d4d663584c41a7f676952a&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-10-12%2017%3A40%3A32&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Operator: {95C9A302-8557-4052-91B7-2BB6BA33C885} - %profile%\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
FF - Ext: AVG Security Toolbar: avg@toolbar - %profile%\extensions\avg@toolbar
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - blank
Notify-avgrsstarter - (no file)
Notify-WgaLogon - (no file)
SafeBoot-01125307.sys
AddRemove-Descent2DeinstKey - c:\descent2\DeIsL1.isu
AddRemove-GLOBEtrotter FLEXid Drivers - c:\program files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu
AddRemove-Image Converter .EXE_is1 - c:\program files\Image Converter .EXE\unins000.exe
AddRemove-The Meaning of Life - c:\7thlevel\meaning of life\mol_cd_1 (f)\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 11:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\Haden\LOCALS~1\Temp\etilqs_2tGTtbtZuiCb0dO 0 bytes
c:\docume~1\Haden\LOCALS~1\Temp\etilqs_9Ix5uz1AZ6k43g4 0 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29C7572E-368C-9746-3DB4E03B0C8852AE}\{D5583F53-2F82-8141-B7E22169E34927D8}\{884189AF-2B25-871B-C10F8549E6A3D936}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4233ADD3-CD31-D295-804BA870321FDEF4}\{F4A8E5F3-7E68-2DD0-FA9D328203A7D1A7}\{07380252-9142-5EC5-94F639FC4AE64832}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,e9,4c,b9,
f6,b4,24,f0,05,0b,5b,80,36,af,55,10,aa,ba,27,66,3a,e8,b9,2c,e4,e3,3d,4e,7a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9F5A92A2-B329-46CC-1B7090FE4262F142}\{3D41E9B5-DA3D-E370-0314048CD4A11D7E}\{F612533D-2F2D-C745-8F22D9CBAAB0FDB6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,e9,4c,b9,
f6,b4,24,f0,05,0b,5b,80,36,af,55,10,aa,ba,27,66,3a,e8,b9,2c,e4,e3,3d,4e,7a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9046776-195D-89EA-3E66F9BC5DAE5B9B}\{E7989E73-D3F8-C437-CB8470F59A56421D}\{FFD68A1F-1364-19C2-ECF1A15A7898EBE6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2011-10-18 11:14:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 15:14
.
Pre-Run: 39,713,361,920 bytes free
Post-Run: 39,627,665,408 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D4C53C38AAB6A97B306314880F384C47


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7973

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/18/2011 5:20:02 PM
mbam-log-2011-10-18 (17-20-01).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 471294
Time elapsed: 5 hour(s), 57 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
*****************************************************************

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Sony Preset Manager 2.0
a-squared Free 3.5
ZoneAlarm
ZoneAlarm Spy Blocker
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
TuneUp Companion 1.9.0
CCleaner (remove only)
Wise Registry Cleaner 6.14
Java™ 6 Update 17
Java™ SE Development Kit 6 Update 17
Java DB 10.4.2.1
Out of date Java installed!
Adobe Flash Player ( 10.1.85.3) Flash Player Out of Date!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 19 October 2011 - 08:14 AM

Hi-

It looks like ComboFix did a nice job of getting rid of multiple infections. It also pointed out that you have multiple anti-virus packages active at the same time - AVG Anti-Virus, Lavasoft Ad-Watch Live, and Norton Internet Security. You should not have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.
Please go to add/remove programs in the control panel and remove all anti-virus programs but one.

I suspect that Norton Internet Security is a leftover and you will not be able to uninstall it via the control panel. To remove it, download the Norton Removal Tool.
  • Save the file to the Windows desktop.
  • On the Windows desktop, double-click the Norton Removal Tool icon.
  • Follow the on-screen instructions.
  • Restart your computer

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java SE 7 Java Platform, Standard Edition".
  • Click the "JRE Download" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Select your Platform: Windows x86 Offline.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java™ 6 Update or Java™ 7 Update in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
Your Adobe Flash Player is also out of date and needs to be updated with a newer version.

Next, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.11.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.5.0_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Then, get a new OTL scan report.
  • Double click on the Posted Image icon on your desktop.
  • In the Extra Registry Box, check None
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

In your reply, please copy in the contents of the TDSSKiller and the OTL reports. How is your computer doing now?
Shannon

#7 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 19 October 2011 - 03:59 PM

Hi Shannon,

My computer seems to be running ok now, but I wonder if you could answer a few questions so that I can be better prepared to respond to this situation in the future.

I realize that the infections altered a lot of settings on the computer. For example, many of my program groups (start...programs..Windows Support Tools) show up as empty. Same thing with Administrative Tools. Any suggestions for restoring them? Also, autoruns.exe in sysinternals gives me an error - having to do with permissions. Bottom line is I don't know how much damage was done and wonder what I should do about it? short of a complete re-install of Windows. Any ideas?

When I think i have a virus, would you recommend immediately rebooting into Safe Mode? I ended up doing that because the virus(es) were preventing me from installing/running programs in normal mode. In general what would be your first steps if you thought you had a virus?

Was rootkit.ZeroAccess on my computer as ComboFix reported or is that an example of a 'false postive'?

Thanks again for your help!
Haden

Below are the TDSS and OTL reports.


