Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home Security 2012 removed, google redirects and system fix program present


  • This topic is locked This topic is locked
40 replies to this topic

#1 qtaqq

qtaqq

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 18 December 2011 - 05:56 AM

I was told to post in this forum from the Am I infected? What do I do? forum, http://www.bleepingcomputer.com/forums/topic433058.html.

Again, the background on the problem. The other day when I started the computer it said it restarted automatically after a windows update. Then after a minute after start up it said yahoo toolbar had been updated as well and I clicked OK. I then went to open firefox and it seemed as if I had no internet connection and then I restarted firefox since it was not opening anything, upon doing a search on google for the urban dictionary I was sent a redirect and then started to get fake warning saying my system was infected I closed out those windows with the upper right X, and then looked up the name of the fake program and was redirected a few more times. I followed the guide on this website and performed everything it said http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012,
I also followed this guide http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller, and ran tdss killer as stated, it didn't find anything.

Upon the first run of malware bytes it did remove XP home security 2012, but I was still getting redirects when using google search and yahoo. I ran malware bytes again and it didn't find anything the 2nd time, because I was still getting redirects I ran ad aware and it found some supposed trojans and removed those. After restarting I was still getting redirects and I seen on google how some people said spybot S&D fixed the problem, I ran spybot S&D and it removed some files it suspected as malware or trojans. Still getting redirects, so I installed zone alarm pro, I noticed IP's other than our router trying to access the computer so I blocked them, then zone alarm blocked an .exe from completing and since then I have been getting System Fix (I suspect is fake) and numerous popups that state my memory is faulty and it crashes firefox frequently. I cannot X out the windows and cannot start task manager to shut them down. After running malware bytes for the Help I'm Infected forum, I have since not gotten popup but am still getting redirects. I still am missing many icons from the start menu (picture attached).

Following Broni's instructions I began following this guide http://www.bleepingcomputer.com/forums/topic34773.html and have started at step 6 and have gotten to step 8 right before unchecking some items. The question I have is the C: drive is listed as System Reserved, should I still only use the C: drive or should I check D: drive as well? I have attached a picture of the my computer window. I also have a question regarding my external hardrive I had connected at the time of this infection, should I plug that in while running any scans?

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
Run by tyler at 4:31:17 on 2011-12-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.594 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CheckPoint\ZAForceField\ForceField.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\lxdncoms.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\iZ3D Driver\Win32\S3DCService.exe
D:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\wanmpsvc.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\Program Files\Common Files\AOL\1284821555\ee\AOLSoftware.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\program files\real\realplayer\update\realsched.exe
D:\Program Files\Carbonite\CarbonitePreinstaller.exe
D:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
D:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
D:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
D:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
D:\Program Files\Lexmark 2600 Series\lxdnmon.exe
D:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\America Online 9.0d\aoltray.exe
D:\Program Files\GamersFirst\LIVE!\Live.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.skype.com/go/help.guides.ieaddon?lang=EN
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - d:\program files\zonealarm_security\prxtbZone.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - d:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - d:\program files\adawaretb\adawareDx.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - d:\program files\zonealarm_security\prxtbZone.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - d:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - d:\program files\adawaretb\adawareDx.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - d:\program files\zonealarm_security\prxtbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "d:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "d:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] d:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] d:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] d:\program files\nero\nero 7\incd\InCD.exe
mRun: [HostManager] d:\program files\common files\aol\1284821555\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [VirtualCloneDrive] "d:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [CarboniteSetupLite] "d:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "d:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [DiscWizardMonitor.exe] d:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] d:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "d:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [lxdnmon.exe] "d:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "d:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "d:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Ad-Aware Browsing Protection] "d:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [ISW] "d:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "d:\program files\checkpoint\zonealarm\zatray.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: d:\docume~1\tyler\startm~1\programs\startup\seagat~1.lnk - d:\documents and settings\tyler\application data\leadertech\powerregister\Seagate 2GEWS9TC Product Registration.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - d:\program files\america online 9.0d\aoltray.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\gamers~1.lnk - d:\program files\gamersfirst\live!\Live.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - d:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EA207ED5-F3DF-4ED2-9274-C5382150EA5F} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\tyler\application data\mozilla\firefox\profiles\jhxdcmx4.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p=
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: d:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: d:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2011-12-16 64512]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2010-12-20 28552]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iz3d driver\win32\S3DInjectionDriver.sys [2010-9-21 34968]
R1 Vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 FreeAgentGoNext Service;Seagate Service;d:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;d:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;d:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-12 2152152]
R2 lxdn_device;lxdn_device;d:\windows\system32\lxdncoms.exe -service --> d:\windows\system32\lxdncoms.exe -service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-17 2214504]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iz3d driver\win32\S3DCService.exe [2010-9-21 360960]
R2 SgtSch2Svc;Seagate Scheduler2 Service;d:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R2 vsmon;TrueVector Internet Monitor;d:\program files\checkpoint\zonealarm\vsmon.exe -service --> d:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-5-23 136176]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2011-12-13 98984]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\eaglexnt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-12 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 P0630VID;Creative WebCam Live!;d:\windows\system32\drivers\P0630Vid.sys [2010-9-10 91797]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-17 22:59:27 353536 ----a-w- d:\documents and settings\all users\application data\mo6GMxaCAlEGNF.exe
2011-12-17 22:42:31 -------- d-----w- d:\documents and settings\tyler\application data\CheckPoint
2011-12-17 22:42:13 -------- d-----w- d:\program files\Conduit
2011-12-17 22:42:11 -------- d-----w- d:\documents and settings\tyler\local settings\application data\ZoneAlarm_Security
2011-12-17 22:42:10 -------- d-----w- d:\documents and settings\tyler\local settings\application data\Temp
2011-12-17 22:42:10 -------- d-----w- d:\documents and settings\tyler\local settings\application data\Conduit
2011-12-17 22:42:09 -------- d-----w- d:\program files\ZoneAlarm_Security
2011-12-17 22:41:13 -------- d-----w- d:\documents and settings\all users\application data\CheckPoint
2011-12-17 22:29:02 -------- d-----w- d:\program files\CheckPoint
2011-12-17 20:00:39 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-12-16 21:04:14 101720 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-12-16 21:00:37 -------- d-----w- d:\documents and settings\tyler\local settings\application data\adaware
2011-12-16 21:00:34 -------- d-----w- d:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-12-16 21:00:28 -------- d-----w- d:\program files\Toolbar Cleaner
2011-12-16 20:59:51 -------- d-----w- d:\documents and settings\tyler\application data\adawaretb
2011-12-16 20:59:35 -------- d-----w- d:\program files\adawaretb
2011-12-16 20:57:53 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-12-16 20:56:51 -------- d-----w- d:\program files\Lavasoft
2011-12-16 18:48:18 -------- d-----w- D:\Data
2011-12-16 16:06:58 -------- d-----w- d:\documents and settings\tyler\application data\Malwarebytes
2011-12-16 16:06:53 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-12-16 16:06:50 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-16 16:06:50 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-16 14:26:44 -------- d-----w- d:\documents and settings\tyler\application data\FaxCtr
2011-12-13 17:49:34 -------- d-----w- d:\documents and settings\tyler\application data\Lexmark Productivity Studio
2011-12-13 17:48:55 -------- d-----w- d:\documents and settings\all users\Lx_cats
2011-12-13 17:46:57 -------- d-----w- D:\logs
2011-12-13 17:46:42 40960 ----a-w- d:\windows\system32\lxdnvs.dll
2011-12-13 17:46:41 348160 ----a-w- d:\windows\system32\lxdncoin.dll
2011-12-13 17:46:41 115200 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
2011-12-13 17:46:29 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2011-12-13 17:46:29 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2011-12-13 17:46:20 87040 -c--a-w- d:\windows\system32\dllcache\wiafbdrv.dll
2011-12-13 17:46:20 87040 ----a-w- d:\windows\system32\wiafbdrv.dll
2011-12-13 17:46:07 81920 ----a-w- d:\windows\system32\lxdncaps.dll
2011-12-13 17:46:07 782336 ----a-w- d:\windows\system32\lxdndrs.dll
2011-12-13 17:46:06 69632 ----a-w- d:\windows\system32\lxdncnv4.dll
2011-12-13 17:45:45 45056 ----a-w- d:\windows\system32\LXF3PMON.DLL
2011-12-13 17:45:45 32768 ----a-w- d:\windows\system32\LXF3FXPU.DLL
2011-12-13 17:45:25 98345 ----a-w- d:\windows\system32\IMHOST32.DLL
2011-12-13 17:45:25 98304 ----a-w- d:\windows\system32\IM31XPNG.DEL
2011-12-13 17:45:25 69632 ----a-w- d:\windows\system32\IM31XTIF.DEL
2011-12-13 17:45:25 53248 ----a-w- d:\windows\system32\lxf3oem.dll
2011-12-13 17:45:25 49152 ----a-w- d:\windows\system32\IM31IMG.DIL
2011-12-13 17:45:25 339968 ----a-w- d:\windows\system32\IMGMAN32.DLL
2011-12-13 17:45:25 12288 ----a-w- d:\windows\system32\LXF3PMRC.DLL
2011-12-13 17:45:18 -------- d-----w- d:\documents and settings\all users\application data\FaxCtr
2011-12-13 17:45:10 -------- d-----w- d:\program files\Lexmark Fax Solutions
2011-12-13 17:44:52 -------- d-----w- d:\program files\Abbyy FineReader 6.0 Sprint
2011-12-13 17:44:02 -------- d-----w- d:\program files\Lexmark Toolbar
2011-12-12 13:48:54 36864 ----a-w- d:\windows\system32\drivers\AmdK8.sys
2011-12-12 13:48:35 -------- d-----w- d:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-12-12 13:41:11 -------- d-----w- d:\program files\Vogster Entertainment
2011-12-12 03:47:14 -------- d-----w- D:\crimecraft
2011-12-11 09:39:17 -------- d-----w- D:\tryingtofixdrive
2011-12-11 09:26:27 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2011-12-11 09:26:27 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2011-12-11 09:26:07 132224 ----a-w- d:\windows\system32\drivers\snapman.sys
2011-12-11 09:26:03 368480 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2011-12-11 09:25:48 -------- d-----w- d:\program files\common files\Seagate
2011-12-11 09:05:27 -------- d-----w- d:\documents and settings\tyler\local settings\application data\GamersFirst LIVE!
2011-12-11 09:05:10 -------- d-----w- d:\documents and settings\tyler\local settings\application data\PMB Files
2011-12-11 09:05:07 -------- d-----w- d:\documents and settings\all users\application data\PMB Files
2011-12-11 09:04:59 -------- d-----w- d:\program files\Pando Networks
2011-12-11 09:04:44 -------- d-----w- d:\program files\GamersFirst
2011-12-11 09:04:21 -------- d-----w- D:\apb
2011-12-11 09:00:41 -------- d-----w- d:\program files\MSXML 4.0
2011-12-11 04:06:41 -------- d-----w- d:\program files\Seagate
2011-12-11 04:06:41 -------- d-----w- d:\documents and settings\all users\application data\Seagate
2011-12-11 04:05:43 -------- d-----w- d:\documents and settings\tyler\local settings\application data\Downloaded Installations
2011-12-11 04:04:29 -------- d-----w- d:\program files\Carbonite
2011-12-11 03:50:35 12160 -c--a-w- d:\windows\system32\dllcache\mouhid.sys
2011-12-11 03:50:35 12160 ----a-w- d:\windows\system32\drivers\mouhid.sys
2011-12-11 03:50:30 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2011-12-11 03:50:30 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
.
==================== Find3M ====================
.
2011-12-18 01:20:23 1409 ----a-w- d:\windows\QTFont.for
2011-12-15 12:51:04 140496 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2011-12-15 12:50:59 280736 ----a-w- d:\windows\system32\PnkBstrB.xtr
2011-12-15 12:50:59 280736 ----a-w- d:\windows\system32\PnkBstrB.exe
2011-12-15 03:37:05 280736 ----a-w- d:\windows\system32\PnkBstrB.ex0
2011-12-11 21:00:46 138056 ----a-w- d:\documents and settings\tyler\application data\PnkBstrK.sys
2011-12-11 21:00:19 75136 ----a-w- d:\windows\system32\PnkBstrA.exe
2011-11-23 13:25:32 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-01 20:35:20 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- d:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- d:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- d:\windows\system32\html.iec
2011-10-28 05:31:48 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- d:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- d:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- d:\windows\system32\oleaccrc.dll
.
============= FINISH: 4:32:21.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 20 December 2011 - 03:58 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like you're infected with an infection called ZAccess among many other things going on with your computer.

Please yield the following warning:


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 20 December 2011 - 02:51 PM

Hi Agent ST,

Before I start running any of the scans I was wondering if I might be able to check a certain file, through the properties to see maybe around the time it was created? Since it's a backdoor trojan and password stealer I might be able to figure out how many passwords to change. This is my brother's old computer which I borrowed to clone my possible failing drive. If the infection didn't occur until I started noticing visual signs I should be ok since I only tried to play one game online since then. If it was before then I would have my brother change a lot of his passwords since he does online banking. The other question I have is since you can't guarantee it will be 100% secure do you think after cleanup it would be safe to attempt my clone drive yet?

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 21 December 2011 - 03:03 AM

Hi qtaqq!

Before I start running any of the scans I was wondering if I might be able to check a certain file, through the properties to see maybe around the time it was created?

Unfortunately, that's not possible. If this were my computer, I'd change all of my passwords that were used to log on using this computer. I would use a clean computer to change the passwords.

The other question I have is since you can't guarantee it will be 100% secure do you think after cleanup it would be safe to attempt my clone drive yet?

It's really hard with malware as many times it has a mind of it's own, and as I've said there are no 100% guarantees with malware; however, I do think you're computer will be in much better shape than when you first posted on the forums.

I hope that answered your questions.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 21 December 2011 - 09:11 AM

If this were my computer, I'd change all of my passwords that were used to log on using this computer.



Ok, I'll let him know then especially for the online banking and I'll change the passwords I've used for some online games.

I ran TDSSKiller, here is the log:

07:24:39.0109 3508 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
07:24:40.0265 3508 ============================================================
07:24:40.0265 3508 Current date / time: 2011/12/21 07:24:40.0265
07:24:40.0265 3508 SystemInfo:
07:24:40.0265 3508
07:24:40.0265 3508 OS Version: 5.1.2600 ServicePack: 3.0
07:24:40.0265 3508 Product type: Workstation
07:24:40.0265 3508 ComputerName: TYLER-DA18647FA
07:24:40.0265 3508 UserName: tyler
07:24:40.0265 3508 Windows directory: D:\WINDOWS
07:24:40.0265 3508 System windows directory: D:\WINDOWS
07:24:40.0265 3508 Processor architecture: Intel x86
07:24:40.0265 3508 Number of processors: 2
07:24:40.0265 3508 Page size: 0x1000
07:24:40.0265 3508 Boot type: Normal boot
07:24:40.0265 3508 ============================================================
07:24:42.0015 3508 Initialize success
07:24:49.0234 5852 ============================================================
07:24:49.0234 5852 Scan started
07:24:49.0234 5852 Mode: Manual; SigCheck; TDLFS;
07:24:49.0234 5852 ============================================================
07:24:52.0796 5852 Abiosdsk - ok
07:24:52.0921 5852 abp480n5 - ok
07:24:53.0031 5852 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
07:24:54.0812 5852 ACPI - ok
07:24:55.0000 5852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
07:24:55.0171 5852 ACPIEC - ok
07:24:55.0296 5852 ADIHdAudAddService (ab0d9669bab1009e48cc91117e59912b) D:\WINDOWS\system32\drivers\ADIHdAud.sys
07:24:55.0421 5852 ADIHdAudAddService - ok
07:24:55.0453 5852 adpu160m - ok
07:24:55.0484 5852 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) D:\WINDOWS\system32\drivers\AEAudio.sys
07:24:55.0578 5852 AEAudio - ok
07:24:55.0718 5852 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
07:24:55.0906 5852 aec - ok
07:24:55.0953 5852 AFD (1e44bc1e83d8fd2305f8d452db109cf9) D:\WINDOWS\System32\drivers\afd.sys
07:24:56.0000 5852 AFD - ok
07:24:56.0031 5852 Aha154x - ok
07:24:56.0109 5852 aic78u2 - ok
07:24:56.0140 5852 aic78xx - ok
07:24:56.0156 5852 AliIde - ok
07:24:56.0203 5852 AmdK8 (efbb0956baed786e137351b5ca272aef) D:\WINDOWS\system32\DRIVERS\AmdK8.sys
07:24:56.0250 5852 AmdK8 - ok
07:24:56.0265 5852 amsint - ok
07:24:56.0296 5852 Arp1394 (b5b8a80875c1dededa8b02765642c32f) D:\WINDOWS\system32\DRIVERS\arp1394.sys
07:24:56.0421 5852 Arp1394 - ok
07:24:56.0453 5852 asc - ok
07:24:56.0468 5852 asc3350p - ok
07:24:56.0484 5852 asc3550 - ok
07:24:56.0531 5852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:24:56.0671 5852 AsyncMac - ok
07:24:56.0703 5852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
07:24:56.0812 5852 atapi - ok
07:24:56.0843 5852 Atdisk - ok
07:24:56.0875 5852 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:24:56.0984 5852 Atmarpc - ok
07:24:57.0031 5852 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
07:24:57.0187 5852 audstub - ok
07:24:57.0218 5852 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
07:24:57.0390 5852 Beep - ok
07:24:57.0437 5852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
07:24:57.0578 5852 cbidf2k - ok
07:24:57.0625 5852 CCDECODE (0be5aef125be881c4f854c554f2b025c) D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:24:57.0734 5852 CCDECODE - ok
07:24:57.0750 5852 cd20xrnt - ok
07:24:57.0781 5852 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
07:24:57.0937 5852 Cdaudio - ok
07:24:57.0953 5852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
07:24:58.0078 5852 Cdfs - ok
07:24:58.0140 5852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
07:24:58.0250 5852 Cdrom - ok
07:24:58.0281 5852 Changer - ok
07:24:58.0312 5852 CmdIde - ok
07:24:58.0343 5852 Cpqarray - ok
07:24:58.0375 5852 dac2w2k - ok
07:24:58.0390 5852 dac960nt - ok
07:24:58.0406 5852 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
07:24:58.0531 5852 Disk - ok
07:24:58.0578 5852 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
07:24:58.0734 5852 dmboot - ok
07:24:58.0765 5852 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
07:24:58.0875 5852 dmio - ok
07:24:58.0890 5852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
07:24:59.0031 5852 dmload - ok
07:24:59.0078 5852 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
07:24:59.0218 5852 DMusic - ok
07:24:59.0234 5852 dpti2o - ok
07:24:59.0281 5852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
07:24:59.0390 5852 drmkaud - ok
07:24:59.0406 5852 EagleXNt - ok
07:24:59.0453 5852 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) D:\WINDOWS\system32\Drivers\ElbyCDIO.sys
07:24:59.0484 5852 ElbyCDIO - ok
07:24:59.0531 5852 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
07:24:59.0656 5852 Fastfat - ok
07:24:59.0703 5852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys
07:24:59.0921 5852 Fdc - ok
07:24:59.0968 5852 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
07:25:00.0109 5852 Fips - ok
07:25:00.0140 5852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:25:00.0250 5852 Flpydisk - ok
07:25:00.0281 5852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys
07:25:00.0406 5852 FltMgr - ok
07:25:00.0437 5852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
07:25:00.0578 5852 Fs_Rec - ok
07:25:00.0609 5852 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:25:00.0781 5852 Ftdisk - ok
07:25:00.0812 5852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
07:25:00.0921 5852 Gpc - ok
07:25:00.0953 5852 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:25:01.0093 5852 HDAudBus - ok
07:25:01.0125 5852 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
07:25:01.0250 5852 hidusb - ok
07:25:01.0281 5852 hpn - ok
07:25:01.0343 5852 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
07:25:01.0390 5852 HTTP - ok
07:25:01.0406 5852 i2omgmt - ok
07:25:01.0421 5852 i2omp - ok
07:25:01.0484 5852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:25:01.0609 5852 i8042prt - ok
07:25:01.0640 5852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
07:25:01.0765 5852 Imapi - ok
07:25:01.0796 5852 InCDfs (580a81790cd0a48d85da322267da7ac4) D:\WINDOWS\system32\drivers\InCDFs.sys
07:25:01.0812 5852 InCDfs - ok
07:25:01.0828 5852 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) D:\WINDOWS\system32\drivers\InCDPass.sys
07:25:01.0828 5852 InCDPass - ok
07:25:01.0859 5852 InCDrec (4d022577e9072b5d22e0a383a7806bbb) D:\WINDOWS\system32\drivers\InCDrec.sys
07:25:01.0859 5852 InCDrec - ok
07:25:01.0890 5852 incdrm (c258e57321a3c3737f4fa815fa69ee0b) D:\WINDOWS\system32\drivers\InCDRm.sys
07:25:01.0906 5852 incdrm - ok
07:25:01.0921 5852 ini910u - ok
07:25:01.0953 5852 IntelIde - ok
07:25:01.0984 5852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys
07:25:02.0109 5852 Ip6Fw - ok
07:25:02.0140 5852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:25:02.0296 5852 IpFilterDriver - ok
07:25:02.0328 5852 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
07:25:02.0437 5852 IpInIp - ok
07:25:02.0484 5852 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
07:25:02.0609 5852 IpNat - ok
07:25:02.0640 5852 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
07:25:02.0765 5852 IPSec - ok
07:25:02.0796 5852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
07:25:02.0906 5852 IRENUM - ok
07:25:02.0921 5852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
07:25:03.0031 5852 isapnp - ok
07:25:03.0140 5852 ISWKL (08a811bfd207dfdec588881c18bacbaa) D:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
07:25:03.0140 5852 ISWKL - ok
07:25:03.0203 5852 iZ3DInjectionDriver (aa1e275cc4a98fcfc65ab5f8ab5b1acc) D:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys
07:25:03.0218 5852 iZ3DInjectionDriver - ok
07:25:03.0265 5852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:25:03.0375 5852 Kbdclass - ok
07:25:03.0406 5852 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:25:03.0515 5852 kbdhid - ok
07:25:03.0546 5852 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
07:25:03.0687 5852 kmixer - ok
07:25:03.0718 5852 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
07:25:03.0765 5852 KSecDD - ok
07:25:03.0812 5852 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
07:25:03.0812 5852 Lavasoft Kernexplorer - ok
07:25:03.0859 5852 Lbd (336abe8721cbc3110f1c6426da633417) D:\WINDOWS\system32\DRIVERS\Lbd.sys
07:25:03.0859 5852 Lbd - ok
07:25:03.0875 5852 lbrtfdc - ok
07:25:03.0921 5852 MBAMSwissArmy - ok
07:25:03.0968 5852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
07:25:04.0125 5852 mnmdd - ok
07:25:04.0171 5852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
07:25:04.0312 5852 Modem - ok
07:25:04.0359 5852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
07:25:04.0453 5852 Mouclass - ok
07:25:04.0484 5852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
07:25:04.0640 5852 mouhid - ok
07:25:04.0640 5852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
07:25:04.0750 5852 MountMgr - ok
07:25:04.0765 5852 mraid35x - ok
07:25:04.0796 5852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:25:04.0921 5852 MRxDAV - ok
07:25:04.0953 5852 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:25:05.0000 5852 MRxSmb - ok
07:25:05.0015 5852 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
07:25:05.0125 5852 Msfs - ok
07:25:05.0156 5852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
07:25:05.0265 5852 MSKSSRV - ok
07:25:05.0296 5852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:25:05.0406 5852 MSPCLOCK - ok
07:25:05.0437 5852 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
07:25:05.0546 5852 MSPQM - ok
07:25:05.0578 5852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:25:05.0687 5852 mssmbios - ok
07:25:05.0718 5852 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) D:\WINDOWS\system32\drivers\MSTEE.sys
07:25:05.0828 5852 MSTEE - ok
07:25:05.0843 5852 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) D:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:25:05.0859 5852 MTsensor - ok
07:25:05.0890 5852 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\WINDOWS\system32\drivers\Mup.sys
07:25:05.0921 5852 Mup - ok
07:25:05.0953 5852 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:25:06.0062 5852 NABTSFEC - ok
07:25:06.0125 5852 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
07:25:06.0234 5852 NDIS - ok
07:25:06.0265 5852 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) D:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:25:06.0375 5852 NdisIP - ok
07:25:06.0406 5852 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:25:06.0406 5852 NdisTapi - ok
07:25:06.0421 5852 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:25:06.0531 5852 Ndisuio - ok
07:25:06.0562 5852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:25:06.0671 5852 NdisWan - ok
07:25:06.0703 5852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
07:25:06.0718 5852 NDProxy - ok
07:25:06.0734 5852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
07:25:06.0859 5852 NetBIOS - ok
07:25:06.0875 5852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
07:25:06.0984 5852 NetBT - ok
07:25:07.0015 5852 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) D:\WINDOWS\system32\DRIVERS\nic1394.sys
07:25:07.0140 5852 NIC1394 - ok
07:25:07.0156 5852 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
07:25:07.0265 5852 Npfs - ok
07:25:07.0296 5852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
07:25:07.0437 5852 Ntfs - ok
07:25:07.0468 5852 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
07:25:07.0609 5852 Null - ok
07:25:07.0859 5852 nv (8b2c874897ea498da012284e12f9db2b) D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:25:08.0343 5852 nv - ok
07:25:08.0390 5852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:25:08.0546 5852 NwlnkFlt - ok
07:25:08.0562 5852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:25:08.0718 5852 NwlnkFwd - ok
07:25:08.0718 5852 ohci1394 (ca33832df41afb202ee7aeb05145922f) D:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:25:08.0828 5852 ohci1394 - ok
07:25:08.0875 5852 P0630VID (feac15e8b991fc4ca2d6d06b92d19fea) D:\WINDOWS\system32\DRIVERS\P0630Vid.sys
07:25:08.0906 5852 P0630VID - ok
07:25:08.0937 5852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys
07:25:09.0046 5852 Parport - ok
07:25:09.0046 5852 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
07:25:09.0156 5852 PartMgr - ok
07:25:09.0203 5852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
07:25:09.0343 5852 ParVdm - ok
07:25:09.0375 5852 pavboot (3adb8bd6154a3ef87496e8fce9c22493) D:\WINDOWS\system32\drivers\pavboot.sys
07:25:09.0375 5852 pavboot - ok
07:25:09.0390 5852 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
07:25:09.0515 5852 PCI - ok
07:25:09.0515 5852 PCIDump - ok
07:25:09.0546 5852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
07:25:09.0703 5852 PCIIde - ok
07:25:09.0718 5852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
07:25:09.0828 5852 Pcmcia - ok
07:25:09.0828 5852 PDCOMP - ok
07:25:09.0843 5852 PDFRAME - ok
07:25:09.0843 5852 PDRELI - ok
07:25:09.0859 5852 PDRFRAME - ok
07:25:09.0875 5852 perc2 - ok
07:25:09.0875 5852 perc2hib - ok
07:25:09.0921 5852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
07:25:10.0031 5852 PptpMiniport - ok
07:25:10.0046 5852 Processor (a32bebaf723557681bfc6bd93e98bd26) D:\WINDOWS\system32\DRIVERS\processr.sys
07:25:10.0156 5852 Processor - ok
07:25:10.0203 5852 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
07:25:10.0312 5852 PSched - ok
07:25:10.0328 5852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
07:25:10.0468 5852 Ptilink - ok
07:25:10.0484 5852 PxHelp20 (d86b4a68565e444d76457f14172c875a) D:\WINDOWS\system32\Drivers\PxHelp20.sys
07:25:10.0500 5852 PxHelp20 - ok
07:25:10.0500 5852 ql1080 - ok
07:25:10.0515 5852 Ql10wnt - ok
07:25:10.0562 5852 ql12160 - ok
07:25:10.0578 5852 ql1240 - ok
07:25:10.0593 5852 ql1280 - ok
07:25:10.0625 5852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
07:25:10.0765 5852 RasAcd - ok
07:25:10.0781 5852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:25:10.0890 5852 Rasl2tp - ok
07:25:10.0921 5852 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:25:11.0015 5852 RasPppoe - ok
07:25:11.0046 5852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
07:25:11.0187 5852 Raspti - ok
07:25:11.0203 5852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
07:25:11.0312 5852 Rdbss - ok
07:25:11.0328 5852 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:25:11.0468 5852 RDPCDD - ok
07:25:11.0500 5852 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:25:11.0609 5852 rdpdr - ok
07:25:11.0671 5852 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\WINDOWS\system32\drivers\RDPWD.sys
07:25:11.0687 5852 RDPWD - ok
07:25:11.0718 5852 redbook (55f7fa7c581d3508de96e4adf418d370) D:\WINDOWS\system32\DRIVERS\redbook.sys
07:25:11.0718 5852 redbook ( UnsignedFile.Multi.Generic ) - warning
07:25:11.0718 5852 redbook - detected UnsignedFile.Multi.Generic (1)
07:25:11.0765 5852 rtl8139 (d507c1400284176573224903819ffda3) D:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:25:11.0890 5852 rtl8139 - ok
07:25:11.0937 5852 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
07:25:12.0046 5852 Secdrv - ok
07:25:12.0093 5852 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) D:\WINDOWS\system32\drivers\Senfilt.sys
07:25:12.0109 5852 SenFiltService - ok
07:25:12.0140 5852 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
07:25:12.0250 5852 serenum - ok
07:25:12.0265 5852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys
07:25:12.0375 5852 Serial - ok
07:25:12.0421 5852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
07:25:12.0515 5852 Sfloppy - ok
07:25:12.0546 5852 Simbad - ok
07:25:12.0562 5852 SLIP (866d538ebe33709a5c9f5c62b73b7d14) D:\WINDOWS\system32\DRIVERS\SLIP.sys
07:25:12.0671 5852 SLIP - ok
07:25:12.0718 5852 snapman (c3bf55189aa92b8f919108ef9e4accae) D:\WINDOWS\system32\DRIVERS\snapman.sys
07:25:12.0734 5852 snapman - ok
07:25:12.0734 5852 Sparrow - ok
07:25:12.0765 5852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
07:25:12.0875 5852 splitter - ok
07:25:12.0890 5852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
07:25:13.0000 5852 sr - ok
07:25:13.0031 5852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
07:25:13.0062 5852 Srv - ok
07:25:13.0093 5852 streamip (77813007ba6265c4b6098187e6ed79d2) D:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:25:13.0218 5852 streamip - ok
07:25:13.0265 5852 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
07:25:13.0390 5852 swenum - ok
07:25:13.0406 5852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
07:25:13.0515 5852 swmidi - ok
07:25:13.0531 5852 symc810 - ok
07:25:13.0531 5852 symc8xx - ok
07:25:13.0546 5852 sym_hi - ok
07:25:13.0562 5852 sym_u3 - ok
07:25:13.0578 5852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
07:25:13.0687 5852 sysaudio - ok
07:25:13.0750 5852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
07:25:13.0796 5852 Tcpip - ok
07:25:13.0828 5852 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
07:25:13.0937 5852 TDPIPE - ok
07:25:13.0953 5852 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) D:\WINDOWS\system32\DRIVERS\tdrpman.sys
07:25:13.0968 5852 tdrpman - ok
07:25:14.0015 5852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
07:25:14.0125 5852 TDTCP - ok
07:25:14.0140 5852 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
07:25:14.0250 5852 TermDD - ok
07:25:14.0265 5852 tifsfilter (b0b3122bff3910e0ba97014045467778) D:\WINDOWS\system32\DRIVERS\tifsfilt.sys
07:25:14.0281 5852 tifsfilter - ok
07:25:14.0312 5852 timounter (13bfe330880ac0ce8672d00aa5aff738) D:\WINDOWS\system32\DRIVERS\timntr.sys
07:25:14.0328 5852 timounter - ok
07:25:14.0359 5852 TosIde - ok
07:25:14.0406 5852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
07:25:14.0500 5852 Udfs - ok
07:25:14.0515 5852 ultra - ok
07:25:14.0546 5852 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
07:25:14.0671 5852 Update - ok
07:25:14.0703 5852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:25:14.0796 5852 usbccgp - ok
07:25:14.0828 5852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
07:25:14.0921 5852 usbehci - ok
07:25:14.0953 5852 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
07:25:15.0062 5852 usbhub - ok
07:25:15.0078 5852 usbohci (0daecce65366ea32b162f85f07c6753b) D:\WINDOWS\system32\DRIVERS\usbohci.sys
07:25:15.0187 5852 usbohci - ok
07:25:15.0234 5852 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys
07:25:15.0343 5852 usbprint - ok
07:25:15.0375 5852 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys
07:25:15.0484 5852 usbscan - ok
07:25:15.0500 5852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:25:15.0609 5852 USBSTOR - ok
07:25:15.0640 5852 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) D:\WINDOWS\system32\DRIVERS\VClone.sys
07:25:15.0656 5852 VClone ( UnsignedFile.Multi.Generic ) - warning
07:25:15.0656 5852 VClone - detected UnsignedFile.Multi.Generic (1)
07:25:15.0671 5852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
07:25:15.0781 5852 VgaSave - ok
07:25:15.0796 5852 ViaIde - ok
07:25:15.0812 5852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
07:25:15.0906 5852 VolSnap - ok
07:25:16.0015 5852 Vsdatant (558cee3d9c470651f1843d51b42d761b) D:\WINDOWS\system32\vsdatant.sys
07:25:16.0109 5852 Vsdatant - ok
07:25:16.0156 5852 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
07:25:16.0265 5852 Wanarp - ok
07:25:16.0296 5852 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) D:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:25:16.0328 5852 wanatw - ok
07:25:16.0328 5852 WDICA - ok
07:25:16.0359 5852 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
07:25:16.0468 5852 wdmaud - ok
07:25:16.0562 5852 WSTCODEC (c98b39829c2bbd34e454150633c62c78) D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:25:16.0656 5852 WSTCODEC - ok
07:25:16.0703 5852 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:25:16.0734 5852 WudfPf - ok
07:25:16.0750 5852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:25:16.0765 5852 WudfRd - ok
07:25:16.0812 5852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:25:16.0906 5852 \Device\Harddisk0\DR0 - ok
07:25:16.0921 5852 Boot (0x1200) (c2a2105b2ea853a58e95bee6c62e1a96) \Device\Harddisk0\DR0\Partition0
07:25:16.0921 5852 \Device\Harddisk0\DR0\Partition0 - ok
07:25:16.0953 5852 Boot (0x1200) (950377dbd2edb503d1f7817d78f91260) \Device\Harddisk0\DR0\Partition1
07:25:16.0953 5852 \Device\Harddisk0\DR0\Partition1 - ok
07:25:16.0953 5852 ============================================================
07:25:16.0953 5852 Scan finished
07:25:16.0953 5852 ============================================================
07:25:17.0062 3952 Detected object count: 2
07:25:17.0062 3952 Actual detected object count: 2
07:25:32.0156 3952 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
07:25:32.0156 3952 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:25:32.0156 3952 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
07:25:32.0156 3952 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:26:30.0843 4328 Deinitialize success





I ran UNhide.exe, after running it said my start menus should reappear the way it was before, but it still looks as it does in the attachment above (missing icons and folders).





I ran OTL, here are the logs:

OTL logfile created on: 12/21/2011 7:42:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\tyler\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 28.45% Memory free
3.35 Gb Paging File | 2.51 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 89.93 Mb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 454.93 Gb Free Space | 48.84% Space Free | Partition Type: NTFS

Computer Name: TYLER-DA18647FA | User Name: tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 07:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\tyler\Desktop\OTL.exe
PRC - [2011/12/16 15:03:01 | 001,187,072 | ---- | M] (Lavasoft Limited) -- D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/16 15:02:58 | 002,152,152 | ---- | M] (Lavasoft Limited) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/11 21:44:08 | 003,082,320 | ---- | M] () -- D:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/11/14 17:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 08:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- D:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 08:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- D:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/08/15 16:56:16 | 002,589,808 | ---- | M] (GamersFirst) -- D:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011/07/22 07:12:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/05/25 00:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/10 17:25:06 | 001,230,704 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/18 19:25:50 | 000,360,960 | ---- | M] (iZ3D Inc.) -- D:\Program Files\iZ3D Driver\Win32\S3DCService.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- D:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- D:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- D:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- D:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- D:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/04 02:49:00 | 000,318,096 | ---- | M] (Carbonite, Inc.) -- D:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 12:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- D:\Program Files\Common Files\AOL\1284821555\ee\aolsoftware.exe
PRC - [2008/04/13 18:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/03/27 09:13:11 | 000,025,256 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) -- D:\WINDOWS\system32\lxdncoms.exe
PRC - [2007/06/27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 07:47:24 | 001,629,480 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 07:47:02 | 001,057,064 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2004/04/21 12:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) -- D:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/08/15 15:16:44 | 000,036,953 | ---- | M] (America Online, Inc.) -- D:\Program Files\America Online 9.0d\aoltray.exe
PRC - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- D:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/16 15:03:51 | 000,430,568 | ---- | M] () -- D:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/12/16 15:03:37 | 000,591,232 | ---- | M] () -- D:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/12/16 15:00:43 | 000,508,776 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/12/12 10:07:32 | 000,308,560 | ---- | M] () -- D:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/12/11 21:44:08 | 003,082,320 | ---- | M] () -- D:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/12/11 05:28:54 | 000,971,264 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/11 03:21:30 | 005,450,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/11 03:21:24 | 012,430,848 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/12/11 03:21:10 | 001,587,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/12/11 03:19:37 | 007,950,848 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/11 03:19:29 | 011,490,816 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- D:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/04 23:02:44 | 000,355,432 | ---- | M] () -- D:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/01/19 16:19:17 | 000,139,776 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll
MOD - [2011/01/10 17:25:48 | 000,096,112 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/01/10 17:25:06 | 001,230,704 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/07 11:40:30 | 015,988,224 | ---- | M] () -- D:\Program Files\GamersFirst\LIVE!\libcef.dll
MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- D:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/27 09:13:18 | 000,660,136 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdnmon.exe
MOD - [2008/03/27 09:13:11 | 000,025,256 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe
MOD - [2008/03/14 23:34:14 | 000,782,336 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdndrs.dll
MOD - [2008/03/14 23:33:42 | 000,380,928 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdnscw.dll
MOD - [2008/02/27 05:05:40 | 000,115,200 | ---- | M] () -- D:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2008/01/04 13:09:23 | 000,036,864 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\app4r.monitor.core.dll
MOD - [2008/01/04 13:09:23 | 000,028,672 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\app4r.monitor.common.dll
MOD - [2008/01/04 13:08:04 | 000,061,440 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/11/22 10:55:48 | 000,011,776 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/11/20 18:02:39 | 000,782,336 | ---- | M] () -- D:\WINDOWS\system32\lxdndrs.dll
MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- D:\WINDOWS\system32\lxdncaps.dll
MOD - [2007/11/20 17:44:48 | 000,081,920 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007/11/01 08:33:19 | 000,012,288 | ---- | M] () -- D:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/11/01 08:29:04 | 000,045,056 | ---- | M] () -- D:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/11/01 08:24:53 | 000,032,768 | ---- | M] () -- D:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- D:\WINDOWS\system32\lxdncnv4.dll
MOD - [2007/10/02 16:51:09 | 000,069,632 | ---- | M] () -- D:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007/08/27 11:44:33 | 000,053,248 | ---- | M] () -- D:\WINDOWS\system32\lxf3oem.dll
MOD - [2007/05/29 09:39:08 | 000,589,824 | ---- | M] () -- D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndatr.dll
MOD - [2007/03/26 09:39:35 | 000,073,728 | ---- | M] () -- D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdncats.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/16 15:02:58 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 08:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- D:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/25 00:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 19:25:50 | 000,360,960 | ---- | M] (iZ3D Inc.) [Auto | Running] -- D:\Program Files\iZ3D Driver\Win32\S3DCService.exe -- (S3D Service (Win32)) S3D Service (Win32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- D:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/27 17:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- D:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 17:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/06/25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/04/21 12:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) [Auto | Running] -- D:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- D:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/12 10:07:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/12/11 03:26:27 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/12/11 03:26:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/12/11 03:26:07 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/12/11 03:26:03 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 08:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- D:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/27 19:11:18 | 000,034,968 | ---- | M] () [Kernel | System | Running] -- D:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2007/06/25 07:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 07:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 07:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- D:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/17 04:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/13 22:07:36 | 000,091,797 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-1958367476-725345543-1003\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - D:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-583907252-1958367476-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-583907252-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: D:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: D:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: d:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: D:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: D:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/22 07:12:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: D:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/12/17 16:42:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/12/16 08:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/07/22 07:12:58 | 000,000,000 | ---D | M]