15:44:21.0171 2040 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
15:44:21.0968 2040 ============================================================
15:44:21.0968 2040 Current date / time: 2011/10/19 15:44:21.0968
15:44:21.0968 2040 SystemInfo:
15:44:21.0968 2040
15:44:21.0968 2040 OS Version: 5.1.2600 ServicePack: 2.0
15:44:21.0968 2040 Product type: Workstation
15:44:21.0968 2040 ComputerName: HADENSCOMPUTER
15:44:21.0968 2040 UserName: Haden
15:44:21.0968 2040 Windows directory: C:\WINDOWS
15:44:21.0968 2040 System windows directory: C:\WINDOWS
15:44:21.0968 2040 Processor architecture: Intel x86
15:44:21.0968 2040 Number of processors: 1
15:44:21.0968 2040 Page size: 0x1000
15:44:21.0968 2040 Boot type: Normal boot
15:44:21.0968 2040 ============================================================
15:44:23.0859 2040 Initialize success
15:44:25.0984 1616 ============================================================
15:44:25.0984 1616 Scan started
15:44:25.0984 1616 Mode: Manual;
15:44:25.0984 1616 ============================================================
15:44:27.0515 1616 4fdw - ok
15:44:27.0640 1616 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
15:44:27.0640 1616 61883 - ok
15:44:27.0750 1616 Abiosdsk - ok
15:44:27.0828 1616 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
15:44:27.0828 1616 abp480n5 - ok
15:44:27.0968 1616 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:44:28.0062 1616 ACPI - ok
15:44:28.0234 1616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:44:28.0234 1616 ACPIEC - ok
15:44:28.0421 1616 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
15:44:28.0421 1616 adpu160m - ok
15:44:29.0078 1616 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
15:44:29.0093 1616 aeaudio - ok
15:44:29.0578 1616 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
15:44:29.0609 1616 aec - ok
15:44:30.0156 1616 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:44:30.0234 1616 AFD - ok
15:44:30.0796 1616 AFS2K (c719341a1cf6afd4fa0808ae3d23d6a3) C:\WINDOWS\system32\drivers\AFS2K.sys
15:44:30.0843 1616 AFS2K - ok
15:44:31.0015 1616 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:44:31.0015 1616 agp440 - ok
15:44:31.0171 1616 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
15:44:31.0171 1616 agpCPQ - ok
15:44:31.0328 1616 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
15:44:31.0328 1616 Aha154x - ok
15:44:31.0453 1616 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
15:44:31.0468 1616 aic78u2 - ok
15:44:31.0609 1616 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
15:44:31.0609 1616 aic78xx - ok
15:44:31.0734 1616 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
15:44:31.0734 1616 AliIde - ok
15:44:31.0890 1616 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
15:44:31.0906 1616 alim1541 - ok
15:44:31.0968 1616 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
15:44:31.0968 1616 amdagp - ok
15:44:32.0078 1616 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
15:44:32.0078 1616 amsint - ok
15:44:32.0234 1616 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:44:32.0234 1616 Arp1394 - ok
15:44:32.0375 1616 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
15:44:32.0375 1616 asc - ok
15:44:32.0515 1616 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
15:44:32.0515 1616 asc3350p - ok
15:44:32.0593 1616 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
15:44:32.0593 1616 asc3550 - ok
15:44:32.0718 1616 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:44:32.0734 1616 AsyncMac - ok
15:44:32.0843 1616 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:44:32.0843 1616 atapi - ok
15:44:32.0953 1616 Atdisk - ok
15:44:33.0109 1616 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:44:33.0125 1616 ati2mtag - ok
15:44:33.0265 1616 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:44:33.0265 1616 Atmarpc - ok
15:44:33.0421 1616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:44:33.0421 1616 audstub - ok
15:44:33.0578 1616 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
15:44:33.0578 1616 Avc - ok
15:44:33.0687 1616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:44:33.0687 1616 Beep - ok
15:44:33.0718 1616 catchme - ok
15:44:33.0812 1616 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
15:44:33.0812 1616 cbidf - ok
15:44:33.0906 1616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:44:33.0906 1616 cbidf2k - ok
15:44:34.0046 1616 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:44:34.0046 1616 CCDECODE - ok
15:44:34.0187 1616 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
15:44:34.0187 1616 cd20xrnt - ok
15:44:34.0343 1616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:44:34.0343 1616 Cdaudio - ok
15:44:34.0531 1616 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:44:34.0531 1616 Cdfs - ok
15:44:34.0687 1616 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:44:34.0703 1616 Cdrom - ok
15:44:34.0843 1616 cdudf_xp (78e46ff4ea745d9024745a29d7b89394) C:\WINDOWS\system32\drivers\cdudf_xp.sys
15:44:34.0859 1616 cdudf_xp - ok
15:44:34.0984 1616 Changer - ok
15:44:35.0109 1616 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
15:44:35.0109 1616 CmdIde - ok
15:44:35.0265 1616 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
15:44:35.0265 1616 Cpqarray - ok
15:44:35.0359 1616 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
15:44:35.0359 1616 dac2w2k - ok
15:44:35.0437 1616 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
15:44:35.0437 1616 dac960nt - ok
15:44:35.0562 1616 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:44:35.0562 1616 Disk - ok
15:44:35.0625 1616 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
15:44:35.0640 1616 DM9102 - ok
15:44:35.0734 1616 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:44:35.0765 1616 dmboot - ok
15:44:35.0921 1616 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
15:44:35.0921 1616 dmio - ok
15:44:36.0031 1616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:44:36.0031 1616 dmload - ok
15:44:36.0171 1616 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:44:36.0171 1616 DMusic - ok
15:44:36.0328 1616 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
15:44:36.0328 1616 dpti2o - ok
15:44:36.0437 1616 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:44:36.0437 1616 drmkaud - ok
15:44:36.0546 1616 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\System32\drivers\ds1410d.sys
15:44:36.0546 1616 DS1410D - ok
15:44:36.0703 1616 dvd_2K (bb23adb69401eb3e86c09a6f986e63d2) C:\WINDOWS\system32\drivers\dvd_2K.sys
15:44:36.0703 1616 dvd_2K - ok
15:44:36.0859 1616 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:44:36.0875 1616 E100B - ok
15:44:36.0937 1616 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
15:44:36.0937 1616 EL90XBC - ok
15:44:37.0031 1616 EuMusDesignVirtualAudioCableWdm_act (7d24c9361343283019785f73e51bd1a5) C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys
15:44:37.0031 1616 EuMusDesignVirtualAudioCableWdm_act - ok
15:44:37.0140 1616 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:44:37.0140 1616 Fastfat - ok
15:44:37.0187 1616 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:44:37.0187 1616 Fdc - ok
15:44:37.0234 1616 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:44:37.0234 1616 Fips - ok
15:44:37.0312 1616 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:44:37.0312 1616 Flpydisk - ok
15:44:37.0390 1616 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:44:37.0406 1616 FltMgr - ok
15:44:37.0578 1616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:44:37.0578 1616 Fs_Rec - ok
15:44:37.0750 1616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:44:37.0750 1616 Ftdisk - ok
15:44:37.0906 1616 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:44:37.0906 1616 GEARAspiWDM - ok
15:44:37.0984 1616 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:44:38.0000 1616 Gpc - ok
15:44:38.0078 1616 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\System32\drivers\hardlock.sys
15:44:38.0109 1616 hardlock - ok
15:44:38.0234 1616 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\System32\drivers\Haspnt.sys
15:44:38.0234 1616 Haspnt - ok
15:44:38.0390 1616 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:44:38.0390 1616 HidUsb - ok
15:44:38.0546 1616 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
15:44:38.0562 1616 hpn - ok
15:44:38.0687 1616 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:44:38.0687 1616 HPZid412 - ok
15:44:38.0781 1616 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:44:38.0781 1616 HPZipr12 - ok
15:44:38.0890 1616 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:44:38.0890 1616 HPZius12 - ok
15:44:38.0968 1616 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
15:44:38.0968 1616 HTTP - ok
15:44:39.0109 1616 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:44:39.0109 1616 i2omgmt - ok
15:44:39.0265 1616 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
15:44:39.0265 1616 i2omp - ok
15:44:39.0421 1616 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:44:39.0421 1616 i8042prt - ok
15:44:39.0593 1616 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
15:44:39.0593 1616 i81x - ok
15:44:39.0734 1616 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
15:44:39.0734 1616 iAimFP0 - ok
15:44:39.0875 1616 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
15:44:39.0875 1616 iAimFP1 - ok
15:44:40.0015 1616 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
15:44:40.0015 1616 iAimFP2 - ok
15:44:40.0109 1616 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
15:44:40.0109 1616 iAimFP3 - ok
15:44:40.0203 1616 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
15:44:40.0203 1616 iAimFP4 - ok
15:44:40.0296 1616 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
15:44:40.0296 1616 iAimTV0 - ok
15:44:40.0375 1616 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
15:44:40.0375 1616 iAimTV1 - ok
15:44:40.0484 1616 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
15:44:40.0484 1616 iAimTV3 - ok
15:44:40.0562 1616 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
15:44:40.0562 1616 iAimTV4 - ok
15:44:40.0687 1616 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:44:40.0703 1616 Imapi - ok
15:44:40.0843 1616 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
15:44:40.0843 1616 ini910u - ok
15:44:40.0984 1616 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
15:44:40.0984 1616 IntelIde - ok
15:44:41.0140 1616 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:44:41.0140 1616 intelppm - ok
15:44:41.0296 1616 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:44:41.0296 1616 Ip6Fw - ok
15:44:41.0437 1616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:44:41.0437 1616 IpFilterDriver - ok
15:44:41.0531 1616 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:44:41.0531 1616 IpInIp - ok
15:44:41.0625 1616 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:44:41.0625 1616 IpNat - ok
15:44:41.0750 1616 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:44:41.0750 1616 IPSec - ok
15:44:41.0812 1616 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:44:41.0812 1616 IRENUM - ok
15:44:41.0921 1616 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:44:41.0921 1616 isapnp - ok
15:44:42.0000 1616 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
15:44:42.0000 1616 Iviaspi - ok
15:44:42.0078 1616 JL2005C (78648c0450b9af8d1bbc5fd86dec1642) C:\WINDOWS\system32\Drivers\jl2005c.sys
15:44:42.0078 1616 JL2005C - ok
15:44:42.0203 1616 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:44:42.0203 1616 Kbdclass - ok
15:44:42.0328 1616 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
15:44:42.0328 1616 kmixer - ok
15:44:42.0500 1616 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
15:44:42.0500 1616 KSecDD - ok
15:44:42.0593 1616 lbrtfdc - ok
15:44:42.0671 1616 MarvinBus (d51e16339213898bc20c58670274ec3e) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:44:42.0687 1616 MarvinBus - ok
15:44:42.0796 1616 mmc_2K (783f9ffe9cbfa9727b8a6d53ef1ebba5) C:\WINDOWS\system32\drivers\mmc_2K.sys
15:44:42.0796 1616 mmc_2K - ok
15:44:42.0968 1616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:44:42.0968 1616 mnmdd - ok
15:44:43.0109 1616 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:44:43.0109 1616 Modem - ok
15:44:43.0234 1616 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:44:43.0234 1616 Mouclass - ok
15:44:43.0375 1616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:44:43.0375 1616 mouhid - ok
15:44:43.0453 1616 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:44:43.0453 1616 MountMgr - ok
15:44:43.0531 1616 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
15:44:43.0531 1616 mraid35x - ok
15:44:43.0687 1616 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:44:43.0703 1616 MRxDAV - ok
15:44:43.0890 1616 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:44:43.0953 1616 MRxSmb - ok
15:44:44.0140 1616 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:44:44.0140 1616 MSDV - ok
15:44:44.0312 1616 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:44:44.0312 1616 Msfs - ok
15:44:44.0468 1616 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:44:44.0468 1616 MSKSSRV - ok
15:44:44.0593 1616 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:44:44.0593 1616 MSPCLOCK - ok
15:44:44.0687 1616 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:44:44.0687 1616 MSPQM - ok
15:44:44.0828 1616 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:44:44.0828 1616 MSTEE - ok
15:44:45.0015 1616 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:44:45.0015 1616 Mup - ok
15:44:45.0171 1616 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:44:45.0171 1616 NABTSFEC - ok
15:44:45.0343 1616 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:44:45.0343 1616 NDIS - ok
15:44:45.0500 1616 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:44:45.0500 1616 NdisIP - ok
15:44:45.0687 1616 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:44:45.0687 1616 NdisTapi - ok
15:44:46.0015 1616 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:44:46.0015 1616 Ndisuio - ok
15:44:46.0093 1616 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:44:46.0093 1616 NdisWan - ok
15:44:46.0187 1616 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:44:46.0187 1616 NDProxy - ok
15:44:46.0312 1616 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:44:46.0312 1616 NetBIOS - ok
15:44:46.0453 1616 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:44:46.0453 1616 NetBT - ok
15:44:46.0609 1616 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:44:46.0609 1616 NIC1394 - ok
15:44:46.0796 1616 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:44:46.0796 1616 Npfs - ok
15:44:46.0968 1616 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
15:44:47.0000 1616 Ntfs - ok
15:44:47.0171 1616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:44:47.0171 1616 Null - ok
15:44:47.0390 1616 nv (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:44:47.0437 1616 nv - ok
15:44:47.0609 1616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:44:47.0609 1616 NwlnkFlt - ok
15:44:47.0750 1616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:44:47.0750 1616 NwlnkFwd - ok
15:44:47.0921 1616 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:44:47.0921 1616 ohci1394 - ok
15:44:48.0078 1616 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
15:44:48.0093 1616 omci - ok
15:44:48.0265 1616 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
15:44:48.0265 1616 P3 - ok
15:44:48.0421 1616 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:44:48.0437 1616 Parport - ok
15:44:48.0578 1616 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:44:48.0578 1616 PartMgr - ok
15:44:48.0750 1616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:44:48.0750 1616 ParVdm - ok
15:44:48.0906 1616 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:44:48.0906 1616 PCI - ok
15:44:49.0031 1616 PCIDump - ok
15:44:49.0156 1616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:44:49.0156 1616 PCIIde - ok
15:44:49.0265 1616 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
15:44:49.0265 1616 PCLEPCI - ok
15:44:49.0421 1616 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:44:49.0437 1616 Pcmcia - ok
15:44:49.0562 1616 Pcouffin (1f7f4eaf77d51aa3891d5ee2fdc6976b) C:\WINDOWS\system32\Drivers\Pcouffin.sys
15:44:49.0562 1616 Pcouffin - ok
15:44:49.0609 1616 PDCOMP - ok
15:44:49.0671 1616 PDFRAME - ok
15:44:49.0750 1616 PDRELI - ok
15:44:49.0812 1616 PDRFRAME - ok
15:44:49.0921 1616 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