[2010/09/05 22:19:17 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Extensions
[2011/12/21 07:40:35 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\extensions
[2010/09/09 10:16:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/16 08:27:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/16 15:00:23 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/12/18 17:28:02 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/12/11 20:29:02 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Documents and Settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/16 08:27:42 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/07/29 15:23:47 | 000,000,000 | ---D | M] (Skype extension) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- D:\DOCUMENTS AND SETTINGS\TYLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JHXDCMX4.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011/12/16 08:27:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/18 06:53:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/16 08:27:34 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 08:27:34 | 000,002,040 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/17 14:48:42 | 000,439,153 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15105 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - D:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - D:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - D:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - D:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - D:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - D:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - D:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-583907252-1958367476-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - D:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-583907252-1958367476-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-583907252-1958367476-725345543-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [CarboniteSetupLite] D:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] D:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FaxCenterServer] D:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [HostManager] D:\Program Files\Common Files\AOL\1284821555\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISW] D:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [lxdnamon] D:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] D:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] D:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Seagate Scheduler2 Service] D:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] D:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-583907252-1958367476-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-583907252-1958367476-725345543-1003..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0d\aoltray.exe (America Online, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = D:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: D:\Documents and Settings\tyler\Start Menu\Programs\Startup\Seagate 2GEWS9TC Product Registration.lnk = D:\Documents and Settings\tyler\Application Data\Leadertech\PowerRegister\Seagate 2GEWS9TC Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-583907252-1958367476-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O15 - HKU\S-1-5-21-583907252-1958367476-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA207ED5-F3DF-4ED2-9274-C5382150EA5F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) -D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) -D:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/05 18:53:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 07:22:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\tyler\Desktop\OTL.exe
[2011/12/18 04:31:17 | 000,000,000 | R--D | C] -- D:\Documents and Settings\tyler\Start Menu\Programs\Administrative Tools
[2011/12/18 04:10:03 | 000,607,260 | R--- | C] (Swearware) -- D:\Documents and Settings\All Users\Desktop\dds.scr
[2011/12/17 17:48:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\My Documents\virfixhelp12-17
[2011/12/17 16:59:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Start Menu\Programs\System Fix
[2011/12/17 16:58:54 | 000,000,000 | R--D | C] -- D:\Documents and Settings\tyler\Recent
[2011/12/17 16:43:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\My Documents\ForceField Shared Files
[2011/12/17 16:42:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\CheckPoint
[2011/12/17 16:42:13 | 000,000,000 | ---D | C] -- D:\Program Files\Conduit
[2011/12/17 16:42:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\ZoneAlarm_Security
[2011/12/17 16:42:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\Temp
[2011/12/17 16:42:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\Conduit
[2011/12/17 16:42:09 | 000,000,000 | ---D | C] -- D:\Program Files\ZoneAlarm_Security
[2011/12/17 16:41:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011/12/17 16:41:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/12/17 16:29:02 | 000,000,000 | ---D | C] -- D:\Program Files\CheckPoint
[2011/12/17 06:21:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Real
[2011/12/16 18:06:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/12/16 15:04:14 | 000,101,720 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/16 15:00:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\adaware
[2011/12/16 15:00:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/12/16 15:00:28 | 000,000,000 | ---D | C] -- D:\Program Files\Toolbar Cleaner
[2011/12/16 14:59:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\adawaretb
[2011/12/16 14:59:35 | 000,000,000 | ---D | C] -- D:\Program Files\adawaretb
[2011/12/16 14:57:53 | 000,064,512 | ---- | C] (Lavasoft AB) -- D:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/16 14:56:51 | 000,000,000 | ---D | C] -- D:\Program Files\Lavasoft
[2011/12/16 14:56:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/12/16 14:56:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/12/16 13:28:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/16 12:48:18 | 000,000,000 | ---D | C] -- D:\Data
[2011/12/16 10:30:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\PriceGong
[2011/12/16 10:30:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2011/12/16 10:06:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\Malwarebytes
[2011/12/16 10:06:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 10:06:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/16 10:06:50 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2011/12/16 10:06:50 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2011/12/16 09:30:46 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- D:\Documents and Settings\tyler\Desktop\tdsskiller.exe
[2011/12/16 08:53:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/16 08:53:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/16 08:26:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\FaxCtr
[2011/12/13 11:49:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\Lexmark Productivity Studio
[2011/12/13 11:48:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Lx_cats
[2011/12/13 11:46:57 | 000,000,000 | ---D | C] -- D:\logs
[2011/12/13 11:46:29 | 000,015,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbscan.sys
[2011/12/13 11:46:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wiafbdrv.dll
[2011/12/13 11:46:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/12/13 11:45:25 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- D:\WINDOWS\System32\IMGMAN32.DLL
[2011/12/13 11:45:25 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- D:\WINDOWS\System32\IMHOST32.DLL
[2011/12/13 11:45:25 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- D:\WINDOWS\System32\IM31XPNG.DEL
[2011/12/13 11:45:25 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- D:\WINDOWS\System32\IM31XTIF.DEL
[2011/12/13 11:45:25 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- D:\WINDOWS\System32\IM31IMG.DIL
[2011/12/13 11:45:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Lexmark Fax Solutions
[2011/12/13 11:45:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\FaxCtr
[2011/12/13 11:45:10 | 000,000,000 | ---D | C] -- D:\Program Files\Lexmark Fax Solutions
[2011/12/13 11:45:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/12/13 11:44:52 | 000,000,000 | ---D | C] -- D:\Program Files\Abbyy FineReader 6.0 Sprint
[2011/12/13 11:44:02 | 000,000,000 | ---D | C] -- D:\Program Files\Lexmark Toolbar
[2011/12/13 11:43:53 | 000,102,400 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdnwupd.dll
[2011/12/13 11:43:53 | 000,017,064 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdnwupd.exe
[2011/12/13 11:43:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Lexmark 2600 Series
[2011/12/13 11:43:40 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdnutil.dll
[2011/12/13 11:43:40 | 000,438,272 | ---- | C] ( ) -- D:\WINDOWS\System32\LXDNhcp.dll
[2011/12/13 11:43:40 | 000,364,544 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdninpa.dll
[2011/12/13 11:43:40 | 000,339,968 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdniesc.dll
[2011/12/13 11:43:39 | 001,101,824 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnserv.dll
[2011/12/13 11:43:39 | 000,843,776 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnusb1.dll
[2011/12/13 11:43:39 | 000,647,168 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnpmui.dll
[2011/12/13 11:43:39 | 000,569,344 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnlmpm.dll
[2011/12/13 11:43:39 | 000,053,248 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnprox.dll
[2011/12/13 11:43:38 | 000,663,552 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnhbn3.dll
[2011/12/13 11:43:38 | 000,320,168 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdnih.exe
[2011/12/13 11:43:38 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdninsb.dll
[2011/12/13 11:43:38 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdnins.dll
[2011/12/13 11:43:38 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdnjswr.dll
[2011/12/13 11:43:38 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdninsr.dll
[2011/12/13 11:43:37 | 000,983,121 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\lxdngf.dll
[2011/12/13 11:43:37 | 000,851,968 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdncomc.dll
[2011/12/13 11:43:37 | 000,594,600 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdncoms.exe
[2011/12/13 11:43:37 | 000,376,832 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdncomm.dll
[2011/12/13 11:43:37 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdncub.dll
[2011/12/13 11:43:37 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdncu.dll
[2011/12/13 11:43:37 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- D:\WINDOWS\System32\lxdncur.dll
[2011/12/13 11:43:36 | 000,365,224 | ---- | C] ( ) -- D:\WINDOWS\System32\lxdncfg.exe
[2011/12/13 11:43:36 | 000,077,906 | ---- | C] (Lexmark International) -- D:\WINDOWS\System32\LXDNcfg.dll
[2011/12/13 11:43:27 | 000,000,000 | ---D | C] -- D:\Program Files\Lexmark 2600 Series
[2011/12/12 07:50:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Start Menu\Programs\CrimeCraft
[2011/12/12 07:50:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\CrimeCraft
[2011/12/12 07:49:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\InstallShield Installation Information
[2011/12/12 07:49:00 | 000,000,000 | ---D | C] -- D:\Program Files\DIFX
[2011/12/12 07:48:54 | 000,036,864 | ---- | C] (Advanced Micro Devices) -- D:\WINDOWS\System32\drivers\AmdK8.sys
[2011/12/12 07:48:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DRVSTORE
[2011/12/12 07:41:11 | 000,000,000 | ---D | C] -- D:\Program Files\Vogster Entertainment
[2011/12/11 21:47:14 | 000,000,000 | ---D | C] -- D:\crimecraft
[2011/12/11 21:46:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Desktop\crimecraft
[2011/12/11 03:39:17 | 000,000,000 | ---D | C] -- D:\tryingtofixdrive
[2011/12/11 03:26:27 | 000,441,760 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\timntr.sys
[2011/12/11 03:26:27 | 000,044,384 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\tifsfilt.sys
[2011/12/11 03:26:07 | 000,132,224 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\snapman.sys
[2011/12/11 03:26:03 | 000,368,480 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\tdrpman.sys
[2011/12/11 03:25:48 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Seagate
[2011/12/11 03:05:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\GamersFirst LIVE!
[2011/12/11 03:05:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\PMB Files
[2011/12/11 03:05:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PMB Files
[2011/12/11 03:04:59 | 000,000,000 | ---D | C] -- D:\Program Files\Pando Networks
[2011/12/11 03:04:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\GamersFirst
[2011/12/11 03:04:44 | 000,000,000 | ---D | C] -- D:\Program Files\GamersFirst
[2011/12/11 03:04:21 | 000,000,000 | ---D | C] -- D:\apb
[2011/12/11 03:00:41 | 000,000,000 | ---D | C] -- D:\Program Files\MSXML 4.0
[2011/12/10 22:06:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/12/10 22:06:41 | 000,000,000 | ---D | C] -- D:\Program Files\Seagate
[2011/12/10 22:06:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/10 22:05:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Local Settings\Application Data\Downloaded Installations
[2011/12/10 22:04:29 | 000,000,000 | ---D | C] -- D:\Program Files\Carbonite
[2011/12/10 22:04:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Carbonite
[2011/12/10 22:04:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Application Data\Leadertech
[2011/12/10 21:50:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mouhid.sys
[2011/12/10 21:50:30 | 000,025,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbprint.sys
[9 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 07:42:21 | 000,000,286 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1958367476-725345543-1003.job
[2011/12/21 07:42:21 | 000,000,278 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1958367476-725345543-1003.job
[2011/12/21 07:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At16.job
[2011/12/21 07:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At15.job
[2011/12/21 07:25:02 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2011/12/21 07:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\tyler\Desktop\OTL.exe
[2011/12/21 07:21:50 | 000,684,297 | ---- | M] () -- D:\Documents and Settings\tyler\Desktop\unhide.exe
[2011/12/21 06:54:00 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 06:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At14.job
[2011/12/21 06:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At13.job
[2011/12/21 05:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At12.job
[2011/12/21 05:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At11.job
[2011/12/21 05:21:10 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/12/21 04:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At10.job
[2011/12/21 04:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At9.job
[2011/12/21 03:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At8.job
[2011/12/21 03:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At7.job
[2011/12/21 02:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At6.job
[2011/12/21 02:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At5.job
[2011/12/21 02:20:33 | 000,054,156 | ---- | M] () -- D:\WINDOWS\QTFont.qfn
[2011/12/21 01:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At4.job
[2011/12/21 01:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At3.job
[2011/12/21 00:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At2.job
[2011/12/21 00:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At1.job
[2011/12/20 23:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At48.job
[2011/12/20 23:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At47.job
[2011/12/20 22:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At46.job
[2011/12/20 22:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At45.job
[2011/12/20 21:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At44.job
[2011/12/20 21:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At43.job
[2011/12/20 20:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At42.job
[2011/12/20 20:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At41.job
[2011/12/20 19:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At40.job
[2011/12/20 19:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At39.job
[2011/12/20 18:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At38.job
[2011/12/20 18:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At37.job
[2011/12/20 17:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At36.job
[2011/12/20 17:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At35.job
[2011/12/20 16:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At34.job
[2011/12/20 16:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At33.job
[2011/12/20 15:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At32.job
[2011/12/20 15:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At31.job
[2011/12/20 14:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At30.job
[2011/12/20 14:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At29.job
[2011/12/20 13:42:31 | 000,000,486 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/20 13:42:03 | 000,000,064 | ---- | M] () -- D:\WINDOWS\System32\rp_stats.dat
[2011/12/20 13:42:03 | 000,000,044 | ---- | M] () -- D:\WINDOWS\System32\rp_rules.dat
[2011/12/20 13:38:39 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/12/20 13:37:37 | 000,000,880 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 13:37:36 | 000,000,280 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/12/20 13:37:15 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/12/19 13:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At28.job
[2011/12/19 13:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At27.job
[2011/12/19 13:06:18 | 000,001,409 | ---- | M] () -- D:\WINDOWS\QTFont.for
[2011/12/19 12:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At26.job
[2011/12/19 12:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At25.job
[2011/12/19 11:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At24.job
[2011/12/19 11:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At23.job
[2011/12/19 10:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At22.job
[2011/12/19 10:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At21.job
[2011/12/19 09:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At20.job
[2011/12/19 09:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At19.job
[2011/12/19 08:29:00 | 000,000,348 | ---- | M] () -- D:\WINDOWS\tasks\At18.job
[2011/12/19 08:29:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS\tasks\At17.job
[2011/12/18 04:18:43 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\tyler\defogger_reenable
[2011/12/18 04:10:37 | 000,607,260 | R--- | M] (Swearware) -- D:\Documents and Settings\All Users\Desktop\dds.scr
[2011/12/18 04:02:29 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Defogger.exe
[2011/12/17 19:22:11 | 000,302,592 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\dixpts5k.exe
[2011/12/17 17:44:21 | 000,869,194 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SecurityCheck.exe
[2011/12/17 17:00:45 | 000,000,456 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF
[2011/12/17 16:59:37 | 000,000,296 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNF
[2011/12/17 16:59:37 | 000,000,184 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNFr
[2011/12/17 16:59:35 | 000,000,849 | ---- | M] () -- D:\Documents and Settings\tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/17 16:59:35 | 000,000,831 | ---- | M] () -- D:\Documents and Settings\tyler\Desktop\System Fix.lnk
[2011/12/17 16:59:27 | 000,353,536 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF.exe
[2011/12/17 16:47:03 | 000,415,859 | ---- | M] () -- D:\WINDOWS\System32\vsconfig.xml
[2011/12/17 16:19:41 | 000,000,115 | ---- | M] () -- D:\WINDOWS\wininit.ini
[2011/12/17 14:53:53 | 000,174,080 | ---- | M] () -- D:\Documents and Settings\tyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/17 14:48:42 | 000,439,153 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2011/12/16 15:04:03 | 000,101,720 | ---- | M] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/16 15:03:59 | 000,016,432 | ---- | M] () -- D:\WINDOWS\System32\lsdelete.exe
[2011/12/16 14:59:14 | 000,000,797 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/16 12:49:46 | 000,000,288 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/12/16 09:33:43 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- D:\Documents and Settings\tyler\Desktop\tdsskiller.exe
[2011/12/16 09:32:55 | 000,014,756 | -HS- | M] () -- D:\Documents and Settings\tyler\Local Settings\Application Data\848172v5t751r267h561k8rlw1p7
[2011/12/16 09:32:55 | 000,014,756 | -HS- | M] () -- D:\Documents and Settings\All Users\Application Data\848172v5t751r267h561k8rlw1p7
[2011/12/16 09:15:42 | 000,000,112 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\JQTi8M7.dat
[2011/12/16 08:57:40 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\E1X2G0.com.b
[2011/12/16 03:20:44 | 000,096,664 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/16 03:04:14 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2011/12/15 06:51:04 | 000,140,496 | ---- | M] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/12/15 06:50:59 | 000,280,736 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.xtr
[2011/12/14 21:37:05 | 000,280,736 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.ex0
[2011/12/14 16:09:24 | 000,000,096 | ---- | M] () -- D:\WINDOWS\System32\HsInfo.dat
[2011/12/13 11:47:01 | 000,085,442 | ---- | M] () -- D:\WINDOWS\System32\LexFiles.ulf
[2011/12/13 11:44:44 | 000,000,740 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Lexmark Productivity Studio - 2600 Series.LNK
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- D:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/12 07:50:15 | 000,001,852 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\CrimeCraft.lnk
[2011/12/11 21:42:36 | 002,239,488 | ---- | M] () -- D:\Documents and Settings\tyler\Desktop\CrimeCraftGangWars.exe
[2011/12/11 15:00:46 | 000,138,056 | ---- | M] () -- D:\Documents and Settings\tyler\Application Data\PnkBstrK.sys
[2011/12/11 03:34:59 | 000,001,293 | ---- | M] () -- D:\Documents and Settings\tyler\Start Menu\Programs\Startup\Seagate 2GEWS9TC Product Registration.lnk
[2011/12/11 03:26:27 | 000,441,760 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\timntr.sys
[2011/12/11 03:26:27 | 000,044,384 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\tifsfilt.sys
[2011/12/11 03:26:07 | 000,132,224 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\snapman.sys
[2011/12/11 03:26:03 | 000,368,480 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\tdrpman.sys
[2011/12/11 03:26:02 | 000,000,808 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Seagate DiscWizard.lnk
[2011/12/11 03:18:36 | 000,472,866 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/12/11 03:18:36 | 000,075,960 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/12/11 03:04:52 | 000,000,807 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/11 03:04:52 | 000,000,779 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/12/10 22:06:55 | 000,001,863 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2011/12/10 22:04:29 | 000,001,732 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\win32k.sys
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\win32k.sys
[9 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 07:21:46 | 000,684,297 | ---- | C] () -- D:\Documents and Settings\tyler\Desktop\unhide.exe
[2011/12/18 04:18:43 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\tyler\defogger_reenable
[2011/12/18 04:02:27 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Defogger.exe
[2011/12/17 19:22:13 | 000,302,592 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\dixpts5k.exe
[2011/12/17 17:44:15 | 000,869,194 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SecurityCheck.exe
[2011/12/17 16:59:36 | 000,000,296 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNF
[2011/12/17 16:59:36 | 000,000,184 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNFr
[2011/12/17 16:59:35 | 000,000,849 | ---- | C] () -- D:\Documents and Settings\tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/17 16:59:35 | 000,000,831 | ---- | C] () -- D:\Documents and Settings\tyler\Desktop\System Fix.lnk
[2011/12/17 16:59:32 | 000,000,456 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF
[2011/12/17 16:59:27 | 000,353,536 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF.exe
[2011/12/17 16:42:47 | 000,415,859 | ---- | C] () -- D:\WINDOWS\System32\vsconfig.xml
[2011/12/17 16:19:41 | 000,000,115 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2011/12/17 14:00:39 | 000,016,432 | ---- | C] () -- D:\WINDOWS\System32\lsdelete.exe
[2011/12/16 15:00:25 | 000,000,064 | ---- | C] () -- D:\WINDOWS\System32\rp_stats.dat
[2011/12/16 15:00:25 | 000,000,044 | ---- | C] () -- D:\WINDOWS\System32\rp_rules.dat
[2011/12/16 15:00:03 | 000,000,486 | ---- | C] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/16 14:59:14 | 000,000,797 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/16 10:34:50 | 000,000,288 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/12/16 10:34:50 | 000,000,280 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/12/16 08:57:40 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\E1X2G0.com.b
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At8.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At6.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At48.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At46.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At44.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At42.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At40.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At4.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At38.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At36.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At34.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At32.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At30.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At28.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At26.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At24.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At22.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At20.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At2.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At18.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At16.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At14.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At12.job
[2011/12/16 08:44:01 | 000,000,348 | ---- | C] () -- D:\WINDOWS\tasks\At10.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At9.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At7.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At5.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At47.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At45.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At43.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At41.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At39.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At37.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At35.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At33.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At31.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At3.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At29.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At27.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At25.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At23.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At21.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At19.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At17.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At15.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At13.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At11.job
[2011/12/16 08:44:01 | 000,000,346 | ---- | C] () -- D:\WINDOWS\tasks\At1.job
[2011/12/16 08:44:01 | 000,000,112 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\JQTi8M7.dat
[2011/12/16 08:29:50 | 000,014,756 | -HS- | C] () -- D:\Documents and Settings\tyler\Local Settings\Application Data\848172v5t751r267h561k8rlw1p7
[2011/12/16 08:29:50 | 000,014,756 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\848172v5t751r267h561k8rlw1p7
[2011/12/14 16:09:23 | 000,000,096 | ---- | C] () -- D:\WINDOWS\System32\HsInfo.dat
[2011/12/13 11:46:42 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\lxdnvs.dll
[2011/12/13 11:46:41 | 000,348,160 | ---- | C] () -- D:\WINDOWS\System32\lxdncoin.dll
[2011/12/13 11:46:36 | 000,077,304 | ---- | C] () -- D:\WINDOWS\System32\lxdnprpr.chm
[2011/12/13 11:46:07 | 000,782,336 | ---- | C] () -- D:\WINDOWS\System32\lxdndrs.dll
[2011/12/13 11:46:07 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\lxdncaps.dll
[2011/12/13 11:46:06 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\lxdncnv4.dll
[2011/12/13 11:45:45 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\LXF3PMON.DLL
[2011/12/13 11:45:45 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\LXF3FXPU.DLL
[2011/12/13 11:45:25 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\lxf3oem.dll
[2011/12/13 11:45:25 | 000,012,288 | ---- | C] () -- D:\WINDOWS\System32\LXF3PMRC.DLL
[2011/12/13 11:44:44 | 000,000,740 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Lexmark Productivity Studio - 2600 Series.LNK
[2011/12/13 11:43:50 | 000,000,044 | ---- | C] () -- D:\WINDOWS\System32\lxdnrwrd.ini
[2011/12/13 11:43:40 | 000,348,160 | ---- | C] () -- D:\WINDOWS\System32\LXDNinst.dll
[2011/12/13 11:43:38 | 000,208,896 | ---- | C] () -- D:\WINDOWS\System32\lxdngrd.dll
[2011/12/13 11:43:36 | 000,085,442 | ---- | C] () -- D:\WINDOWS\System32\LexFiles.ulf
[2011/12/13 11:43:36 | 000,001,633 | ---- | C] () -- D:\WINDOWS\System32\lxdn.loc
[2011/12/12 07:50:15 | 000,001,852 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\CrimeCraft.lnk
[2011/12/11 21:42:29 | 002,239,488 | ---- | C] () -- D:\Documents and Settings\tyler\Desktop\CrimeCraftGangWars.exe
[2011/12/11 03:26:02 | 000,000,808 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Seagate DiscWizard.lnk
[2011/12/11 03:04:52 | 000,000,807 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011/12/11 03:04:52 | 000,000,779 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/12/10 22:06:55 | 000,001,863 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2011/12/10 22:04:29 | 000,001,732 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2011/12/10 22:04:05 | 000,001,293 | ---- | C] () -- D:\Documents and Settings\tyler\Start Menu\Programs\Startup\Seagate 2GEWS9TC Product Registration.lnk
[2011/06/17 18:20:40 | 002,123,582 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2011/06/06 14:57:36 | 000,000,319 | ---- | C] () -- D:\WINDOWS\game.ini
[2011/05/23 18:50:29 | 000,000,288 | ---- | C] () -- D:\Documents and Settings\tyler\Application Data\.backup.dm
[2011/03/06 00:24:57 | 000,953,464 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 08:21:51 | 000,229,646 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-1958367476-725345543-1003-0.dat
[2011/01/29 08:21:50 | 000,083,246 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/01 22:01:28 | 000,000,014 | ---- | C] () -- D:\WINDOWS\System32\nvModes.dat
[2010/12/21 06:58:19 | 000,855,641 | ---- | C] () -- D:\Documents and Settings\tyler\Application Data\PandaIDProtectHelp.chm
[2010/12/08 15:44:47 | 000,000,056 | ---- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2010/11/15 14:33:13 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/11/07 18:59:39 | 000,000,151 | ---- | C] () -- D:\WINDOWS\PhotoSnapViewer.INI
[2010/09/25 21:08:52 | 000,140,496 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/25 21:08:52 | 000,138,056 | ---- | C] () -- D:\Documents and Settings\tyler\Application Data\PnkBstrK.sys
[2010/09/25 21:08:33 | 000,280,736 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrB.exe
[2010/09/25 21:08:32 | 002,434,856 | ---- | C] () -- D:\WINDOWS\System32\pbsvc_bc2.exe
[2010/09/25 21:08:32 | 000,075,136 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrA.exe
[2010/09/21 06:06:15 | 000,185,344 | ---- | C] () -- D:\WINDOWS\System32\PCGW32.DLL
[2010/09/19 19:32:28 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2010/09/15 22:40:25 | 000,174,080 | ---- | C] () -- D:\Documents and Settings\tyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 22:20:30 | 000,273,344 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/05 22:20:29 | 000,273,344 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/05 22:20:29 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2010/09/05 22:18:48 | 000,000,335 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010/09/05 21:48:17 | 000,025,867 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2010/09/05 21:48:16 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2010/09/05 21:48:07 | 000,010,288 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/09/05 18:55:21 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010/09/05 18:51:03 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2010/09/05 13:42:29 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2010/09/05 13:39:55 | 000,096,664 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2008/09/15 18:14:24 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2006/08/11 22:45:20 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 22:43:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,472,866 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,075,960 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