15:44:49.0921 1616 perc2 - ok
15:44:50.0078 1616 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
15:44:50.0078 1616 perc2hib - ok
15:44:50.0234 1616 Pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
15:44:50.0234 1616 Pfc - ok
15:44:50.0406 1616 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:44:50.0406 1616 PptpMiniport - ok
15:44:50.0578 1616 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
15:44:50.0578 1616 Processor - ok
15:44:50.0718 1616 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:44:50.0718 1616 PSched - ok
15:44:50.0859 1616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:44:50.0859 1616 Ptilink - ok
15:44:50.0984 1616 pwd_2k (204f26a7511652d26ddae9f17a68add1) C:\WINDOWS\system32\drivers\pwd_2k.sys
15:44:51.0000 1616 pwd_2k - ok
15:44:51.0140 1616 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:44:51.0140 1616 PxHelp20 - ok
15:44:51.0218 1616 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
15:44:51.0218 1616 ql1080 - ok
15:44:51.0312 1616 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
15:44:51.0312 1616 Ql10wnt - ok
15:44:51.0437 1616 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
15:44:51.0437 1616 ql12160 - ok
15:44:51.0578 1616 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
15:44:51.0578 1616 ql1240 - ok
15:44:51.0687 1616 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
15:44:51.0687 1616 ql1280 - ok
15:44:51.0843 1616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:44:51.0843 1616 RasAcd - ok
15:44:52.0015 1616 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:44:52.0015 1616 Rasl2tp - ok
15:44:52.0093 1616 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:44:52.0093 1616 RasPppoe - ok
15:44:52.0250 1616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:44:52.0250 1616 Raspti - ok
15:44:52.0406 1616 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:44:52.0406 1616 Rdbss - ok
15:44:52.0578 1616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:44:52.0578 1616 RDPCDD - ok
15:44:52.0765 1616 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:44:52.0796 1616 rdpdr - ok
15:44:52.0953 1616 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
15:44:52.0953 1616 RDPWD - ok
15:44:53.0109 1616 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:44:53.0109 1616 redbook - ok
15:44:53.0265 1616 RioS35 (d5f71afb0661dfe955af4bb507ebcd78) C:\WINDOWS\system32\Drivers\RioS35.sys
15:44:53.0265 1616 RioS35 - ok
15:44:53.0390 1616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:44:53.0390 1616 SASDIFSV - ok
15:44:53.0406 1616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:44:53.0406 1616 SASKUTIL - ok
15:44:53.0578 1616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:44:53.0578 1616 Secdrv - ok
15:44:53.0718 1616 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
15:44:53.0734 1616 Sentinel - ok
15:44:53.0812 1616 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:44:53.0828 1616 serenum - ok
15:44:53.0859 1616 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:44:53.0859 1616 Serial - ok
15:44:54.0015 1616 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:44:54.0015 1616 Sfloppy - ok
15:44:54.0140 1616 Simbad - ok
15:44:54.0250 1616 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
15:44:54.0265 1616 sisagp - ok
15:44:54.0343 1616 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:44:54.0343 1616 SLIP - ok
15:44:54.0484 1616 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
15:44:54.0562 1616 smwdm - ok
15:44:54.0718 1616 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
15:44:54.0718 1616 Sparrow - ok
15:44:54.0843 1616 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
15:44:54.0843 1616 splitter - ok
15:44:55.0015 1616 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:44:55.0015 1616 sr - ok
15:44:55.0093 1616 srescan - ok
15:44:55.0265 1616 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
15:44:55.0281 1616 Srv - ok
15:44:55.0437 1616 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:44:55.0437 1616 StillCam - ok
15:44:55.0531 1616 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:44:55.0531 1616 streamip - ok
15:44:55.0687 1616 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:44:55.0687 1616 swenum - ok
15:44:55.0859 1616 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:44:55.0859 1616 swmidi - ok
15:44:56.0031 1616 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
15:44:56.0031 1616 symc810 - ok
15:44:56.0218 1616 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
15:44:56.0218 1616 symc8xx - ok
15:44:56.0359 1616 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
15:44:56.0359 1616 sym_hi - ok
15:44:56.0515 1616 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
15:44:56.0515 1616 sym_u3 - ok
15:44:56.0625 1616 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:44:56.0625 1616 sysaudio - ok
15:44:56.0750 1616 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:44:56.0765 1616 Tcpip - ok
15:44:56.0953 1616 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:44:56.0953 1616 TDPIPE - ok
15:44:57.0109 1616 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:44:57.0109 1616 TDTCP - ok
15:44:57.0281 1616 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:44:57.0281 1616 TermDD - ok
15:44:57.0468 1616 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
15:44:57.0468 1616 TosIde - ok
15:44:57.0625 1616 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:44:57.0625 1616 Udfs - ok
15:44:57.0796 1616 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
15:44:57.0796 1616 ultra - ok
15:44:57.0953 1616 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
15:44:57.0968 1616 Update - ok
15:44:58.0156 1616 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
15:44:58.0156 1616 usbaudio - ok
15:44:58.0328 1616 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:44:58.0328 1616 usbccgp - ok
15:44:58.0500 1616 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:44:58.0500 1616 usbehci - ok
15:44:58.0593 1616 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:44:58.0593 1616 usbhub - ok
15:44:58.0671 1616 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:44:58.0671 1616 usbprint - ok
15:44:58.0734 1616 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:44:58.0750 1616 usbscan - ok
15:44:58.0812 1616 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:44:58.0812 1616 USBSTOR - ok
15:44:58.0875 1616 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:44:58.0875 1616 usbuhci - ok
15:44:59.0000 1616 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:44:59.0000 1616 VgaSave - ok
15:44:59.0062 1616 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
15:44:59.0062 1616 viaagp - ok
15:44:59.0156 1616 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
15:44:59.0171 1616 ViaIde - ok
15:44:59.0265 1616 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:44:59.0265 1616 VolSnap - ok
15:44:59.0390 1616 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
15:44:59.0453 1616 vsdatant - ok
15:44:59.0625 1616 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:44:59.0625 1616 Wanarp - ok
15:44:59.0750 1616 WDICA - ok
15:44:59.0859 1616 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
15:44:59.0859 1616 wdmaud - ok
15:45:00.0078 1616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:45:00.0078 1616 WS2IFSL - ok
15:45:00.0234 1616 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:45:00.0234 1616 WSTCODEC - ok
15:45:00.0296 1616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:45:00.0437 1616 \Device\Harddisk0\DR0 - ok
15:45:00.0468 1616 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
15:45:00.0875 1616 \Device\Harddisk1\DR1 - ok
15:45:00.0890 1616 Boot (0x1200) (e08e39037d6de64e9a95152121f869b0) \Device\Harddisk0\DR0\Partition0
15:45:00.0890 1616 \Device\Harddisk0\DR0\Partition0 - ok
15:45:00.0921 1616 Boot (0x1200) (64992307a708bcd1ddea81a658636547) \Device\Harddisk1\DR1\Partition0
15:45:00.0921 1616 \Device\Harddisk1\DR1\Partition0 - ok
15:45:00.0921 1616 ============================================================
15:45:00.0921 1616 Scan finished
15:45:00.0921 1616 ============================================================
15:45:00.0937 0860 Detected object count: 0
15:45:00.0937 0860 Actual detected object count: 0
15:45:09.0078 1884 Deinitialize success

OTL logfile created on: 10/19/2011 3:52:43 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\amonia
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 487.75 Mb Available Physical Memory | 47.68% Memory free
3.15 Gb Paging File | 2.81 Gb Available in Paging File | 89.32% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 37.86 Gb Free Space | 50.85% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 48.29 Gb Free Space | 32.40% Space Free | Partition Type: NTFS

Computer Name: HADENSCOMPUTER | User Name: Haden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 19:57:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\amonia\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/09/17 09:24:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/02 10:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 10:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/19 15:21:17 | 008,522,400 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/18 11:53:44 | 001,496,576 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 11:53:44 | 000,346,112 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2010/09/17 09:24:01 | 001,016,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2005/08/11 16:26:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SYSTEM32\itechmonXP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (I81xadvtrtsa)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/11 17:34:07 | 001,872,320 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/02 10:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/25 18:53:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/03 21:07:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2008/05/21 10:41:37 | 000,043,488 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/04/13 11:39:30 | 000,038,912 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm_act) VoSKY CC (WDM)
DRV - [2007/04/10 13:36:36 | 000,062,794 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\jl2005c.sys -- (JL2005C)
DRV - [2005/09/19 11:05:00 | 000,309,632 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/09/19 11:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/09/19 11:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/19 11:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/23 18:16:57 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hardlock.sys -- (hardlock)
DRV - [2004/09/23 18:16:57 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Haspnt.sys -- (Haspnt)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/21 17:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys -- (MarvinBus)
DRV - [2003/09/26 03:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/11/07 09:49:42 | 000,012,661 | ---- | M] (SonicBlue Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RioS35.sys -- (RioS35)
DRV - [2002/03/19 11:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 12:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2001/06/22 06:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar_bak = http://websearch.drsnsrch.com/sidesearch.cgi?id=
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1B 19 C6 00 E9 FE 36 45 BB F8 B0 DD 95 68 AF 31 [binary data]
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://crackspider.net/ie/assist.php
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Haden\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/13 22:22:23 | 000,000,000 | ---D | M]