< End of report >




OTL Extras logfile created on: 12/21/2011 7:42:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\tyler\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 28.45% Memory free
3.35 Gb Paging File | 2.51 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 89.93 Mb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 454.93 Gb Free Space | 48.84% Space Free | Partition Type: NTFS

Computer Name: TYLER-DA18647FA | User Name: tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-583907252-1958367476-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57971:TCP" = 57971:TCP:*:Enabled:Pando Media Booster
"57971:UDP" = 57971:UDP:*:Enabled:Pando Media Booster
"57100:TCP" = 57100:TCP:*:Enabled:Pando Media Booster
"57100:UDP" = 57100:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57971:TCP" = 57971:TCP:*:Enabled:Pando Media Booster
"57971:UDP" = 57971:UDP:*:Enabled:Pando Media Booster
"57100:TCP" = 57100:TCP:*:Enabled:Pando Media Booster
"57100:UDP" = 57100:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\America Online 9.0\waol.exe" = D:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"D:\Program Files\America Online 9.0d\waol.exe" = D:\Program Files\America Online 9.0d\waol.exe:*:Enabled:America Online 9.0d -- (America Online, Inc.)
"D:\Program Files\Pando Networks\Media Booster\PMB.exe" = D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = D:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"D:\Program Files\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe" = D:\Program Files\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- (THQ Canada Inc.)
"D:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = D:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"D:\Program Files\AIM\aim.exe" = D:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"D:\Program Files\America Online 9.0\waol.exe" = D:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"D:\Program Files\BitTornado\btdownloadgui.exe" = D:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"D:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = D:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"D:\Program Files\Steam\steamapps\relyt33333\team fortress 2\hl2.exe" = D:\Program Files\Steam\steamapps\relyt33333\team fortress 2\hl2.exe:*:Enabled:hl2
"D:\Program Files\Steam\steamapps\relyt33333\insurgency\hl2.exe" = D:\Program Files\Steam\steamapps\relyt33333\insurgency\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\VideoLAN\VLC\vlc.exe" = D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"D:\Program Files\Steam\steamapps\common\poker night at the inventory\CelebrityPoker.exe" = D:\Program Files\Steam\steamapps\common\poker night at the inventory\CelebrityPoker.exe:*:Enabled:Poker Night at the Inventory -- (Telltale Games)
"D:\Program Files\Skype\Plugin Manager\skypePM.exe" = D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"D:\Program Files\Steam\steamapps\common\farming simulator 2011\game.exe" = D:\Program Files\Steam\steamapps\common\farming simulator 2011\game.exe:*:Enabled:Farming Simulator 2011
"D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = D:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"D:\Documents and Settings\tyler\Local Settings\Apps\2.0\BYTCNGZ2.GZ2\TVWNOKOO.2W7\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\CoHOLauncher.exe" = D:\Documents and Settings\tyler\Local Settings\Apps\2.0\BYTCNGZ2.GZ2\TVWNOKOO.2W7\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\CoHOLauncher.exe:*:Enabled:Company of Heroes Online (THQ) -- (THQ Canada Inc \ Relic Entertainment)
"D:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\GameLauncher.exe" = D:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\GameLauncher.exe:*:Enabled:GameLauncher -- (THQ Canada Inc. dba Relic Entertainment)
"D:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe" = D:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ) -- (THQ Canada Inc.)
"D:\Program Files\Steam\steamapps\common\breach\Breach.exe" = D:\Program Files\Steam\steamapps\common\breach\Breach.exe:*:Enabled:Breach
"D:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe" = D:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe:*:Enabled:Fallout: New Vegas -- (Bethesda Softworks, Obsidian Entertainment)
"D:\Program Files\Steam\steamapps\common\apox\GameClient\APOX.exe" = D:\Program Files\Steam\steamapps\common\apox\GameClient\APOX.exe:*:Enabled:APOX -- ()
"D:\Program Files\Steam\steamapps\common\men of war assault squad\mow_assault_squad.exe" = D:\Program Files\Steam\steamapps\common\men of war assault squad\mow_assault_squad.exe:*:Enabled:Men of War: Assault Squad
"D:\Program Files\Steam\steamapps\common\command and conquer 4 tiberian twilight\Data\CNC4.game" = D:\Program Files\Steam\steamapps\common\command and conquer 4 tiberian twilight\Data\CNC4.game:*:Enabled:Command & Conquer™ 4 -- (Electronic Arts Inc.)
"D:\Program Files\Steam\steamapps\common\command and conquer red alert 3\Data\ra3_1.12.game" = D:\Program Files\Steam\steamapps\common\command and conquer red alert 3\Data\ra3_1.12.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"D:\Program Files\Steam\steamapps\common\company of heroes\help.htm" = D:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes
"D:\Program Files\America Online 9.0d\waol.exe" = D:\Program Files\America Online 9.0d\waol.exe:*:Enabled:America Online 9.0d -- (America Online, Inc.)
"D:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = D:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"D:\Program Files\Steam\steamapps\common\dogfighter\bin\x86_vc8\DogFighterSteam.exe" = D:\Program Files\Steam\steamapps\common\dogfighter\bin\x86_vc8\DogFighterSteam.exe:*:Enabled:DogFighter -- (Instinct Technology Limited)
"D:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = D:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"D:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert™ II\RA2\game.exe" = D:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert™ II\RA2\game.exe:*:Enabled:Main executable for Red Alert 2 -- (Westwood Studios)
"D:\WINDOWS\system32\java.exe" = D:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe" = D:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
"D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\Program Files\Steam\steamapps\common\stronghold legends\StrongholdLegends.exe" = D:\Program Files\Steam\steamapps\common\stronghold legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"D:\Program Files\Steam\steamapps\relyt33333\day of defeat\hl.exe" = D:\Program Files\Steam\steamapps\relyt33333\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve)
"D:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe" = D:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"D:\Program Files\Pando Networks\Media Booster\PMB.exe" = D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Program Files\Vogster Entertainment\CrimeCraft\ClientLauncher.exe" = D:\Program Files\Vogster Entertainment\CrimeCraft\ClientLauncher.exe:*:Enabled:CrimeCraft Launcher -- (Vogster Entertainment)
"D:\Program Files\Vogster Entertainment\CrimeCraft\Binaries\CrimeCraft.exe" = D:\Program Files\Vogster Entertainment\CrimeCraft\Binaries\CrimeCraft.exe:*:Enabled:CrimeCraft -- ()
"D:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe" = D:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()
"D:\Program Files\Steam\steamapps\common\deus ex invisible war\System\dx2.exe" = D:\Program Files\Steam\steamapps\common\deus ex invisible war\System\dx2.exe:*:Enabled:Deus Ex: Invisible War -- ()
"D:\Program Files\Steam\steamapps\common\sid meier's railroads\RailRoads.exe" = D:\Program Files\Steam\steamapps\common\sid meier's railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads! -- (Firaxis Games, Inc)
"D:\Program Files\Steam\steamapps\common\men of war\mow.exe" = D:\Program Files\Steam\steamapps\common\men of war\mow.exe:*:Enabled:Men of War -- ("Best Way" Corp)
"D:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe" = D:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe:*:Enabled:Men of War -- ("Best Way" Corp)
"D:\Program Files\Steam\steamapps\common\pacific storm\PacificStorm.bat" = D:\Program Files\Steam\steamapps\common\pacific storm\PacificStorm.bat:*:Enabled:Pacific Storm -- ()
"D:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe" = D:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"D:\Program Files\Steam\steamapps\common\fear2\FEAR2.exe" = D:\Program Files\Steam\steamapps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.)
"D:\Program Files\Steam\steamapps\common\command and conquer red alert 3\runme.exe" = D:\Program Files\Steam\steamapps\common\command and conquer red alert 3\runme.exe:*:Enabled:Command and Conquer: Red Alert 3 -- ()
"D:\Program Files\Steam\steamapps\common\command and conquer red alert 3\Support\EA Help\Electronic_Arts_Technical_Support.htm" = D:\Program Files\Steam\steamapps\common\command and conquer red alert 3\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Command and Conquer: Red Alert 3 -- ()
"D:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe" = D:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Tales of Valor -- (THQ Canada Inc.)
"D:\Program Files\Steam\steamapps\common\lego universe\patcher\LEGOUniverseLauncher.exe" = D:\Program Files\Steam\steamapps\common\lego universe\patcher\LEGOUniverseLauncher.exe:*:Enabled:LEGO: Universe -- ()
"D:\Program Files\Steam\steamapps\common\r.u.s.e\Ruse.exe" = D:\Program Files\Steam\steamapps\common\r.u.s.e\Ruse.exe:*:Enabled:R.U.S.E -- (Eugen Systems)
"D:\Program Files\Steam\steamapps\common\simcity 4 deluxe\Apps\SimCity 4.exe" = D:\Program Files\Steam\steamapps\common\simcity 4 deluxe\Apps\SimCity 4.exe:*:Enabled:SimCity 4 Deluxe -- (Maxis)
"D:\Program Files\Steam\steamapps\common\simcity 4 deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm" = D:\Program Files\Steam\steamapps\common\simcity 4 deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:SimCity 4 Deluxe -- ()
"D:\Program Files\Steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe" = D:\Program Files\Steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe:*:Enabled:Kane & Lynch 2: Dog Days -- (Io Interactive A/S)
"D:\Program Files\Steam\steamapps\common\back to the future ep 1\BackToTheFuture101.exe" = D:\Program Files\Steam\steamapps\common\back to the future ep 1\BackToTheFuture101.exe:*:Enabled:Back to the Future: Ep 1 - It's About Time -- (Telltale Games)
"D:\Program Files\Steam\steamapps\common\darkest of days demo\darkestofdays.exe" = D:\Program Files\Steam\steamapps\common\darkest of days demo\darkestofdays.exe:*:Enabled:Darkest of Days - Demo -- ()
"D:\Program Files\Steam\steamapps\common\command and conquer 4 tiberian twilight\CNC4.exe" = D:\Program Files\Steam\steamapps\common\command and conquer 4 tiberian twilight\CNC4.exe:*:Enabled:Command and Conquer 4: Tiberian Twilight -- (Electronic Arts Inc.)
"D:\Program Files\Steam\steamapps\common\command and conquer 4 tiberian twilight\Support\EA Help\Electronic_Arts_Technical_Support.htm" = D:\Program Files\Steam\steamapps\common\command and conquer 4 tiberian twilight\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Command and Conquer 4: Tiberian Twilight -- ()
"D:\Program Files\Steam\steamapps\common\mafia ii\pc\Mafia2.exe" = D:\Program Files\Steam\steamapps\common\mafia ii\pc\Mafia2.exe:*:Enabled:Mafia II -- (2K Czech)
"D:\Program Files\Steam\steamapps\common\cities xl 2011\CitiesXL_2011.exe" = D:\Program Files\Steam\steamapps\common\cities xl 2011\CitiesXL_2011.exe:*:Enabled:Cities XL 2011 -- (Monte Cristo Games)
"D:\Program Files\Steam\steamapps\common\back to the future ep 2\BackToTheFuture102.exe" = D:\Program Files\Steam\steamapps\common\back to the future ep 2\BackToTheFuture102.exe:*:Enabled:Back to the Future: Ep 2 - Get Tannen! -- (Telltale Games)
"D:\WINDOWS\system32\lxdncoms.exe" = D:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server -- ( )
"D:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = D:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- ()
"D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe" = D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"D:\Program Files\Lexmark 2600 Series\frun.exe" = D:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Printing Application -- ()
"D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = D:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"D:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = D:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"D:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = D:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()
"D:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe" = D:\Program Files\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.)
"D:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe" = D:\Program Files\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2AF94338-FF58-44CB-BAD6-39D50DFF626F}" = Company of Heroes Online (THQ)
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30BEF9F2-CD3F-4B13-9E5C-BFE2F9544572}_is1" = iZ3D Driver Remove
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F986C21-5D52-49EA-BAE6-23529040A2DC}" = ASPCA Reminder V7F+AU by We-Care.com
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"APB Reloaded" = APB Reloaded
"BitTornado" = BitTornado 0.3.18
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"COH" = City of Villains/City of Heroes (remove only)
"Creative PD0630" = Creative WebCam Live! Driver (1.00.06.0414)
"Creative WebCam Center" = Creative WebCam Center
"CrimeCraft" = CrimeCraft
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"Google Chrome" = Google Chrome
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 11250" = Pacific Storm
"Steam App 11260" = Pacific Storm: Allies
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 17510" = Age of Chivalry
"Steam App 17700" = Insurgency
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 21140" = LEGO: Universe
"Steam App 21970" = R.U.S.E
"Steam App 22380" = Fallout: New Vegas
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 31280" = Poker Night at the Inventory
"Steam App 31290" = Back to the Future: Ep 1 - It's About Time
"Steam App 37710" = Darkest of Days - Demo
"Steam App 40980" = Stronghold Legends
"Steam App 42500" = DogFighter
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 47700" = Command and Conquer 4: Tiberian Twilight
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 58510" = Cities XL 2011
"Steam App 630" = Alien Swarm
"Steam App 64000" = Men of War: Assault Squad
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 7600" = Sid Meier's Railroads!
"Steam App 7830" = Men of War
"Steam App 80000" = APOX
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 90200" = Farming Simulator 2011
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steam App 94500" = Back to the Future: Ep 2 - Get Tannen!
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583907252-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2011 9:06:37 AM | Computer Name = TYLER-DA18647FA | Source = Application Hang | ID = 1002
Description = Hanging application BlackOpsMP.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/3/2011 7:27:22 PM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1000
Description = Faulting application citiesxl_2011.exe, version 1.0.4.723, faulting
module unknown, version 0.0.0.0, fault address 0x04180d96.

Error - 6/6/2011 5:37:25 PM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1000
Description = Faulting application iw3sp.exe, version 0.0.0.0, faulting module ~df394b.tmp,
version 0.0.0.0, fault address 0x0008ed33.

Error - 6/6/2011 5:37:38 PM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1000
Description = Faulting application iw3sp.exe, version 0.0.0.0, faulting module ~df394b.tmp,
version 0.0.0.0, fault address 0x0008ed33.

Error - 6/6/2011 5:39:48 PM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1000
Description = Faulting application iw3sp.exe, version 0.0.0.0, faulting module ~df394b.tmp,
version 0.0.0.0, fault address 0x0008ed33.

Error - 6/6/2011 5:39:58 PM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1001
Description = Fault bucket 559199483.

Error - 6/6/2011 6:12:11 PM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1000
Description = Faulting application iw3sp.exe, version 0.0.0.0, faulting module ~df394b.tmp,
version 0.0.0.0, fault address 0x0008ed33.

Error - 6/8/2011 10:19:06 AM | Computer Name = TYLER-DA18647FA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2011 6:43:44 AM | Computer Name = TYLER-DA18647FA | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 2.0.1.4120, faulting
module quicktime.qts, version 6.3.0.16, fault address 0x002404f4.

Error - 6/11/2011 8:09:15 AM | Computer Name = TYLER-DA18647FA | Source = Application Hang | ID = 1002
Description = Hanging application DivX Player.exe, version 6.8.2.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/21/2011 5:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At7.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 5:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At8.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 6:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At10.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 6:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At9.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 7:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 7:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 8:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 8:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 9:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 12/21/2011 9:29:00 AM | Computer Name = TYLER-DA18647FA | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 22 December 2011 - 10:34 AM

Hi!

I ran UNhide.exe, after running it said my start menus should reappear the way it was before, but it still looks as it does in the attachment above (missing icons and folders).


Please try and run this program and see if it restores your missing icons and folders.

Link: http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    [2011/12/17 16:59:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tyler\Start Menu\Programs\System Fix
    [2011/12/17 17:00:45 | 000,000,456 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF
    [2011/12/17 16:59:37 | 000,000,296 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNF
    [2011/12/17 16:59:37 | 000,000,184 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNFr
    [2011/12/17 16:59:35 | 000,000,849 | ---- | M] () -- D:\Documents and Settings\tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/17 16:59:35 | 000,000,831 | ---- | M] () -- D:\Documents and Settings\tyler\Desktop\System Fix.lnk
    [2011/12/17 16:59:27 | 000,353,536 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF.exe
    [2011/12/16 09:32:55 | 000,014,756 | -HS- | M] () -- D:\Documents and Settings\tyler\Local Settings\Application Data\848172v5t751r267h561k8rlw1p7
    [2011/12/16 09:32:55 | 000,014,756 | -HS- | M] () -- D:\Documents and Settings\All Users\Application Data\848172v5t751r267h561k8rlw1p7
    [2011/12/16 09:15:42 | 000,000,112 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\JQTi8M7.dat
    [2011/12/16 08:57:40 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\E1X2G0.com.b
    [2011/12/17 19:22:13 | 000,302,592 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\dixpts5k.exe
    [2011/12/17 16:59:36 | 000,000,296 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNF
    [2011/12/17 16:59:36 | 000,000,184 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNFr
    [2011/12/17 16:59:35 | 000,000,849 | ---- | C] () -- D:\Documents and Settings\tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/17 16:59:35 | 000,000,831 | ---- | C] () -- D:\Documents and Settings\tyler\Desktop\System Fix.lnk
    [2011/12/17 16:59:32 | 000,000,456 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF
    [2011/12/17 16:59:27 | 000,353,536 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF.exe
    [2011/12/16 08:57:40 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\E1X2G0.com.b
    [2011/12/16 08:44:01 | 000,000,112 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\JQTi8M7.dat
    [2011/12/16 08:29:50 | 000,014,756 | -HS- | C] () -- D:\Documents and Settings\tyler\Local Settings\Application Data\848172v5t751r267h561k8rlw1p7
    [2011/12/16 08:29:50 | 000,014,756 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\848172v5t751r267h561k8rlw1p7
    
    :Reg
    
    :Files
    D:\WINDOWS\tasks\At*.job
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Edited by SweetTech, 22 December 2011 - 10:34 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 December 2011 - 09:44 PM

I tried running winxp-pro-32bit-sm-reset.exe and that did not change the start menu at all. Also the shutdown times before running the programs in your last post seemed to be increasing, and I would usually get aoltray.exe, rundll 32, and sometimes yahoo messenger needing to be "end tasked" at shutdown.

I ran OTL fix with the commands you provided. At shutdown I had to end task rundll 32. The shutdown took at least 35 minutes so I just left the computer shutting down, when I came back maybe an hour later the computer was still running but the screen seemed to be in standby mode and I couldn't bring it out of it so I did a soft off. I then turned the power back on, here is the log:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
D:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
D:\Documents and Settings\tyler\Start Menu\Programs\System Fix folder moved successfully.
D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF moved successfully.
D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNF moved successfully.
D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNFr moved successfully.
D:\Documents and Settings\tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
D:\Documents and Settings\tyler\Desktop\System Fix.lnk moved successfully.
D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF.exe moved successfully.
D:\Documents and Settings\tyler\Local Settings\Application Data\848172v5t751r267h561k8rlw1p7 moved successfully.
D:\Documents and Settings\All Users\Application Data\848172v5t751r267h561k8rlw1p7 moved successfully.
D:\Documents and Settings\All Users\Application Data\JQTi8M7.dat moved successfully.
D:\WINDOWS\system32\E1X2G0.com.b moved successfully.
D:\Documents and Settings\All Users\Desktop\dixpts5k.exe moved successfully.
File D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNF not found.
File D:\Documents and Settings\All Users\Application Data\~mo6GMxaCAlEGNFr not found.
File D:\Documents and Settings\tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk not found.
File D:\Documents and Settings\tyler\Desktop\System Fix.lnk not found.
File D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF not found.
File D:\Documents and Settings\All Users\Application Data\mo6GMxaCAlEGNF.exe not found.
File D:\WINDOWS\System32\E1X2G0.com.b not found.
File D:\Documents and Settings\All Users\Application Data\JQTi8M7.dat not found.
File D:\Documents and Settings\tyler\Local Settings\Application Data\848172v5t751r267h561k8rlw1p7 not found.
File D:\Documents and Settings\All Users\Application Data\848172v5t751r267h561k8rlw1p7 not found.
========== REGISTRY ==========
========== FILES ==========
D:\WINDOWS\tasks\At1.job moved successfully.
D:\WINDOWS\tasks\At10.job moved successfully.
D:\WINDOWS\tasks\At11.job moved successfully.
D:\WINDOWS\tasks\At12.job moved successfully.
D:\WINDOWS\tasks\At13.job moved successfully.
D:\WINDOWS\tasks\At14.job moved successfully.
D:\WINDOWS\tasks\At15.job moved successfully.
D:\WINDOWS\tasks\At16.job moved successfully.
D:\WINDOWS\tasks\At17.job moved successfully.
D:\WINDOWS\tasks\At18.job moved successfully.
D:\WINDOWS\tasks\At19.job moved successfully.
D:\WINDOWS\tasks\At2.job moved successfully.
D:\WINDOWS\tasks\At20.job moved successfully.
D:\WINDOWS\tasks\At21.job moved successfully.
D:\WINDOWS\tasks\At22.job moved successfully.
D:\WINDOWS\tasks\At23.job moved successfully.
D:\WINDOWS\tasks\At24.job moved successfully.
D:\WINDOWS\tasks\At25.job moved successfully.
D:\WINDOWS\tasks\At26.job moved successfully.
D:\WINDOWS\tasks\At27.job moved successfully.
D:\WINDOWS\tasks\At28.job moved successfully.
D:\WINDOWS\tasks\At29.job moved successfully.
D:\WINDOWS\tasks\At3.job moved successfully.
D:\WINDOWS\tasks\At30.job moved successfully.
D:\WINDOWS\tasks\At31.job moved successfully.
D:\WINDOWS\tasks\At32.job moved successfully.
D:\WINDOWS\tasks\At33.job moved successfully.
D:\WINDOWS\tasks\At34.job moved successfully.
D:\WINDOWS\tasks\At35.job moved successfully.
D:\WINDOWS\tasks\At36.job moved successfully.
D:\WINDOWS\tasks\At37.job moved successfully.
D:\WINDOWS\tasks\At38.job moved successfully.
D:\WINDOWS\tasks\At39.job moved successfully.
D:\WINDOWS\tasks\At4.job moved successfully.
D:\WINDOWS\tasks\At40.job moved successfully.
D:\WINDOWS\tasks\At41.job moved successfully.
D:\WINDOWS\tasks\At42.job moved successfully.
D:\WINDOWS\tasks\At43.job moved successfully.
D:\WINDOWS\tasks\At44.job moved successfully.
D:\WINDOWS\tasks\At45.job moved successfully.
D:\WINDOWS\tasks\At46.job moved successfully.
D:\WINDOWS\tasks\At47.job moved successfully.
D:\WINDOWS\tasks\At48.job moved successfully.
D:\WINDOWS\tasks\At5.job moved successfully.
D:\WINDOWS\tasks\At6.job moved successfully.
D:\WINDOWS\tasks\At7.job moved successfully.
D:\WINDOWS\tasks\At8.job moved successfully.
D:\WINDOWS\tasks\At9.job moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: D:\WINDOWS\system32\drivers\etc\hosts
D:\Documents and Settings\tyler\Desktop\cmd.bat deleted successfully.
D:\Documents and Settings\tyler\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Documents and Settings\tyler\Desktop\cmd.bat deleted successfully.
D:\Documents and Settings\tyler\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
D:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: Guest
->Flash cache emptied: 456 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 48215 bytes

User: tyler
->Flash cache emptied: 126499 bytes

User: UpdatusUser
->Flash cache emptied: 56502 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12222011_153114

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Also, upon reboot the system fix icon was finally gone.

I downloaded combofix to the desktop, before running I was going to shutdown adaware as per the instructions before running. Adaware was not running in the task bar as it usually does, when I tried to click on the icon I would get "could not connect to service" message box. I then clicked on combofix icon. It alerted me that adaware was running and needed to be shutdown, I tried to click on adaware again and got "could not connect to service." I didn't want to run combofix with adaware running so I clicked the X on the message box thinking it would abort combofix but it preceded anyways. I had received two warnings from zone alarm after combofix began to run, the first one I'm pretty sure was combofix wanting access to TCP/IP ports so I allowed it. The second one was described as such:
Hidec.3EX is trying to use TCP/IP Ping Command to access the trusted zone. (more info) Application: D:\32788R22FWJFW\hidec.3xe the location looked suspicious so I denied access. Combofix still continued to run. Combofix said because of the infections it would need to install Windows Recovery console (or something like that), I clicked ok and then combofix said there was no internet connection, I open firefox to check and the internet was still connected, combofix attempted again and said there was no connection and proceeded. Combofix continued to run and then said it needed to reboot, the shutdown only took like 5 minutes this time with nothing needing to be end tasked. Upon reboot it was taking awhile so I went to watch tv and fell asleep, so that is why there is a long gap in the report between initial test and reboot timestamps. When rebooting combo fix opened and said it was preparing a log and not to use any programs, then InCD Essentials popped up asking to prepare the F drive for format. (F Drive is just a DVD-Ram drive with no disk it it). Combo fix then finished completing its log. Here is the log:

ComboFix 11-12-22.04 - tyler 12/22/2011 17:34:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1086 [GMT -6:00]
Running from: d:\documents and settings\All Users\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\data
d:\documents and settings\NetworkService\Application Data\PriceGong
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\1.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\a.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\b.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\c.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\d.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\e.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\f.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\g.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\h.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\i.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\j.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\k.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\l.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\m.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\mru.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\n.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\o.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\p.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\q.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\r.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\s.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\t.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\u.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\v.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\w.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\x.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\y.xml
d:\documents and settings\NetworkService\Application Data\PriceGong\Data\z.xml
d:\documents and settings\tyler\Application Data\PriceGong
d:\documents and settings\tyler\Application Data\PriceGong\Data\1.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\a.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\b.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\c.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\d.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\e.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\f.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\g.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\h.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\i.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\J.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\k.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\l.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\m.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\mru.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\n.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\o.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\p.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\q.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\r.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\s.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\t.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\u.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\v.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\w.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\x.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\y.xml
d:\documents and settings\tyler\Application Data\PriceGong\Data\z.xml
D:\install.exe
d:\program files\Program Files
d:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
d:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
d:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt
d:\windows\$NtUninstallKB64346$\2084537803
d:\windows\$NtUninstallKB64346$\3515230940\@
d:\windows\$NtUninstallKB64346$\3515230940\bckfg.tmp
d:\windows\$NtUninstallKB64346$\3515230940\cfg.ini
d:\windows\$NtUninstallKB64346$\3515230940\Desktop.ini
d:\windows\$NtUninstallKB64346$\3515230940\keywords
d:\windows\$NtUninstallKB64346$\3515230940\kwrd.dll
d:\windows\$NtUninstallKB64346$\3515230940\L\kodleroo
d:\windows\$NtUninstallKB64346$\3515230940\lsflt7.ver
d:\windows\$NtUninstallKB64346$\3515230940\U\00000001.@
d:\windows\$NtUninstallKB64346$\3515230940\U\00000002.@
d:\windows\$NtUninstallKB64346$\3515230940\U\00000004.@
d:\windows\$NtUninstallKB64346$\3515230940\U\80000000.@
d:\windows\$NtUninstallKB64346$\3515230940\U\80000004.@
d:\windows\$NtUninstallKB64346$\3515230940\U\80000032.@
d:\windows\system32\oobe\isperror
d:\windows\system32\oobe\isperror\ispcnerr.htm
d:\windows\system32\oobe\isperror\ispdtone.htm
d:\windows\system32\oobe\isperror\isphdshk.htm
d:\windows\system32\oobe\isperror\ispins.htm
d:\windows\system32\oobe\isperror\ispnoanw.htm
d:\windows\system32\oobe\isperror\isppberr.htm
d:\windows\system32\oobe\isperror\ispphbsy.htm
d:\windows\system32\oobe\isperror\ispsbusy.htm
d:\windows\$NtUninstallKB64346$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\documents and settings\tyler\Application Data\CheckPoint
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\program files\Conduit
2011-12-17 22:42 . 2011-12-18 11:01 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\ZoneAlarm_Security
2011-12-17 22:42 . 2011-12-18 11:00 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Conduit
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Temp
2011-12-17 22:42 . 2011-12-18 11:01 -------- d-----w- d:\program files\ZoneAlarm_Security
2011-12-17 22:41 . 2011-12-17 22:41 -------- d-----w- d:\documents and settings\All Users\Application Data\CheckPoint
2011-12-17 22:29 . 2011-12-17 22:41 -------- d-----w- d:\program files\CheckPoint
2011-12-17 20:00 . 2011-12-16 21:03 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-12-17 08:28 . 2011-12-17 08:28 -------- d-----w- d:\documents and settings\UpdatusUser\Application Data\McAfee
2011-12-17 00:06 . 2011-12-17 00:07 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-16 21:04 . 2011-12-16 21:04 101720 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-12-16 21:00 . 2011-12-16 21:00 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\adaware
2011-12-16 21:00 . 2011-12-23 02:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-16 21:00 . 2011-12-16 21:00 -------- d-----w- d:\program files\Toolbar Cleaner
2011-12-16 20:59 . 2011-12-18 11:00 -------- d-----w- d:\documents and settings\tyler\Application Data\adawaretb
2011-12-16 20:59 . 2011-12-16 21:00 -------- d-----w- d:\program files\adawaretb
2011-12-16 20:57 . 2011-12-12 16:07 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-12-16 20:56 . 2011-12-16 20:56 -------- d-----w- d:\program files\Lavasoft
2011-12-16 20:56 . 2011-12-16 20:57 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-12-16 16:30 . 2011-12-16 16:30 -------- d-----w- d:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\documents and settings\tyler\Application Data\Malwarebytes
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-16 16:06 . 2011-08-31 23:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-16 14:54 . 2011-12-16 14:54 -------- d-s---w- d:\documents and settings\NetworkService\UserData
2011-12-16 14:26 . 2011-12-16 14:26 -------- d-----w- d:\documents and settings\tyler\Application Data\FaxCtr
2011-12-13 17:49 . 2011-12-13 17:49 -------- d-----w- d:\documents and settings\tyler\Application Data\Lexmark Productivity Studio
2011-12-13 17:48 . 2011-12-13 18:07 -------- d-----w- d:\documents and settings\All Users\Lx_cats
2011-12-13 17:46 . 2011-12-13 17:46 -------- d-----w- D:\logs
2011-12-13 17:46 . 2007-11-28 17:51 40960 ----a-w- d:\windows\system32\lxdnvs.dll
2011-12-13 17:46 . 2008-02-27 11:05 115200 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2011-12-13 17:46 . 2008-02-15 04:52 348160 ----a-w- d:\windows\system32\lxdncoin.dll
2011-12-13 17:46 . 2008-04-13 19:45 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2011-12-13 17:46 . 2008-04-13 19:45 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2011-12-13 17:46 . 2001-08-18 04:36 87040 -c--a-w- d:\windows\system32\dllcache\wiafbdrv.dll
2011-12-13 17:46 . 2001-08-18 04:36 87040 ----a-w- d:\windows\system32\wiafbdrv.dll
2011-12-13 17:46 . 2007-11-21 00:02 782336 ----a-w- d:\windows\system32\lxdndrs.dll
2011-12-13 17:44 . 2011-12-13 17:45 -------- d-----w- d:\program files\Abbyy FineReader 6.0 Sprint
2011-12-13 17:44 . 2011-12-13 17:44 -------- d-----w- d:\program files\Lexmark Toolbar
2011-12-12 13:49 . 2011-12-12 13:49 -------- d-----w- d:\documents and settings\tyler\Application Data\InstallShield Installation Information
2011-12-12 13:49 . 2011-12-12 13:49 -------- d-----w- d:\program files\DIFX
2011-12-12 13:48 . 2011-12-16 20:57 -------- dc----w- d:\windows\system32\DRVSTORE
2011-12-12 13:48 . 2006-07-02 04:39 36864 ----a-w- d:\windows\system32\drivers\AmdK8.sys
2011-12-12 13:48 . 2011-12-12 13:48 -------- d-----w- d:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-12-12 13:41 . 2011-12-12 13:41 -------- d-----w- d:\program files\Vogster Entertainment
2011-12-12 03:47 . 2011-12-12 03:47 -------- d-----w- D:\crimecraft
2011-12-11 09:39 . 2011-12-22 11:57 -------- d-----w- D:\tryingtofixdrive
2011-12-11 09:26 . 2011-12-11 09:26 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2011-12-11 09:26 . 2011-12-11 09:26 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2011-12-11 09:26 . 2011-12-11 09:26 132224 ----a-w- d:\windows\system32\drivers\snapman.sys
2011-12-11 09:26 . 2011-12-11 09:26 368480 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2011-12-11 09:25 . 2011-12-11 09:25 -------- d-----w- d:\program files\Common Files\Seagate
2011-12-11 09:05 . 2011-12-11 09:05 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\GamersFirst LIVE!
2011-12-11 09:05 . 2011-12-22 13:58 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\PMB Files
2011-12-11 09:05 . 2011-12-14 20:59 -------- d-----w- d:\documents and settings\All Users\Application Data\PMB Files
2011-12-11 09:04 . 2011-12-11 09:04 -------- d-----w- d:\program files\Pando Networks
2011-12-11 09:04 . 2011-12-11 19:29 -------- d-----w- d:\program files\GamersFirst
2011-12-11 09:04 . 2011-12-11 17:38 -------- d-----w- D:\apb
2011-12-11 09:00 . 2011-12-11 09:00 -------- d-----w- d:\program files\MSXML 4.0
2011-12-11 04:06 . 2011-12-11 09:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Seagate
2011-12-11 04:06 . 2011-12-11 09:25 -------- d-----w- d:\program files\Seagate
2011-12-11 04:05 . 2011-12-11 04:05 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Downloaded Installations
2011-12-11 04:04 . 2011-12-11 04:04 -------- d-----w- d:\program files\Carbonite
2011-12-11 04:04 . 2011-12-11 04:04 -------- d-----w- d:\documents and settings\tyler\Application Data\Leadertech
2011-12-11 03:50 . 2001-08-17 19:48 12160 -c--a-w- d:\windows\system32\dllcache\mouhid.sys
2011-12-11 03:50 . 2001-08-17 19:48 12160 ----a-w- d:\windows\system32\drivers\mouhid.sys
2011-12-11 03:50 . 2008-04-13 19:47 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2011-12-11 03:50 . 2008-04-13 19:47 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 23:26 . 2011-07-08 19:41 1409 ----a-w- d:\windows\QTFont.for
2011-12-15 12:51 . 2010-09-26 03:08 140496 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2011-12-15 12:50 . 2010-09-26 03:09 280736 ----a-w- d:\windows\system32\PnkBstrB.xtr
2011-12-15 12:50 . 2010-09-26 03:08 280736 ----a-w- d:\windows\system32\PnkBstrB.exe
2011-12-15 03:37 . 2010-09-26 03:08 280736 ----a-w- d:\windows\system32\PnkBstrB.ex0
2011-12-11 21:00 . 2010-09-26 03:08 138056 ----a-w- d:\documents and settings\tyler\Application Data\PnkBstrK.sys
2011-12-11 21:00 . 2010-09-26 03:08 75136 ----a-w- d:\windows\system32\PnkBstrA.exe
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-01 20:35 . 2004-08-04 12:00 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2004-08-04 12:00 667136 ----a-w- d:\windows\system32\wininet.dll
2011-11-01 20:35 . 2004-08-04 12:00 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- d:\windows\system32\ole32.dll
2011-11-01 15:02 . 2004-08-04 12:00 369664 ----a-w- d:\windows\system32\html.iec
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- d:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-09-06 00:51 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 00:59 611328 ----a-w- d:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2004-08-04 12:00 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2004-08-04 12:00 20480 ----a-w- d:\windows\system32\oleaccrc.dll
2011-12-16 14:27 . 2011-05-08 15:37 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-08 00:06 86696 ----a-w- d:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- d:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "d:\program files\adawaretb\adawareDx.dll" [2011-12-08 86696]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-09-06 77824]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HostManager"="d:\program files\Common Files\AOL\1284821555\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"TkBellExe"="d:\program files\real\realplayer\update\realsched.exe" [2011-07-22 273544]
"CarboniteSetupLite"="d:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="d:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"DiscWizardMonitor.exe"="d:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="d:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"Seagate Scheduler2 Service"="d:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"lxdnmon.exe"="d:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="d:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="d:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"Ad-Aware Browsing Protection"="d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"ISW"="d:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="d:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
.
d:\documents and settings\tyler\Start Menu\Programs\Startup\
Seagate 2GEWS9TC Product Registration.lnk - d:\documents and settings\tyler\Application Data\Leadertech\PowerRegister\Seagate 2GEWS9TC Product Registration.exe [2011-12-10 1731736]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - d:\program files\America Online 9.0d\aoltray.exe [2011-2-27 36953]
GamersFirst LIVE!.lnk - d:\program files\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"d:\\Program Files\\AIM\\aim.exe"=
"d:\\Program Files\\America Online 9.0\\waol.exe"=
"d:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\Program Files\\Steam\\steamapps\\relyt33333@aol.com\\insurgency\\hl2.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"d:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Documents and Settings\\tyler\\Local Settings\\Apps\\2.0\\BYTCNGZ2.GZ2\\TVWNOKOO.2W7\\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\\CoHOLauncher.exe"=
"d:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\GameLauncher.exe"=
"d:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\apox\\GameClient\\APOX.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\Data\\CNC4.game"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Data\\ra3_1.12.game"=
"d:\\Program Files\\America Online 9.0d\\waol.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dogfighter\\bin\\x86_vc8\\DogFighterSteam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"d:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert™ II\\RA2\\game.exe"=
"d:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\stronghold legends\\StrongholdLegends.exe"=
"d:\\Program Files\\Steam\\steamapps\\relyt33333@aol.com\\day of defeat\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\Vogster Entertainment\\CrimeCraft\\ClientLauncher.exe"=
"d:\\Program Files\\Vogster Entertainment\\CrimeCraft\\Binaries\\CrimeCraft.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\deus ex invisible war\\System\\dx2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads\\RailRoads.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow_editor.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\pacific storm\\PacificStorm.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\runme.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\lego universe\\patcher\\LEGOUniverseLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e\\Ruse.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\simcity 4 deluxe\\Apps\\SimCity 4.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\simcity 4 deluxe\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\kane & lynch 2 - dog days\\kl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 1\\BackToTheFuture101.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\darkest of days demo\\darkestofdays.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\CNC4.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\cities xl 2011\\CitiesXL_2011.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
"d:\\WINDOWS\\system32\\lxdncoms.exe"=
"d:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"d:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\APB.exe"=
"d:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\VivoxVoiceService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57971:TCP"= 57971:TCP:Pando Media Booster
"57971:UDP"= 57971:UDP:Pando Media Booster
"57100:TCP"= 57100:TCP:Pando Media Booster
"57100:UDP"= 57100:UDP:Pando Media Booster
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [12/16/2011 2:57 PM 64512]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [12/20/2010 3:37 PM 28552]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [9/21/2010 6:06 AM 34968]
R2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;d:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 8:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;d:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 8:44 AM 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/12/2011 10:07 AM 2152152]
R2 lxdn_device;lxdn_device;d:\windows\system32\lxdncoms.exe -service --> d:\windows\system32\lxdncoms.exe -service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/17/2011 6:21 PM 2214504]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iZ3D Driver\Win32\S3DCService.exe [9/21/2010 6:06 AM 360960]
R2 SgtSch2Svc;Seagate Scheduler2 Service;d:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 6:49 PM 136176]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [12/13/2011 11:46 AM 98984]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\EagleXNt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/12/2011 10:07 AM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
S3 P0630VID;Creative WebCam Live!;d:\windows\system32\drivers\P0630Vid.sys [9/10/2010 3:19 PM 91797]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 21:03]
.
2011-12-23 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 00:49]
.
2011-12-23 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 00:49]
.
2011-12-23 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-23 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1958367476-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-16 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-23 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1958367476-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.skype.com/go/help.guides.ieaddon?lang=EN
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - d:\documents and settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-22 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(824)
d:\windows\system32\relog_ap.dll
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3784)
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\progra~1\COMMON~1\AOL\ACS\acsd.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\lxdncoms.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\wanmpsvc.exe
d:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\Lavasoft\Ad-Aware\AAWTray.exe
d:\windows\system32\RunDLL32.exe
d:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-12-22 20:08:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 02:08
.
Pre-Run: 488,987,140,096 bytes free
Post-Run: 490,026,582,016 bytes free
.
- - End Of File - - 5F113669052473458400E1D1143C3F85