[2009/03/15 13:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Extensions
[2009/03/15 13:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2011/10/19 14:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions
[2011/07/18 14:42:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/06 10:40:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 08:42:27 | 000,000,000 | ---D | M] (EmailTheWeb.com) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{73c39a20-8768-4a82-8b43-fc9535715c5c}
[2010/10/15 12:53:34 | 000,000,000 | ---D | M] (Operator) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
[2009/10/05 08:42:30 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/24 15:19:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/03/03 19:03:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Haden\Application Data\Mozilla\Firefox\Profiles\default.9wr\extensions\moveplayer@movenetworks.com
[2011/10/19 14:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/10/07 21:07:44 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2005/04/27 17:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2003/06/26 21:21:12 | 000,196,608 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/10/18 11:00:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} Reg Error: Value error. (Scanner.SysScanner)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.6008680556 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Value error.)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab (Yahoo! Toolbar)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{766BF9B8-F84B-46AB-B7B8-12EC9FE27E25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE829B44-0F20-480F-BAB0-581E2E48D878}: NameServer = 68.237.161.12,71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Haden\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Haden\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 15:21:17 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/19 15:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/10/19 15:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/10/19 15:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/10/19 15:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/10/19 14:18:53 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Haden\Desktop\tdsskiller.exe
[2011/10/18 09:47:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/18 09:21:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/18 09:21:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/18 09:21:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/18 09:21:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/18 09:20:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/18 09:14:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/18 09:11:58 | 004,264,218 | R--- | C] (Swearware) -- C:\Documents and Settings\Haden\Desktop\ComboFix.exe
[2011/10/17 13:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\Wise Registry Cleaner
[2011/10/17 12:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2011/10/17 12:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2011/10/14 16:33:49 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/14 12:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\SUPERAntiSpyware.com
[2011/10/13 14:10:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Haden\Desktop\dds.scr
[2011/10/13 11:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/13 11:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/13 11:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/13 11:30:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/13 10:17:11 | 000,000,000 | ---D | C] -- C:\amonia
[2011/10/12 22:19:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of taskmgr.exe
[2011/10/12 22:17:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (2) of taskmgr.exe
[2011/10/12 22:16:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of taskmgr.exe
[2011/10/12 21:52:27 | 000,000,000 | ---D | C] -- C:\rsit
[2011/10/12 21:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/12 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\AVG2012
[2011/10/12 17:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/12 16:57:58 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/10/12 16:48:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/12 16:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/12 16:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\Application Data\Simply Super Software
[2011/10/12 15:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011/10/12 15:55:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011/10/12 15:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/10/12 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/10/12 13:29:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/12 12:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/12 12:53:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/12 12:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/11 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/11 17:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haden\My Documents\Simply Super Software
[2011/10/11 17:37:24 | 011,779,704 | ---- | C] (Simply Super Software ) -- C:\trjsetup682.exe
[2011/10/11 16:45:48 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/10/11 14:10:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\firefox.exe
[2011/10/11 12:58:22 | 000,000,000 | ---D | C] -- C:\sysinternals
[2011/10/11 12:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/05 12:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011/10/03 10:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/29 18:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/29 18:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2004/12/14 15:04:29 | 000,036,963 | ---- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/19 15:21:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/19 15:19:21 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/10/19 15:19:21 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/19 14:26:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/19 14:19:16 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\Haden\Desktop\Norton_Removal_Tool.exe
[2011/10/19 14:18:53 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Haden\Desktop\tdsskiller.exe
[2011/10/19 14:11:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/19 14:10:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/10/19 13:26:15 | 000,001,192 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/10/18 11:39:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5e5533d-00da-4b08-bb93-24e94a9181f8.job
[2011/10/18 11:00:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/10/18 09:22:59 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Haden\Desktop\SecurityCheck.exe
[2011/10/18 09:17:46 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/18 09:12:07 | 004,264,218 | R--- | M] (Swearware) -- C:\Documents and Settings\Haden\Desktop\ComboFix.exe
[2011/10/17 13:23:32 | 000,458,320 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/10/17 13:23:32 | 000,097,246 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/17 13:20:06 | 001,594,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/17 13:00:00 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/10/17 12:59:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/10/17 10:24:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/14 16:33:36 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/14 16:17:24 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8a31c8c6-59e2-4580-b7f1-548c0a51db36.job
[2011/10/13 18:33:13 | 000,000,436 | ---- | M] () -- C:\FILES00
[2011/10/13 18:33:13 | 000,000,000 | ---- | M] () -- C:\temp00
[2011/10/13 18:33:13 | 000,000,000 | ---- | M] () -- C:\f3m0.dat
[2011/10/13 18:33:13 | 000,000,000 | ---- | M] () -- C:\Created00
[2011/10/13 18:33:12 | 000,000,000 | ---- | M] () -- C:\WhiteDir
[2011/10/13 13:49:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Haden\Desktop\dds.scr
[2011/10/13 11:39:19 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/10/13 11:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2822197643
[2011/10/12 21:26:22 | 000,781,383 | ---- | M] () -- C:\RSIT.exe
[2011/10/12 18:39:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/12 16:35:44 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 13:49:45 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/12 13:34:22 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\housecall.guid.cache
[2011/10/11 17:45:23 | 805,306,368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/10/11 13:24:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\firefox.exe
[2011/10/03 18:49:26 | 011,779,704 | ---- | M] (Simply Super Software ) -- C:\trjsetup682.exe
[2011/10/03 11:06:47 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\ff6bd702
[2011/10/03 11:06:12 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\1fb628fd
[2011/09/29 18:10:44 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\7713d802
[2011/09/29 15:12:55 | 000,008,154 | ---- | M] () -- C:\Documents and Settings\Haden\Application Data\0813a0f8
[2011/09/26 14:56:16 | 000,001,120 | ---- | M] () -- C:\WINDOWS\System32\index.xml
[2011/09/21 15:45:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Haden\My Documents\PDVD_MediaDisc.PlayList
[2011/09/21 11:52:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/19 15:19:21 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/10/19 15:19:21 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/19 14:19:16 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\Haden\Desktop\Norton_Removal_Tool.exe
[2011/10/18 09:48:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/18 09:48:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/18 09:22:58 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Haden\Desktop\SecurityCheck.exe
[2011/10/18 09:21:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/18 09:21:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/18 09:21:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/18 09:21:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/18 09:21:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 13:00:00 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/10/17 12:59:59 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/10/14 14:02:58 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8a31c8c6-59e2-4580-b7f1-548c0a51db36.job
[2011/10/13 14:15:31 | 000,000,000 | ---- | C] () -- C:\f3m0.dat
[2011/10/13 14:15:30 | 000,000,000 | ---- | C] () -- C:\temp00
[2011/10/13 14:15:29 | 000,000,436 | ---- | C] () -- C:\FILES00
[2011/10/13 14:15:29 | 000,000,000 | ---- | C] () -- C:\WhiteDir
[2011/10/13 14:15:29 | 000,000,000 | ---- | C] () -- C:\Created00
[2011/10/13 14:10:25 | 000,302,592 | ---- | C] () -- C:\iexplore.exe
[2011/10/13 11:39:39 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a5e5533d-00da-4b08-bb93-24e94a9181f8.job
[2011/10/13 11:39:19 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/10/12 21:51:49 | 000,781,383 | ---- | C] () -- C:\RSIT.exe
[2011/10/12 15:55:49 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/10/12 15:55:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/10/12 15:55:48 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/10/12 13:49:12 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/12 13:34:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\housecall.guid.cache
[2011/09/29 18:58:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/29 15:32:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2822197643
[2011/09/26 10:58:30 | 000,008,154 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\0813a0f8
[2011/09/21 16:42:57 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\7713d802
[2011/09/21 15:52:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\1fb628fd
[2011/09/21 14:10:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\ff6bd702
[2011/03/03 18:44:10 | 000,000,575 | ---- | C] () -- C:\WINDOWS\BADMOJO.INI
[2011/03/01 18:50:17 | 000,000,076 | ---- | C] () -- C:\WINDOWS\eregreg.ini
[2011/03/01 18:49:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IFORCE.DLL
[2010/10/07 09:22:32 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/09/19 20:29:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 17:22:03 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2010/04/30 17:22:03 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2010/02/12 21:27:02 | 001,004,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/29 09:39:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\PUTTY.RND
[2009/01/24 13:50:46 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/25 14:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/05/26 17:59:29 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/21 10:32:57 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/05/21 10:32:57 | 000,029,188 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/04/15 13:51:06 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\AutoGK.ini
[2008/04/15 13:46:38 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/04/08 13:54:32 | 000,007,966 | ---- | C] () -- C:\WINDOWS\TNT_BMNC.EXE
[2008/02/29 13:51:49 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/02/18 16:22:02 | 000,001,099 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/02/18 16:14:00 | 000,001,238 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2008/02/09 15:11:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\hde.dll
[2008/02/03 14:06:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/12/06 18:56:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/10/22 11:24:23 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/24 11:34:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/25 09:24:28 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/27 11:03:45 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/18 21:29:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/22 13:58:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/17 12:24:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/11/05 13:41:06 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/27 17:47:42 | 000,009,317 | ---- | C] () -- C:\WINDOWS\Froggersetup.ini
[2006/03/22 16:56:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/03/22 10:54:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\PLAY-DOH.INI
[2006/03/02 22:42:50 | 000,000,629 | ---- | C] () -- C:\WINDOWS\tlknw6.ini
[2006/02/22 15:50:04 | 000,000,133 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/02/20 01:01:38 | 000,002,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/18 23:37:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MksRegEdit.INI
[2006/02/18 21:22:14 | 000,000,872 | ---- | C] () -- C:\WINDOWS\rprtvwr.ini
[2006/02/13 22:48:49 | 000,000,733 | ---- | C] () -- C:\WINDOWS\wldtlk5.ini
[2006/02/13 22:33:47 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2006/02/12 13:31:29 | 000,001,097 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2006/02/08 16:53:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\itechmonXP.dll
[2006/01/31 16:18:29 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2006/01/31 16:16:54 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\RepUtil.DLL
[2006/01/31 15:49:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/01/26 17:35:24 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2006/01/25 13:52:08 | 000,000,190 | ---- | C] () -- C:\WINDOWS\Qtw.ini
[2006/01/12 15:16:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\SC2K4WIN.INI
[2005/11/22 14:50:18 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\rx_audio.Cache
[2005/11/22 14:48:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\rx_image.Cache
[2005/10/11 12:50:28 | 000,000,076 | ---- | C] () -- C:\WINDOWS\gifcon.ini
[2005/08/29 18:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/14 10:56:25 | 000,133,632 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2005/06/21 15:57:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/30 21:57:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/05/13 15:09:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\dm.ini
[2005/04/21 22:48:13 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2005/04/21 22:47:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/04/16 15:54:09 | 000,000,357 | ---- | C] () -- C:\WINDOWS\farmmext (1).ini
[2005/04/08 15:21:00 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
[2005/04/04 21:27:59 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\msdrvn.drv
[2005/04/02 23:11:59 | 000,065,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2005/03/27 14:50:19 | 000,018,944 | ---- | C] () -- C:\WINDOWS\eraser.exe
[2005/03/26 18:05:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/03/24 23:44:20 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2005/03/24 23:44:19 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2005/03/24 23:43:50 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2005/03/24 23:43:50 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2005/03/24 23:43:46 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/01/21 13:45:23 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/01/20 19:16:29 | 000,008,018 | ---- | C] () -- C:\WINDOWS\7thLevel.ini
[2005/01/11 12:10:32 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/12/23 13:11:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\imageCache7.db
[2004/11/20 15:34:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/20 15:34:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/20 15:34:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/20 15:34:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/20 15:34:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/20 15:34:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/11 20:59:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/08 14:22:23 | 000,004,271 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2004/09/23 18:16:57 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2004/09/23 18:16:50 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2004/09/08 19:04:54 | 000,000,646 | ---- | C] () -- C:\WINDOWS\NETG.INI
[2004/09/06 11:22:46 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2004/08/10 22:29:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BFFGHLMQ.ini
[2004/08/03 21:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 21:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 21:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 21:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 21:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 21:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 21:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 21:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 21:07:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/21 16:12:25 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Haden.ini
[2004/07/08 22:49:33 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/05/29 23:52:24 | 000,000,476 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/16 21:39:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/05/12 21:53:30 | 000,105,168 | ---- | C] () -- C:\WINDOWS\MozillaUninstall.exe
[2004/05/12 21:53:24 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/05/12 21:53:23 | 000,016,116 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/10 23:18:18 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/02 17:16:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/05/02 16:28:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/01 23:28:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/04/27 22:00:33 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\PFP110JPR.{PB
[2004/04/27 22:00:33 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Haden\Application Data\PFP110JCM.{PB
[2004/04/16 22:07:10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\fusioncache.dat
[2004/04/09 19:31:22 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Haden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/01 21:20:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/01 21:14:07 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/01 21:11:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/01 20:59:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/04/01 20:57:30 | 000,458,320 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/04/01 20:57:30 | 000,097,246 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/04/01 20:45:18 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/22 19:00:48 | 001,594,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/22 18:59:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/22 18:58:10 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/01/05 03:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1996/11/17 02:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\whiteHat2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\whiteHat.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\MrChubby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\harmonica2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\harmonica1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\gymboree.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\GandD.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\Exiting.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\broom2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\bromm.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Haden\My Documents\Bday1.jpg:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 19 October 2011 - 07:52 PM