As for how my computer is running now, ComboFix seemed to get back more of the start menu items, but I still believe some of the upper left items are missing (attached picture). I did not get redirects when going to this post as I always do.

Attached Files


Edited by qtaqq, 22 December 2011 - 09:54 PM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 23 December 2011 - 03:04 AM

Hi!

I tried running winxp-pro-32bit-sm-reset.exe and that did not change the start menu at all. Also the shutdown times before running the programs in your last post seemed to be increasing, and I would usually get aoltray.exe, rundll 32, and sometimes yahoo messenger needing to be "end tasked" at shutdown.

Okay. Would you mind telling me what is missing from the start menu? What was there before and isn't there now?

I ran OTL fix with the commands you provided. At shutdown I had to end task rundll 32. The shutdown took at least 35 minutes so I just left the computer shutting down, when I came back maybe an hour later the computer was still running but the screen seemed to be in standby mode and I couldn't bring it out of it so I did a soft off. I then turned the power back on, here is the log:

Okay, thanks for that information.

Thanks for that information regarding ComboFix.

We'll be needing to run it again.

This infection is being extremely stubborn.

Please download GrantPerms.zip and save it to your desktop.

Unzip the file and run GrantPerms.exe
Copy and paste the following in the edit box:

d:\windows\$NtUninstallKB64346$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.


NEXT:


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
d:\windows\$NtUninstallKB64346$
DirLook::
d:\documents and settings\NetworkService\UserData
d:\windows\$NtUninstallKB64346$
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Edited by SweetTech, 23 December 2011 - 03:27 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 23 December 2011 - 11:55 AM

I attached a picture of an example of an XP start menu that is similar to what this computer had. In the top left (above that line) it had things like Internet explorer, AOL Icon, Email, I can't really remember the rest. On the right side between the two lines it also had printers and faxes, network connections, and maybe set program permissions.

I ran Grant Perms with the included code, here is the log:

GrantPerms by Farbar
Ran by tyler (administrator) at 2011-12-23 04:54:35

===============================================
\\?\d:\windows\$NtUninstallKB64346$

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)
BUILTIN\Power Users change ALLOW (I)
BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)




I then prepared to run ComboFix and disabled Ad-Aware in the task bar. I created the CFScript notepad and dragged and dropped. ComboFix began to run, I received zone alarm alerts again but allowed them this time for the same .3xe program from before since it was most likely ComboFix. (next time i'll probably just shut zone alarm off when I run ComboFix) ComboFix then installed the Windows Recovery Console successfully, ComboFix was running but then Windows Security Alerts popped up a warning that my antivirus was turned off. I believe this caused ComboFix to stall after step 6A. The ComboFix window is still open I tried to close it and then in ComboFix's window it asks "Terminate batch job (Y/N)?" but it won't except any keyboard input, is it safe to use end now to shut it down? Next time before I run it i'll have to wait for the Alert from Windows Security to pop up before I run it.

Attached Files


Edited by qtaqq, 23 December 2011 - 12:03 PM.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 28 December 2011 - 12:58 AM

Good Evening!

Apologizes in the delay in responding back to you. I did not intend to make you wait this long for a response, but with the holidays, and then getting sick, it couldn't of been helped. I should be back to posting at more regular intervals now. I hope you are enjoying the holidays!

I believe I now have a better idea about what you are referring to with the Start Menu issue. I'd like to come back to that a little later after we get the other issues straightened out.

If you haven't already done so, please exit out of ComboFix by ending it now.

You currently have a malicious folder on your computer related to ZAccess, and what we are doing with ComboFix is attempting to get rid of that folder.

I'd like to have you attempt to run the ComboFix script again, but I'd like to first have you run the GrantPerms script again, followed by the ComboFix script.

I'm going to ask that you attempt to disable ZoneAlarm before you proceed with running the ComboFix script again.

Note: ComboFix may prompt you with a warning that a newer version is available. If it does, please allow it to download the latest update, before you proceed with running the ComboFix script.

Please let me know how it goes.

If you encounter any issues or have any questions, feel free to post them.

Kindest Regards,
SweetTech.
IthinI need to look If you havem't

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 29 December 2011 - 06:46 PM

Apologizes in the delay in responding back to you. I did not intend to make you wait this long for a response, but with the holidays, and then getting sick, it couldn't of been helped. I should be back to posting at more regular intervals now. I hope you are enjoying the holidays!


That's fine I figured maybe you went someplace for Christmas, we were going through the flu at our house last week too. I hope you are feeling better now.

I could not get ComboFix to end task, I was finally able to get the computer to log off user and then restarted the computer from there.

I disabled adaware and turned off zone alarm pro, although I was still having to grant access to programs for some reason. I ran grant permission again, here is the log if you need it:

GrantPerms by Farbar
Ran by tyler (administrator) at 2011-12-29 12:47:53

===============================================
\\?\d:\windows\$NtUninstallKB64346$

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)
BUILTIN\Power Users change ALLOW (I)
BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)



I then ran ComboFix with the script provided. As I said before zone alarm was asking to grant permissions to certain programs again. ComboFix ran and said it found a ZAccess folder it was going to delete. ComboFix said it would reboot the machine. It rebooted the computer, the shutdown was about 5 minutes. Upon reboot ComboFix began to run before the desktop loaded, but then the desktop popped up and then started to load some programs. Luckily none of them interfered with ComboFix. It completed all the stages and then was going to restart the computer. I waited for about half an hour as it said windows was shutting down. I then went to do other things in the house while I waited, I came back after about 4 hours and it was probably still on the "shutting down windows" screen. Again I could not bring the monitor out of standby so I had to do a soft off. After reboot ComboFix said it was preparing a log. I had INCD Essentials pop up wanting to format the F drive again (this program only seems to want to do that after I run ComboFix for some reason.) Here is the log it created:

ComboFix 11-12-29.04 - tyler 12/29/2011 13:05:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1082 [GMT -6:00]
Running from: d:\documents and settings\All Users\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\tyler\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Thumbs.db
d:\windows\$NtUninstallKB64346$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-23 17:15 . 2011-12-23 17:15 -------- d-----w- d:\documents and settings\tyler\dwhelper
2011-12-22 21:31 . 2011-12-22 21:31 -------- d-----w- D:\_OTL
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\documents and settings\tyler\Application Data\CheckPoint
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\program files\Conduit
2011-12-17 22:42 . 2011-12-18 11:01 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\ZoneAlarm_Security
2011-12-17 22:42 . 2011-12-18 11:00 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Conduit
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Temp
2011-12-17 22:42 . 2011-12-18 11:01 -------- d-----w- d:\program files\ZoneAlarm_Security
2011-12-17 22:41 . 2011-12-17 22:41 -------- d-----w- d:\documents and settings\All Users\Application Data\CheckPoint
2011-12-17 22:29 . 2011-12-17 22:41 -------- d-----w- d:\program files\CheckPoint
2011-12-17 20:00 . 2011-12-16 21:03 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-12-17 08:28 . 2011-12-17 08:28 -------- d-----w- d:\documents and settings\UpdatusUser\Application Data\McAfee
2011-12-17 00:06 . 2011-12-17 00:07 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-16 21:04 . 2011-12-16 21:04 101720 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-12-16 21:00 . 2011-12-16 21:00 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\adaware
2011-12-16 21:00 . 2011-12-29 23:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-16 21:00 . 2011-12-16 21:00 -------- d-----w- d:\program files\Toolbar Cleaner
2011-12-16 20:59 . 2011-12-18 11:00 -------- d-----w- d:\documents and settings\tyler\Application Data\adawaretb
2011-12-16 20:59 . 2011-12-16 21:00 -------- d-----w- d:\program files\adawaretb
2011-12-16 20:57 . 2011-12-12 16:07 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-12-16 20:56 . 2011-12-16 20:56 -------- d-----w- d:\program files\Lavasoft
2011-12-16 20:56 . 2011-12-16 20:57 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-12-16 16:30 . 2011-12-16 16:30 -------- d-----w- d:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\documents and settings\tyler\Application Data\Malwarebytes
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-16 16:06 . 2011-08-31 23:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-16 14:54 . 2011-12-16 14:54 -------- d-s---w- d:\documents and settings\NetworkService\UserData
2011-12-16 14:26 . 2011-12-16 14:26 -------- d-----w- d:\documents and settings\tyler\Application Data\FaxCtr
2011-12-13 17:49 . 2011-12-13 17:49 -------- d-----w- d:\documents and settings\tyler\Application Data\Lexmark Productivity Studio
2011-12-13 17:48 . 2011-12-13 18:07 -------- d-----w- d:\documents and settings\All Users\Lx_cats
2011-12-13 17:46 . 2011-12-13 17:46 -------- d-----w- D:\logs
2011-12-13 17:46 . 2007-11-28 17:51 40960 ----a-w- d:\windows\system32\lxdnvs.dll
2011-12-13 17:46 . 2008-02-27 11:05 115200 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2011-12-13 17:46 . 2008-02-15 04:52 348160 ----a-w- d:\windows\system32\lxdncoin.dll
2011-12-13 17:46 . 2008-04-13 19:45 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2011-12-13 17:46 . 2008-04-13 19:45 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2011-12-13 17:46 . 2001-08-18 04:36 87040 -c--a-w- d:\windows\system32\dllcache\wiafbdrv.dll
2011-12-13 17:46 . 2001-08-18 04:36 87040 ----a-w- d:\windows\system32\wiafbdrv.dll
2011-12-13 17:46 . 2007-11-21 00:02 782336 ----a-w- d:\windows\system32\lxdndrs.dll
2011-12-13 17:44 . 2011-12-13 17:45 -------- d-----w- d:\program files\Abbyy FineReader 6.0 Sprint
2011-12-13 17:44 . 2011-12-13 17:44 -------- d-----w- d:\program files\Lexmark Toolbar
2011-12-12 13:49 . 2011-12-12 13:49 -------- d-----w- d:\documents and settings\tyler\Application Data\InstallShield Installation Information
2011-12-12 13:49 . 2011-12-12 13:49 -------- d-----w- d:\program files\DIFX
2011-12-12 13:48 . 2011-12-16 20:57 -------- dc----w- d:\windows\system32\DRVSTORE
2011-12-12 13:48 . 2006-07-02 04:39 36864 ----a-w- d:\windows\system32\drivers\AmdK8.sys
2011-12-12 13:48 . 2011-12-12 13:48 -------- d-----w- d:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-12-12 13:41 . 2011-12-12 13:41 -------- d-----w- d:\program files\Vogster Entertainment
2011-12-12 03:47 . 2011-12-12 03:47 -------- d-----w- D:\crimecraft
2011-12-11 09:39 . 2011-12-22 11:57 -------- d-----w- D:\tryingtofixdrive
2011-12-11 09:26 . 2011-12-11 09:26 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2011-12-11 09:26 . 2011-12-11 09:26 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2011-12-11 09:26 . 2011-12-11 09:26 132224 ----a-w- d:\windows\system32\drivers\snapman.sys
2011-12-11 09:26 . 2011-12-11 09:26 368480 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2011-12-11 09:25 . 2011-12-11 09:25 -------- d-----w- d:\program files\Common Files\Seagate
2011-12-11 09:05 . 2011-12-11 09:05 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\GamersFirst LIVE!
2011-12-11 09:05 . 2011-12-29 23:12 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\PMB Files
2011-12-11 09:05 . 2011-12-14 20:59 -------- d-----w- d:\documents and settings\All Users\Application Data\PMB Files
2011-12-11 09:04 . 2011-12-11 09:04 -------- d-----w- d:\program files\Pando Networks
2011-12-11 09:04 . 2011-12-11 19:29 -------- d-----w- d:\program files\GamersFirst
2011-12-11 09:04 . 2011-12-11 17:38 -------- d-----w- D:\apb
2011-12-11 09:00 . 2011-12-11 09:00 -------- d-----w- d:\program files\MSXML 4.0
2011-12-11 04:06 . 2011-12-11 09:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Seagate
2011-12-11 04:06 . 2011-12-11 09:25 -------- d-----w- d:\program files\Seagate
2011-12-11 04:05 . 2011-12-11 04:05 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Downloaded Installations
2011-12-11 04:04 . 2011-12-11 04:04 -------- d-----w- d:\program files\Carbonite
2011-12-11 04:04 . 2011-12-11 04:04 -------- d-----w- d:\documents and settings\tyler\Application Data\Leadertech
2011-12-11 03:50 . 2001-08-17 19:48 12160 -c--a-w- d:\windows\system32\dllcache\mouhid.sys
2011-12-11 03:50 . 2001-08-17 19:48 12160 ----a-w- d:\windows\system32\drivers\mouhid.sys
2011-12-11 03:50 . 2008-04-13 19:47 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2011-12-11 03:50 . 2008-04-13 19:47 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 19:15 . 2011-07-08 19:41 1409 ----a-w- d:\windows\QTFont.for
2011-12-15 12:51 . 2010-09-26 03:08 140496 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2011-12-15 12:50 . 2010-09-26 03:09 280736 ----a-w- d:\windows\system32\PnkBstrB.xtr
2011-12-15 12:50 . 2010-09-26 03:08 280736 ----a-w- d:\windows\system32\PnkBstrB.exe
2011-12-15 03:37 . 2010-09-26 03:08 280736 ----a-w- d:\windows\system32\PnkBstrB.ex0
2011-12-11 21:00 . 2010-09-26 03:08 138056 ----a-w- d:\documents and settings\tyler\Application Data\PnkBstrK.sys
2011-12-11 21:00 . 2010-09-26 03:08 75136 ----a-w- d:\windows\system32\PnkBstrA.exe
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-01 20:35 . 2004-08-04 12:00 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2004-08-04 12:00 667136 ----a-w- d:\windows\system32\wininet.dll
2011-11-01 20:35 . 2004-08-04 12:00 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- d:\windows\system32\ole32.dll
2011-11-01 15:02 . 2004-08-04 12:00 369664 ----a-w- d:\windows\system32\html.iec
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- d:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-09-06 00:51 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-12-16 14:27 . 2011-05-08 15:37 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\documents and settings\NetworkService\UserData ----
.
2011-12-22 21:29 . 2011-12-22 21:29 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[53].xml
2011-12-22 21:22 . 2011-12-22 21:26 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[22].xml
2011-12-22 21:02 . 2011-12-22 21:05 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[51].xml
2011-12-22 13:58 . 2011-12-22 13:58 1760 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[39].xml
2011-12-22 13:54 . 2011-12-22 13:55 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[28].xml
2011-12-22 13:34 . 2011-12-22 13:38 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[52].xml
2011-12-22 13:32 . 2011-12-22 13:33 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[52].xml
2011-12-22 12:54 . 2011-12-22 12:54 808 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[46].xml
2011-12-22 12:51 . 2011-12-22 12:51 808 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[56].xml
2011-12-22 12:50 . 2011-12-22 12:50 808 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[48].xml
2011-12-22 12:49 . 2011-12-22 12:49 808 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[49].xml
2011-12-22 12:14 . 2011-12-22 12:15 808 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[50].xml
2011-12-22 11:58 . 2011-12-22 11:58 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[57].xml
2011-12-22 11:57 . 2011-12-22 11:57 808 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[53].xml
2011-12-22 10:11 . 2011-12-22 10:11 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[49].xml
2011-12-22 10:09 . 2011-12-22 10:09 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[48].xml
2011-12-22 08:54 . 2011-12-22 08:55 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[55].xml
2011-12-22 08:37 . 2011-12-22 11:46 808 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[47].xml
2011-12-22 08:02 . 2011-12-22 08:03 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[41].xml
2011-12-22 06:07 . 2011-12-22 06:07 1948 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[40].xml
2011-12-22 06:00 . 2011-12-22 06:00 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[27].xml
2011-12-22 01:52 . 2011-12-22 01:52 1760 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[48].xml
2011-12-22 01:49 . 2011-12-22 01:49 1760 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[9].xml
2011-12-22 01:47 . 2011-12-22 01:47 1760 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[7].xml
2011-12-22 00:05 . 2011-12-22 00:05 96 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[38].xml
2011-12-21 23:47 . 2011-12-21 23:47 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[42].xml
2011-12-21 23:46 . 2011-12-21 23:46 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[47].xml
2011-12-21 23:38 . 2011-12-21 23:38 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[50].xml
2011-12-21 23:37 . 2011-12-21 23:37 808 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[44].xml
2011-12-21 23:03 . 2011-12-21 23:03 1760 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[47].xml
2011-12-21 22:57 . 2011-12-21 22:58 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[37].xml
2011-12-21 22:55 . 2011-12-21 23:00 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[35].xml
2011-12-21 18:34 . 2011-12-21 18:34 808 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[37].xml
2011-12-21 17:39 . 2011-12-21 17:39 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[30].xml
2011-12-21 17:38 . 2011-12-21 17:38 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[54].xml
2011-12-21 17:37 . 2011-12-21 17:37 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[49].xml
2011-12-21 17:29 . 2011-12-21 17:30 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[10].xml
2011-12-21 17:29 . 2011-12-21 17:29 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[50].xml
2011-12-21 17:27 . 2011-12-21 17:28 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[46].xml
2011-12-21 17:27 . 2011-12-21 17:27 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[45].xml
2011-12-21 17:26 . 2011-12-21 17:27 808 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[43].xml
2011-12-21 17:26 . 2011-12-21 17:26 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[12].xml
2011-12-21 17:14 . 2011-12-21 17:14 1760 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[45].xml
2011-12-21 17:13 . 2011-12-21 17:14 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[45].xml
2011-12-21 16:40 . 2011-12-21 16:43 1760 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[33].xml
2011-12-21 16:36 . 2011-12-21 16:36 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[23].xml
2011-12-21 11:55 . 2011-12-21 17:28 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[44].xml
2011-12-21 11:54 . 2011-12-21 11:54 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[43].xml
2011-12-21 11:52 . 2011-12-21 11:53 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[37].xml
2011-12-21 11:51 . 2011-12-21 11:52 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[44].xml
2011-12-21 11:16 . 2011-12-21 11:16 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[46].xml
2011-12-21 11:15 . 2011-12-21 11:15 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[36].xml
2011-12-21 09:37 . 2011-12-21 09:37 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[44].xml
2011-12-21 09:28 . 2011-12-21 09:28 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[38].xml
2011-12-21 08:49 . 2011-12-21 08:49 1760 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[42].xml
2011-12-21 08:45 . 2011-12-21 08:45 96 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[43].xml
2011-12-21 08:42 . 2011-12-21 08:44 1748 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[48].xml
2011-12-21 08:20 . 2011-12-21 08:20 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[41].xml
2011-12-21 08:06 . 2011-12-21 08:07 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[40].xml
2011-12-21 08:02 . 2011-12-21 08:02 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[11].xml
2011-12-21 08:01 . 2011-12-21 08:01 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[18].xml
2011-12-21 07:44 . 2011-12-21 07:44 1768 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[49].xml
2011-12-21 07:40 . 2011-12-21 07:40 1336 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[47].xml
2011-12-21 06:57 . 2011-12-21 06:57 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[40].xml
2011-12-21 06:54 . 2011-12-21 06:54 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[1].xml
2011-12-21 06:38 . 2011-12-21 06:38 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[40].xml
2011-12-21 06:31 . 2011-12-21 06:32 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[35].xml
2011-12-21 06:12 . 2011-12-21 06:18 1760 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[39].xml
2011-12-21 05:57 . 2011-12-21 05:58 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[27].xml
2011-12-21 02:21 . 2011-12-21 02:21 1760 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[21].xml
2011-12-21 02:15 . 2011-12-21 02:19 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[15].xml
2011-12-21 01:47 . 2011-12-21 01:48 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[42].xml
2011-12-21 00:38 . 2011-12-21 00:44 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[38].xml
2011-12-20 23:45 . 2011-12-20 23:45 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[38].xml
2011-12-20 23:45 . 2011-12-20 23:45 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[46].xml
2011-12-20 23:44 . 2011-12-20 23:44 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[41].xml
2011-12-20 23:44 . 2011-12-20 23:44 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[37].xml
2011-12-20 23:39 . 2011-12-20 23:39 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[45].xml
2011-12-20 23:33 . 2011-12-20 23:34 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[6].xml
2011-12-20 23:29 . 2011-12-20 23:29 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[43].xml
2011-12-20 23:29 . 2011-12-20 23:29 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[39].xml
2011-12-20 23:28 . 2011-12-20 23:28 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[36].xml
2011-12-20 22:51 . 2011-12-20 22:56 1760 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[41].xml
2011-12-20 21:46 . 2011-12-20 21:46 1910 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[35].xml
2011-12-20 21:42 . 2011-12-20 21:42 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[42].xml
2011-12-20 21:41 . 2011-12-20 21:41 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[34].xml
2011-12-20 21:41 . 2011-12-20 21:41 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[15].xml
2011-12-20 21:41 . 2011-12-20 21:41 1910 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[26].xml
2011-12-20 20:56 . 2011-12-20 20:56 1910 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[17].xml
2011-12-20 20:38 . 2011-12-20 20:38 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[33].xml
2011-12-20 19:58 . 2011-12-20 20:02 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[34].xml
2011-12-20 09:51 . 2011-12-20 09:51 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[28].xml
2011-12-20 09:14 . 2011-12-20 09:14 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[25].xml
2011-12-20 08:53 . 2011-12-20 08:53 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[36].xml
2011-12-20 08:52 . 2011-12-20 08:52 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[39].xml
2011-12-20 08:51 . 2011-12-20 08:51 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[29].xml
2011-12-20 08:45 . 2011-12-20 08:50 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[33].xml
2011-12-20 08:38 . 2011-12-20 08:39 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[34].xml
2011-12-20 08:36 . 2011-12-20 08:38 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[10].xml
2011-12-19 21:41 . 2011-12-19 21:41 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[14].xml
2011-12-19 21:40 . 2011-12-19 21:41 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[22].xml
2011-12-19 21:37 . 2011-12-19 21:38 1910 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[36].xml
2011-12-19 20:34 . 2011-12-19 20:34 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[32].xml
2011-12-19 20:33 . 2011-12-19 20:34 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[25].xml
2011-12-19 20:33 . 2011-12-19 20:33 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[32].xml
2011-12-19 20:32 . 2011-12-19 20:32 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[34].xml
2011-12-19 20:31 . 2011-12-19 20:31 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[1].xml
2011-12-19 20:31 . 2011-12-19 20:31 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[32].xml
2011-12-19 20:30 . 2011-12-19 20:30 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[35].xml
2011-12-19 20:28 . 2011-12-19 20:28 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[33].xml
2011-12-19 20:27 . 2011-12-19 20:28 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[13].xml
2011-12-19 20:15 . 2011-12-19 20:15 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[31].xml
2011-12-19 20:14 . 2011-12-19 20:14 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[29].xml
2011-12-19 20:13 . 2011-12-19 20:13 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[31].xml
2011-12-19 20:13 . 2011-12-19 20:14 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[32].xml
2011-12-19 20:12 . 2011-12-19 20:13 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[31].xml
2011-12-19 20:12 . 2011-12-19 20:12 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[28].xml
2011-12-19 20:11 . 2011-12-19 20:11 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[31].xml
2011-12-19 19:59 . 2011-12-19 19:59 2082 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[9].xml
2011-12-19 19:59 . 2011-12-19 19:59 1748 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[10].xml
2011-12-19 19:57 . 2011-12-19 19:57 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[29].xml
2011-12-19 19:55 . 2011-12-19 19:55 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[30].xml
2011-12-19 19:55 . 2011-12-19 19:55 1984 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[14].xml
2011-12-19 19:54 . 2011-12-19 19:56 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[30].xml
2011-12-19 19:54 . 2011-12-19 19:54 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[16].xml
2011-12-19 19:40 . 2011-12-19 19:54 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[12].xml
2011-12-19 19:38 . 2011-12-19 19:38 1910 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[22].xml
2011-12-19 19:23 . 2011-12-19 19:23 1954 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[30].xml
2011-12-19 19:18 . 2011-12-19 19:19 1954 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[20].xml
2011-12-19 18:33 . 2011-12-19 18:33 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[3].xml
2011-12-19 17:50 . 2011-12-19 17:50 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[29].xml
2011-12-19 17:38 . 2011-12-19 19:59 96 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[19].xml
2011-12-19 14:57 . 2011-12-19 14:57 96 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[25].xml
2011-12-19 14:44 . 2011-12-19 18:33 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[21].xml
2011-12-19 14:26 . 2011-12-19 14:26 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[28].xml
2011-12-19 14:17 . 2011-12-19 14:17 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[27].xml
2011-12-19 14:04 . 2011-12-19 14:04 1922 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[27].xml
2011-12-19 14:03 . 2011-12-19 14:03 1948 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[26].xml
2011-12-19 14:00 . 2011-12-19 14:01 2296 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[26].xml
2011-12-19 13:58 . 2011-12-19 13:58 1988 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[26].xml
2011-12-19 13:20 . 2011-12-21 00:00 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[25].xml
2011-12-19 13:18 . 2011-12-19 13:20 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[20].xml
2011-12-19 13:03 . 2011-12-19 13:03 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[17].xml
2011-12-19 12:55 . 2011-12-19 12:55 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[24].xml
2011-12-19 12:52 . 2011-12-19 12:53 1910 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[12].xml
2011-12-19 12:27 . 2011-12-19 12:27 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[24].xml
2011-12-19 12:26 . 2011-12-19 12:26 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[21].xml
2011-12-19 12:25 . 2011-12-19 12:25 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[23].xml
2011-12-19 12:00 . 2011-12-19 12:01 2016 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[23].xml
2011-12-19 12:00 . 2011-12-19 12:01 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[23].xml
2011-12-19 11:58 . 2011-12-19 20:13 1910 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[24].xml
2011-12-19 11:58 . 2011-12-19 11:58 2022 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[24].xml
2011-12-19 11:54 . 2011-12-19 11:56 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[9].xml
2011-12-19 11:11 . 2011-12-19 12:03 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[18].xml
2011-12-19 11:10 . 2011-12-19 11:10 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[18].xml
2011-12-19 11:07 . 2011-12-19 11:08 1910 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[13].xml
2011-12-19 10:37 . 2011-12-19 10:38 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[22].xml
2011-12-19 10:37 . 2011-12-19 10:37 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[19].xml
2011-12-19 09:06 . 2011-12-19 09:06 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[21].xml
2011-12-19 09:02 . 2011-12-19 09:02 96 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[20].xml
2011-12-19 09:01 . 2011-12-19 09:01 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[20].xml
2011-12-19 08:42 . 2011-12-19 08:43 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[13].xml
2011-12-19 08:41 . 2011-12-19 08:41 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[19].xml
2011-12-19 08:40 . 2011-12-19 09:03 2022 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[17].xml
2011-12-19 08:38 . 2011-12-19 08:40 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[18].xml
2011-12-19 08:35 . 2011-12-19 08:36 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[19].xml
2011-12-19 08:08 . 2011-12-19 08:09 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[12].xml
2011-12-19 08:02 . 2011-12-19 08:06 1910 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[11].xml
2011-12-19 07:56 . 2011-12-19 19:54 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[10].xml
2011-12-19 06:47 . 2011-12-19 06:47 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[14].xml
2011-12-18 21:40 . 2011-12-18 21:40 1748 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[14].xml
2011-12-18 21:20 . 2011-12-18 21:20 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[17].xml
2011-12-18 21:18 . 2011-12-18 21:20 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[16].xml
2011-12-18 21:18 . 2011-12-21 17:13 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[16].xml
2011-12-18 21:17 . 2011-12-19 19:55 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[16].xml
2011-12-18 21:04 . 2011-12-18 21:04 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[15].xml
2011-12-18 20:57 . 2011-12-18 20:58 1910 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[15].xml
2011-12-18 20:38 . 2011-12-18 20:39 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[3].xml
2011-12-18 20:34 . 2011-12-18 20:38 1910 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[13].xml
2011-12-18 20:27 . 2011-12-18 20:37 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[8].xml
2011-12-18 20:04 . 2011-12-18 20:04 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[11].xml
2011-12-18 20:02 . 2011-12-18 20:33 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[11].xml
2011-12-18 19:50 . 2011-12-18 19:51 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[9].xml
2011-12-18 19:49 . 2011-12-18 19:49 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[2].xml
2011-12-18 19:05 . 2011-12-18 21:20 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[3].xml
2011-12-16 19:50 . 2011-12-21 17:26 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[8].xml
2011-12-16 19:39 . 2011-12-18 19:51 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[8].xml
2011-12-16 19:37 . 2011-12-16 19:38 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[3].xml
2011-12-16 19:35 . 2011-12-16 19:36 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[8].xml
2011-12-16 19:33 . 2011-12-16 19:33 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[6].xml
2011-12-16 19:27 . 2011-12-19 19:55 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[7].xml
2011-12-16 19:27 . 2011-12-22 10:09 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[7].xml
2011-12-16 19:26 . 2011-12-16 19:26 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[7].xml
2011-12-16 18:51 . 2011-12-16 18:51 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[2].xml
2011-12-16 17:37 . 2011-12-16 17:37 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[6].xml
2011-12-16 16:17 . 2011-12-16 16:17 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[1].xml
2011-12-16 16:14 . 2011-12-18 19:50 90 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[6].xml
2011-12-16 16:14 . 2011-12-18 19:52 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[5].xml
2011-12-16 16:12 . 2011-12-16 16:12 1742 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[5].xml
2011-12-16 16:11 . 2011-12-16 16:11 90 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[5].xml
2011-12-16 16:10 . 2011-12-16 16:11 1742 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[5].xml
2011-12-16 16:10 . 2011-12-16 16:10 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[4].xml
2011-12-16 16:10 . 2011-12-16 16:10 90 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[4].xml
2011-12-16 16:09 . 2011-12-16 16:09 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[4].xml
2011-12-16 15:56 . 2011-12-16 15:57 1910 ----a-w- d:\documents and settings\NetworkService\UserData\W9A7C5UZ\meebo[4].xml
2011-12-16 15:56 . 2011-12-16 15:56 1742 ----a-w- d:\documents and settings\NetworkService\UserData\81UFWTQZ\meebo[2].xml
2011-12-16 15:48 . 2011-12-16 15:49 1742 ----a-w- d:\documents and settings\NetworkService\UserData\WTQBG5QJ\meebo[1].xml
2011-12-16 15:32 . 2011-12-16 15:32 90 ----a-w- d:\documents and settings\NetworkService\UserData\CDABC16R\meebo[2].xml
2011-12-16 14:54 . 2011-12-22 23:19 81920 ----a-w- d:\documents and settings\NetworkService\UserData\index.dat
.
---- Directory of d:\windows\$NtUninstallKB64346$ ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_02.03.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-29 23:12 . 2011-12-29 23:12 16384 d:\windows\Temp\Perflib_Perfdata_d54.dat
+ 2011-12-29 23:11 . 2011-12-29 23:11 16384 d:\windows\Temp\Perflib_Perfdata_8ac.dat
+ 2010-09-06 00:56 . 2011-12-29 18:45 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-06 00:56 . 2011-12-17 20:05 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-06 00:56 . 2011-12-29 18:45 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-09-06 00:56 . 2011-12-17 20:05 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-29 18:45 . 2011-12-29 18:45 16384 d:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-09-06 00:56 . 2011-12-17 20:05 16384 d:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-08 00:06 86696 ----a-w- d:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- d:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "d:\program files\adawaretb\adawareDx.dll" [2011-12-08 86696]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-09-06 77824]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HostManager"="d:\program files\Common Files\AOL\1284821555\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"TkBellExe"="d:\program files\real\realplayer\update\realsched.exe" [2011-07-22 273544]
"CarboniteSetupLite"="d:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="d:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"DiscWizardMonitor.exe"="d:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="d:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"Seagate Scheduler2 Service"="d:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"lxdnmon.exe"="d:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="d:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="d:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"Ad-Aware Browsing Protection"="d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"ISW"="d:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="d:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
.
d:\documents and settings\tyler\Start Menu\Programs\Startup\
Seagate 2GEWS9TC Product Registration.lnk - d:\documents and settings\tyler\Application Data\Leadertech\PowerRegister\Seagate 2GEWS9TC Product Registration.exe [2011-12-10 1731736]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - d:\program files\America Online 9.0d\aoltray.exe [2011-2-27 36953]
GamersFirst LIVE!.lnk - d:\program files\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"d:\\Program Files\\AIM\\aim.exe"=
"d:\\Program Files\\America Online 9.0\\waol.exe"=
"d:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\Program Files\\Steam\\steamapps\\relyt33333@aol.com\\insurgency\\hl2.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"d:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Documents and Settings\\tyler\\Local Settings\\Apps\\2.0\\BYTCNGZ2.GZ2\\TVWNOKOO.2W7\\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\\CoHOLauncher.exe"=
"d:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\GameLauncher.exe"=
"d:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\apox\\GameClient\\APOX.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\Data\\CNC4.game"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Data\\ra3_1.12.game"=
"d:\\Program Files\\America Online 9.0d\\waol.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dogfighter\\bin\\x86_vc8\\DogFighterSteam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"d:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert™ II\\RA2\\game.exe"=
"d:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\stronghold legends\\StrongholdLegends.exe"=
"d:\\Program Files\\Steam\\steamapps\\relyt33333@aol.com\\day of defeat\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\Vogster Entertainment\\CrimeCraft\\ClientLauncher.exe"=
"d:\\Program Files\\Vogster Entertainment\\CrimeCraft\\Binaries\\CrimeCraft.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\deus ex invisible war\\System\\dx2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads\\RailRoads.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow_editor.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\pacific storm\\PacificStorm.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\runme.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\lego universe\\patcher\\LEGOUniverseLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e\\Ruse.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\simcity 4 deluxe\\Apps\\SimCity 4.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\simcity 4 deluxe\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\kane & lynch 2 - dog days\\kl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 1\\BackToTheFuture101.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\darkest of days demo\\darkestofdays.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\CNC4.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\cities xl 2011\\CitiesXL_2011.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
"d:\\WINDOWS\\system32\\lxdncoms.exe"=
"d:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"d:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\APB.exe"=
"d:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\VivoxVoiceService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57971:TCP"= 57971:TCP:Pando Media Booster
"57971:UDP"= 57971:UDP:Pando Media Booster
"57100:TCP"= 57100:TCP:Pando Media Booster
"57100:UDP"= 57100:UDP:Pando Media Booster
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [12/16/2011 2:57 PM 64512]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [12/20/2010 3:37 PM 28552]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [9/21/2010 6:06 AM 34968]
R2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;d:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 8:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;d:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 8:44 AM 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/12/2011 10:07 AM 2152152]
R2 lxdn_device;lxdn_device;d:\windows\system32\lxdncoms.exe -service --> d:\windows\system32\lxdncoms.exe -service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/17/2011 6:21 PM 2214504]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iZ3D Driver\Win32\S3DCService.exe [9/21/2010 6:06 AM 360960]
R2 SgtSch2Svc;Seagate Scheduler2 Service;d:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 6:49 PM 136176]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [12/13/2011 11:46 AM 98984]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\EagleXNt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/12/2011 10:07 AM 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
S3 P0630VID;Creative WebCam Live!;d:\windows\system32\drivers\P0630Vid.sys [9/10/2010 3:19 PM 91797]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 21:03]
.
2011-12-29 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 00:49]
.
2011-12-23 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 00:49]
.
2011-12-29 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-29 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1958367476-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-16 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-29 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1958367476-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.skype.com/go/help.guides.ieaddon?lang=EN
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - d:\documents and settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 17:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(820)
d:\windows\system32\relog_ap.dll
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2300)
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\progra~1\COMMON~1\AOL\ACS\acsd.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\lxdncoms.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\wanmpsvc.exe
d:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\windows\system32\RunDLL32.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\program files\Pando Networks\Media Booster\PMB.exe
d:\program files\Lavasoft\Ad-Aware\AAWTray.exe
d:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-29 17:16:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 23:16
ComboFix2.txt 2011-12-23 02:08
.
Pre-Run: 489,572,089,856 bytes free
Post-Run: 489,570,746,368 bytes free
.
- - End Of File - - 41E348AA75983ADE25E59E6B0B8A10EC




Every startup there is a window that pops up and says something like a windows system registry file had to be recovered from a log or alternate copy. My brother said it has been saying that for months. I'm not sure if that has do with a legitimate windows registry or maybe that is what is allowing that folder not to be deleted as I seen above it was not able to be removed yet. I can get a screen shot if you need to know the exact wording of the message. Also, if you want me to run ComboFix again I'll shut off the screensaver and power saver for the monitor so maybe I can see during the long shutdowns if that is what the computer is still doing after a few hours.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 30 December 2011 - 04:09 AM

Hi!