Hi-

If I picked up an infection, the first thing I would do is to drop all connections to the network and then I would run Malwarebytes' Anti-Malware. After running MBAM, I would connect back to the network, download the latest updates to MBAM, drop the network again, and run MbAM again. After that, I would reconnect, go to Bleeping Computer and follow the steps in the preparation guide.

Yes, ComboFix did find a zero access infection. Now we will address some of the problems that zero access brings with it - hidden files and lack of permissions.

First, download and run Unhide by Grinler.

Next, please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe under C:\
  • Copy and paste the text inside the code box below into Notepad.

    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0
    
  • Save it to your desktop as File name: junc.bat (Save as type: All Files).
  • Double click on junc.bat
  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste the content of the log file into your next reply

Hopefully, you will now be able to see your hidden file. With the log from Junction.exe, we should be able to fix the permissions problem.
Shannon

#9 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 20 October 2011 - 11:27 AM

Hi Shannon,
Thanks so much for taking the time to respond to my questions. I definitely follow your suggestions.

Unfortunately, unhide, didn't work for me. Ran it twice, 2nd time with ZoneAlarm shut down. Don't believe MBAM is loaded by default. I checked Documents and Settings/All Users/Start Menu/Programs and when I click on the program group icons (Windows Support Tools, for example) they're mostly missing. Maybe I just have to create shortcuts manually? unless you know of a different tool that can automate this.

Here's the log.txt from junction.bat
Thanks again.

Haden

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\found.000\DVDVolume: Access is denied.



Failed to open \\?\c:\\found.000\frogger: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\Trend Micro\HiJackThis\HiJackThis.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Trojan Remover\Trjscan.exe: Access is denied.


..

...

...

...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


...

...

...

...

\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.0.335.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.0.335.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f

...

...

...

...

...

...

...

...

...

...

...

.

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 20 October 2011 - 09:04 PM

Hi-

For what you are having trouble with seeing, let's try this -

1. Copy the entire content of this folder:
C:\Documents and Settings\haden\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu

2. Copy the entire content of this folder:
C:\Documents and Settings\haden\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\haden\Application Data\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Documents and Settings\haden\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\haden\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Documents and Settings\haden\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop

This should help with the permissions problems-

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and run GrantPerms.exe .
Copy and paste the following in the edit box:

c:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe.
c:\Program Files\Trojan Remover\Trjscan.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

In your reply, let me know how the copies went and if they fixed the problem. Also, copy in the contents of Perms.txt file.
Shannon

#11 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 October 2011 - 11:38 AM

Hi Shannon,

Unfortunately, I couldn't test any of the four steps you asked me to try because there is no \smtmp folder in c:\Documents and Settings\haden\Local Settings\Temp. Did you see it an earlier scan log? I did run Wise Registry Cleaner yesterday and sometime earlier I seem to recall a scan program asking permission to empty a temp folder (not sure which one) and clicked OK, so I may have deleted it.

After running grantperms.exe (see log below), I tried to run HiJackThis.exe myself and got the "Windows cannot access the the specified device, path or file. You may not have the appropriate permissions..." message. However, I was able to run trjscan.exe.

Just to go back to an earlier question about booting into Safe Mode....I gather from your response you don't think it's particularly useful or even necessary to clear out an infection. Is that right?

Thanks again.
Haden

GrantPerms by Farbar
Ran by Haden at 2011-10-21 11:48:14

===============================================
ERROR: Parsing the SD of <\\?\c:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe.> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
\\?\c:\Program Files\Trojan Remover\Trjscan.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 21 October 2011 - 04:32 PM

Hi-

By clearing out temps, you shot yourself in the foot. We will go after it a different way.

You can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:

For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.

I messed up in my last posting by having an extra period following the HiJackThis.exe so we need to try again.

Run GrantPerms.exe .
Copy and paste the following in the edit box:

c:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

In your reply, let me know how the restores went and copy in the contents of the Perms.txt.

Booting in Safe Mode by itself does not clear out any infections. You might need to boot into Safe Mode to run software to clear infections if you can not clear the infections in normal mode. Software like ComboFix works better in normal mode.
Shannon

#13 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 22 October 2011 - 12:18 PM

Hi Shannon,

So, both of the restore utilities worked fine. I have Admin Tools and Accessories back. Now, I'll recreate the shortcuts for the programs I really need. So, I'm good to go!

Thanks so much for your assistance and for answering my questions!
Peace,
Haden


GrantPerms by Farbar
Ran by Haden at 2011-10-22 13:18:06

===============================================
\\?\c:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:58 PM

Posted 22 October 2011 - 02:38 PM

Hi-

Sounds like things are getting back to normal. There is more to do though. First, we need to clean up your system and take one more check of the system. If all goes well, we will clean off the tools next pass.

We need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (I81xadvtrtsa)
IE - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://crackspider.net/ie/assist.php
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38093.6008680556 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Value error.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2003/06/26 21:21:12 | 000,196,608 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
:commands
[emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.
Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Next, I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

In your reply, please copy in the contents of the OTL Fix, the MBAM, and the ESET OnlineScan reports.
Shannon

#15 haden

haden
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 October 2011 - 09:07 PM

Hello Shannon,

So, I ran OTL, mbam.exe and eSet in the order you asked me to.

As you'll see MBAM reported no threats but eSet found 2; strange, since it didn't flag these two items in an earlier scan. They're both files that have been sitting around for years, 2008, and 2001 respectively. Should I remove them?

It surprised me that OTL Run Fix found over 400 MB of stuff to remove. Maybe some of this was in the Recycle bin but hadn't but hadn't been emptied? I'm curious about what you had me paste into the Custom Scans/Fixs textbox. Was that output from the last OTL scan that you selected items to remove?

So, whaddya think?

Best,
Haden


All processes killed
========== OTL ==========
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Service I81xadvtrtsa stopped successfully!
Service I81xadvtrtsa deleted successfully!
HKU\S-1-5-21-3573410393-1556227526-1808440106-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant_bak| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3573410393-1556227526-1808440106-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3573410393-1556227526-1808440106-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {640B39C1-D713-464F-92C3-75BD972B95EE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 1503301 bytes

User: All Users

User: declan
->Temp folder emptied: 1088763 bytes
->Temporary Internet Files folder emptied: 111357054 bytes
->Java cache emptied: 1190748 bytes
->Flash cache emptied: 4457 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Haden
->Temp folder emptied: 46146636 bytes
->Temporary Internet Files folder emptied: 1160630 bytes
->Java cache emptied: 101576362 bytes
->FireFox cache emptied: 109054606 bytes
->Opera cache emptied: 20278671 bytes
->Flash cache emptied: 7367489 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12729 bytes
->Flash cache emptied: 15558 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2418896 bytes
%systemroot%\System32 .tmp files removed: 3470097 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15990 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 20006187 bytes

Total Files Cleaned = 407.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10242011_113158

Files\Folders moved on Reboot...
C:\Documents and Settings\Haden\Local Settings\Temp\~DF9C72.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT073a2.TMP not found!

Registry entries deleted on Reboot...
************************************************************
-*Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8012

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/24/2011 4:06:46 PM
mbam-log-2011-10-24 (16-06-46).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 451700
Time elapsed: 3 hour(s), 48 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
*******************************************
eSetScan.txt - List of Threats

C:\Agent\Data\Ultimate.Recovery.CD.2008.52.In.1-AGNzB\Ultimate Recovery CD 2008.iso multiple threats
E:\News Group Toolkit1.5\News Group - Apps\NewShark v1.1.1\advert1.zip a variant of Win32/Adware.Aureate application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users