That's fine I figured maybe you went someplace for Christmas, we were going through the flu at our house last week too. I hope you are feeling better now.

I am feeling better! I hope everybody in your family is also feeling better! :)

I then ran ComboFix with the script provided. As I said before zone alarm was asking to grant permissions to certain programs again. ComboFix ran and said it found a ZAccess folder it was going to delete. ComboFix said it would reboot the machine. It rebooted the computer, the shutdown was about 5 minutes. Upon reboot ComboFix began to run before the desktop loaded, but then the desktop popped up and then started to load some programs. Luckily none of them interfered with ComboFix. It completed all the stages and then was going to restart the computer. I waited for about half an hour as it said windows was shutting down. I then went to do other things in the house while I waited, I came back after about 4 hours and it was probably still on the "shutting down windows" screen. Again I could not bring the monitor out of standby so I had to do a soft off. After reboot ComboFix said it was preparing a log. I had INCD Essentials pop up wanting to format the F drive again (this program only seems to want to do that after I run ComboFix for some reason.) Here is the log it created:

Okay. Thanks for that information.

It looks like we may have a patched file or two that we may need to replace.

We'll need to run a scan to see confirm whether or not thats the case. We'll need to download a new tool to do this.

Every startup there is a window that pops up and says something like a windows system registry file had to be recovered from a log or alternate copy. My brother said it has been saying that for months. I'm not sure if that has do with a legitimate windows registry or maybe that is what is allowing that folder not to be deleted as I seen above it was not able to be removed yet. I can get a screen shot if you need to know the exact wording of the message. Also, if you want me to run ComboFix again I'll shut off the screensaver and power saver for the monitor so maybe I can see during the long shutdowns if that is what the computer is still doing after a few hours.

If you wouldn't mind grabbing a screenshot of that for me, it'd be great, that way I can see exactly what the window looks like, do some research on it, and then go from there.

As I said above, I think the issues with ComboFix not being able to run properly are due to a maliciously patched file that is causing havoc when we get close to touching that folder.

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    VClone.sys
    redbook.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 30 December 2011 - 11:32 AM

I ran system look with the above code, here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:19 on 30/12/2011 by tyler
Administrator - Elevation successful

========== filefind ==========

Searching for "VClone.sys"
D:\WINDOWS\system32\drivers\VClone.sys --a---- 30208 bytes [16:20 15/01/2011] [16:20 15/01/2011] FCE98C43B5C5DB8E0DA8EA0E2B45E044

Searching for "redbook.sys"
D:\WINDOWS\$NtServicePackUninstall$\redbook.sys -----c- 57472 bytes [20:54 07/09/2010] [22:59 03/08/2004] B31B4588E4086D8D84ADBF9845C2402B
D:\WINDOWS\ServicePackFiles\i386\redbook.sys ------- 57600 bytes [18:40 13/04/2008] [18:40 13/04/2008] F828DD7E1419B6653894A8F97A0094C5
D:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [19:44 05/09/2010] [18:40 13/04/2008] 55F7FA7C581D3508DE96E4ADF418D370

-= EOF =-


Here is a screenshot of that windows registry error on every startup.

Posted Image

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:33 AM

Posted 31 December 2011 - 04:08 AM

Good Evening!

Thanks for providing me with that screenshot. I did some research into it, and it appears that it can be a legitimate message. I'm curious to see if that message will go away after you run the script below.

Lets see if that Windows Registry Recovery message goes away after running this script.

Let me know how things are running after running the script below.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
FCopy::
D:\WINDOWS\ServicePackFiles\i386\redbook.sys | D:\WINDOWS\system32\drivers\redbook.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Edited by SweetTech, 31 December 2011 - 04:18 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 qtaqq

qtaqq
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 31 December 2011 - 02:20 PM

I copied the code above and ran ComboFix again. It detected rootkit activity and then restarted the computer and had a normal shutdown time. (I forgot I was going to turn off the screensaver and energy saver until I started running ComboFix, but I didn't want it to freeze up so I just let it run). It ran through the 50 stages and then was sitting at the shut down screen. I left it for about 30-40 minutes and again I couldn't get the monitor out of stand by so I had to do a soft off. After restarting it created a log and INCD Essentials popped up the format screen. I had an error with zone alarm that didn't allow it to start, it said something like it was missing zhtml. I restarted the computer and that error went away. Then when I clicked on firefox it kept saying the last session crashed and if I clicked restart firefox or quit firefox I just kept getting the same error message. I restarted the computer again and that fixed that problem. Also, it is still getting that registry error.

As for how the computer is running I don't have redirects anymore. I really haven't done much else with it other than go to youtube or to bleeping computer. Is it safe now to try to login to some of the online games? Would I be able to try to clone that drive yet, or should I just hold off on that? I was curious as to what the fcopy command does?

Here is the ComboFix log:

ComboFix 11-12-31.03 - tyler 12/31/2011 12:07:56.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1098 [GMT -6:00]
Running from: d:\documents and settings\All Users\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\tyler\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
d:\windows\ServicePackFiles\i386\redbook.sys --> d:\windows\system32\drivers\redbook.sys
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-30 16:15 . 2011-12-30 16:15 626688 ----a-w- d:\program files\Mozilla Firefox\msvcr80.dll
2011-12-30 16:15 . 2011-12-30 16:15 548864 ----a-w- d:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 16:15 . 2011-12-30 16:15 479232 ----a-w- d:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 16:15 . 2011-12-30 16:15 43992 ----a-w- d:\program files\Mozilla Firefox\mozutils.dll
2011-12-23 17:15 . 2011-12-23 17:15 -------- d-----w- d:\documents and settings\tyler\dwhelper
2011-12-22 21:31 . 2011-12-22 21:31 -------- d-----w- D:\_OTL
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\documents and settings\tyler\Application Data\CheckPoint
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\program files\Conduit
2011-12-17 22:42 . 2011-12-18 11:01 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\ZoneAlarm_Security
2011-12-17 22:42 . 2011-12-18 11:00 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Conduit
2011-12-17 22:42 . 2011-12-17 22:42 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Temp
2011-12-17 22:42 . 2011-12-18 11:01 -------- d-----w- d:\program files\ZoneAlarm_Security
2011-12-17 22:41 . 2011-12-17 22:41 -------- d-----w- d:\documents and settings\All Users\Application Data\CheckPoint
2011-12-17 22:29 . 2011-12-17 22:41 -------- d-----w- d:\program files\CheckPoint
2011-12-17 20:00 . 2011-12-16 21:03 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-12-17 08:28 . 2011-12-17 08:28 -------- d-----w- d:\documents and settings\UpdatusUser\Application Data\McAfee
2011-12-17 00:06 . 2011-12-17 00:07 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-16 21:04 . 2011-12-16 21:04 101720 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-12-16 21:00 . 2011-12-16 21:00 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\adaware
2011-12-16 21:00 . 2011-12-31 18:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-16 21:00 . 2011-12-16 21:00 -------- d-----w- d:\program files\Toolbar Cleaner
2011-12-16 20:59 . 2011-12-18 11:00 -------- d-----w- d:\documents and settings\tyler\Application Data\adawaretb
2011-12-16 20:59 . 2011-12-16 21:00 -------- d-----w- d:\program files\adawaretb
2011-12-16 20:57 . 2011-12-12 16:07 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-12-16 20:56 . 2011-12-16 20:56 -------- d-----w- d:\program files\Lavasoft
2011-12-16 20:56 . 2011-12-16 20:57 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-12-16 16:30 . 2011-12-16 16:30 -------- d-----w- d:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\documents and settings\tyler\Application Data\Malwarebytes
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-16 16:06 . 2011-12-16 16:06 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-12-16 16:06 . 2011-08-31 23:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-12-16 14:54 . 2011-12-16 14:54 -------- d-s---w- d:\documents and settings\NetworkService\UserData
2011-12-16 14:26 . 2011-12-16 14:26 -------- d-----w- d:\documents and settings\tyler\Application Data\FaxCtr
2011-12-13 17:49 . 2011-12-13 17:49 -------- d-----w- d:\documents and settings\tyler\Application Data\Lexmark Productivity Studio
2011-12-13 17:48 . 2011-12-13 18:07 -------- d-----w- d:\documents and settings\All Users\Lx_cats
2011-12-13 17:46 . 2011-12-13 17:46 -------- d-----w- D:\logs
2011-12-13 17:46 . 2007-11-28 17:51 40960 ----a-w- d:\windows\system32\lxdnvs.dll
2011-12-13 17:46 . 2008-02-27 11:05 115200 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2011-12-13 17:46 . 2008-02-15 04:52 348160 ----a-w- d:\windows\system32\lxdncoin.dll
2011-12-13 17:46 . 2008-04-13 19:45 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2011-12-13 17:46 . 2008-04-13 19:45 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2011-12-13 17:46 . 2001-08-18 04:36 87040 -c--a-w- d:\windows\system32\dllcache\wiafbdrv.dll
2011-12-13 17:46 . 2001-08-18 04:36 87040 ----a-w- d:\windows\system32\wiafbdrv.dll
2011-12-13 17:46 . 2007-11-21 00:02 782336 ----a-w- d:\windows\system32\lxdndrs.dll
2011-12-13 17:44 . 2011-12-13 17:45 -------- d-----w- d:\program files\Abbyy FineReader 6.0 Sprint
2011-12-13 17:44 . 2011-12-13 17:44 -------- d-----w- d:\program files\Lexmark Toolbar
2011-12-12 13:49 . 2011-12-12 13:49 -------- d-----w- d:\documents and settings\tyler\Application Data\InstallShield Installation Information
2011-12-12 13:49 . 2011-12-12 13:49 -------- d-----w- d:\program files\DIFX
2011-12-12 13:48 . 2011-12-16 20:57 -------- dc----w- d:\windows\system32\DRVSTORE
2011-12-12 13:48 . 2006-07-02 04:39 36864 ----a-w- d:\windows\system32\drivers\AmdK8.sys
2011-12-12 13:48 . 2011-12-12 13:48 -------- d-----w- d:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-12-12 13:41 . 2011-12-12 13:41 -------- d-----w- d:\program files\Vogster Entertainment
2011-12-12 03:47 . 2011-12-12 03:47 -------- d-----w- D:\crimecraft
2011-12-11 09:39 . 2011-12-29 23:29 -------- d-----w- D:\tryingtofixdrive
2011-12-11 09:26 . 2011-12-11 09:26 44384 ----a-w- d:\windows\system32\drivers\tifsfilt.sys
2011-12-11 09:26 . 2011-12-11 09:26 441760 ----a-w- d:\windows\system32\drivers\timntr.sys
2011-12-11 09:26 . 2011-12-11 09:26 132224 ----a-w- d:\windows\system32\drivers\snapman.sys
2011-12-11 09:26 . 2011-12-11 09:26 368480 ----a-w- d:\windows\system32\drivers\tdrpman.sys
2011-12-11 09:25 . 2011-12-11 09:25 -------- d-----w- d:\program files\Common Files\Seagate
2011-12-11 09:05 . 2011-12-11 09:05 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\GamersFirst LIVE!
2011-12-11 09:05 . 2011-12-31 18:51 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\PMB Files
2011-12-11 09:05 . 2011-12-31 03:26 -------- d-----w- d:\documents and settings\All Users\Application Data\PMB Files
2011-12-11 09:04 . 2011-12-11 09:04 -------- d-----w- d:\program files\Pando Networks
2011-12-11 09:04 . 2011-12-11 19:29 -------- d-----w- d:\program files\GamersFirst
2011-12-11 09:04 . 2011-12-11 17:38 -------- d-----w- D:\apb
2011-12-11 09:00 . 2011-12-11 09:00 -------- d-----w- d:\program files\MSXML 4.0
2011-12-11 04:06 . 2011-12-11 09:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Seagate
2011-12-11 04:06 . 2011-12-11 09:25 -------- d-----w- d:\program files\Seagate
2011-12-11 04:05 . 2011-12-11 04:05 -------- d-----w- d:\documents and settings\tyler\Local Settings\Application Data\Downloaded Installations
2011-12-11 04:04 . 2011-12-11 04:04 -------- d-----w- d:\program files\Carbonite
2011-12-11 04:04 . 2011-12-11 04:04 -------- d-----w- d:\documents and settings\tyler\Application Data\Leadertech
2011-12-11 03:50 . 2001-08-17 19:48 12160 -c--a-w- d:\windows\system32\dllcache\mouhid.sys
2011-12-11 03:50 . 2001-08-17 19:48 12160 ----a-w- d:\windows\system32\drivers\mouhid.sys
2011-12-11 03:50 . 2008-04-13 19:47 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2011-12-11 03:50 . 2008-04-13 19:47 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 18:17 . 2011-07-08 19:41 1409 ----a-w- d:\windows\QTFont.for
2011-12-31 01:18 . 2010-09-26 03:08 141200 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2011-12-31 01:18 . 2010-09-26 03:09 281656 ----a-w- d:\windows\system32\PnkBstrB.xtr
2011-12-31 01:18 . 2010-09-26 03:08 281656 ----a-w- d:\windows\system32\PnkBstrB.exe
2011-12-30 23:44 . 2010-09-26 03:08 281656 ----a-w- d:\windows\system32\PnkBstrB.ex0
2011-12-11 21:00 . 2010-09-26 03:08 138056 ----a-w- d:\documents and settings\tyler\Application Data\PnkBstrK.sys
2011-12-11 21:00 . 2010-09-26 03:08 75136 ----a-w- d:\windows\system32\PnkBstrA.exe
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- d:\windows\system32\win32k.sys
2011-11-01 20:35 . 2004-08-04 12:00 81920 ----a-w- d:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2004-08-04 12:00 667136 ----a-w- d:\windows\system32\wininet.dll
2011-11-01 20:35 . 2004-08-04 12:00 61952 ----a-w- d:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- d:\windows\system32\ole32.dll
2011-11-01 15:02 . 2004-08-04 12:00 369664 ----a-w- d:\windows\system32\html.iec
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- d:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- d:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-09-06 00:51 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-12-30 16:15 . 2011-05-08 15:37 121816 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_02.03.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-31 18:51 . 2011-12-31 18:51 16384 d:\windows\Temp\Perflib_Perfdata_cd0.dat
+ 2011-12-31 18:50 . 2011-12-31 18:50 16384 d:\windows\Temp\Perflib_Perfdata_840.dat
+ 2010-09-05 19:44 . 2008-04-13 18:40 57600 d:\windows\system32\dllcache\redbook.sys
+ 2010-09-06 00:56 . 2011-12-30 21:02 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-06 00:56 . 2011-12-17 20:05 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-06 00:56 . 2011-12-17 20:05 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-06 00:56 . 2011-12-30 21:02 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-30 21:02 . 2011-12-30 21:02 16384 d:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-09-06 00:56 . 2011-12-17 20:05 16384 d:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-08 00:06 86696 ----a-w- d:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- d:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "d:\program files\adawaretb\adawareDx.dll" [2011-12-08 86696]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "d:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-09-06 77824]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="d:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HostManager"="d:\program files\Common Files\AOL\1284821555\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"TkBellExe"="d:\program files\real\realplayer\update\realsched.exe" [2011-07-22 273544]
"CarboniteSetupLite"="d:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="d:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"DiscWizardMonitor.exe"="d:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="d:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"Seagate Scheduler2 Service"="d:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"lxdnmon.exe"="d:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="d:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="d:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"Ad-Aware Browsing Protection"="d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"ISW"="d:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="d:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
.
d:\documents and settings\tyler\Start Menu\Programs\Startup\
Seagate 2GEWS9TC Product Registration.lnk - d:\documents and settings\tyler\Application Data\Leadertech\PowerRegister\Seagate 2GEWS9TC Product Registration.exe [2011-12-10 1731736]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - d:\program files\America Online 9.0d\aoltray.exe [2011-2-27 36953]
GamersFirst LIVE!.lnk - d:\program files\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"d:\\Program Files\\AIM\\aim.exe"=
"d:\\Program Files\\America Online 9.0\\waol.exe"=
"d:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\Program Files\\Steam\\steamapps\\relyt33333@aol.com\\insurgency\\hl2.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"d:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Documents and Settings\\tyler\\Local Settings\\Apps\\2.0\\BYTCNGZ2.GZ2\\TVWNOKOO.2W7\\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\\CoHOLauncher.exe"=
"d:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\GameLauncher.exe"=
"d:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\apox\\GameClient\\APOX.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\Data\\CNC4.game"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Data\\ra3_1.12.game"=
"d:\\Program Files\\America Online 9.0d\\waol.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dogfighter\\bin\\x86_vc8\\DogFighterSteam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"d:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert™ II\\RA2\\game.exe"=
"d:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\stronghold legends\\StrongholdLegends.exe"=
"d:\\Program Files\\Steam\\steamapps\\relyt33333@aol.com\\day of defeat\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\Vogster Entertainment\\CrimeCraft\\ClientLauncher.exe"=
"d:\\Program Files\\Vogster Entertainment\\CrimeCraft\\Binaries\\CrimeCraft.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\deus ex invisible war\\System\\dx2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads\\RailRoads.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow_editor.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\pacific storm\\PacificStorm.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\runme.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\lego universe\\patcher\\LEGOUniverseLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e\\Ruse.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\simcity 4 deluxe\\Apps\\SimCity 4.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\simcity 4 deluxe\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\kane & lynch 2 - dog days\\kl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 1\\BackToTheFuture101.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\darkest of days demo\\darkestofdays.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\CNC4.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\command and conquer 4 tiberian twilight\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\cities xl 2011\\CitiesXL_2011.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\back to the future ep 2\\BackToTheFuture102.exe"=
"d:\\WINDOWS\\system32\\lxdncoms.exe"=
"d:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"d:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\APB.exe"=
"d:\\Program Files\\GamersFirst\\APB Reloaded\\Binaries\\VivoxVoiceService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57971:TCP"= 57971:TCP:Pando Media Booster
"57971:UDP"= 57971:UDP:Pando Media Booster
"57100:TCP"= 57100:TCP:Pando Media Booster
"57100:UDP"= 57100:UDP:Pando Media Booster
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [12/16/2011 2:57 PM 64512]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [12/20/2010 3:37 PM 28552]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;d:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [9/21/2010 6:06 AM 34968]
R2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;d:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 8:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;d:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 8:44 AM 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/12/2011 10:07 AM 2152152]
R2 lxdn_device;lxdn_device;d:\windows\system32\lxdncoms.exe -service --> d:\windows\system32\lxdncoms.exe -service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/17/2011 6:21 PM 2214504]
R2 S3D Service (Win32);S3D Service (Win32);d:\program files\iZ3D Driver\Win32\S3DCService.exe [9/21/2010 6:06 AM 360960]
R2 SgtSch2Svc;Seagate Scheduler2 Service;d:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 6:49 PM 136176]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [12/13/2011 11:46 AM 98984]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\EagleXNt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
S3 P0630VID;Creative WebCam Live!;d:\windows\system32\drivers\P0630Vid.sys [9/10/2010 3:19 PM 91797]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 21:03]
.
2011-12-31 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 00:49]
.
2011-12-31 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 00:49]
.
2011-12-31 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-31 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1958367476-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-30 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-31 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1958367476-725345543-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.skype.com/go/help.guides.ieaddon?lang=EN
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - d:\documents and settings\tyler\Application Data\Mozilla\Firefox\Profiles\jhxdcmx4.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 12:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(828)
d:\windows\system32\relog_ap.dll
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4164)
d:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
d:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
------------------------ Other Running Processes ------------------------
.
d:\progra~1\COMMON~1\AOL\ACS\acsd.exe
d:\program files\Nero\Nero 7\InCD\InCDsrv.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\lxdncoms.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\wanmpsvc.exe
d:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\windows\system32\RunDLL32.exe
d:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\Pando Networks\Media Booster\PMB.exe
d:\program files\Lavasoft\Ad-Aware\AAWTray.exe
d:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\mspaint.exe
.
**************************************************************************
.
Completion time: 2011-12-31 12:54:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 18:54
ComboFix2.txt 2011-12-29 23:16
ComboFix3.txt 2011-12-23 02:08
.
Pre-Run: 489,418,711,040 bytes free
Post-Run: 489,416,978,432 bytes free
.
- - End Of File - - F56F17628FB168B7334DC04F2CFC1364




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users