Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Antispyware 2012, Redirect, spambot


  • This topic is locked This topic is locked
23 replies to this topic

#1 Doug B

Doug B

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 24 December 2011 - 09:21 PM

About a week ago, computer became infected with XP Antispyware 2012.

I'm computer-savy enough to know the basics, but I'm not a computer expert by any means. Been "fighting" this virus for a few hours every night, with only limited success. I'm not sure how to turn on the windows firewall though...or even if it would be helpful.

With the "kill" download from BleepingComputer, I was able to run Malwarebyes (several times), and Spybot. That seems to have stopped the constant pop-ups from the Antispyware virus. However, I'm still experiencing redirects (maybe 30% of the time), and Comcast keeps sending me emails, indicating my computer is spamming emails out.

I ran the TDSS Killer download from Bleeping. It says I have the following problems, and can not "cure" them:
FASTTX2K
MXLW2K
NETBT
PFC
PXHELP20
DEVICE\HARDDISK0\DRO

I've run malwarebytes in normal mode, and in safe mode.

I ran the DDS download, and created the text file. I'm running the GMER download now... it's been running for nearly four hours.

Here is the info from the text file.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 17:16:45 on 2011-12-24
.
============== Running Processes ===============
.
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\CCQ51H1.com
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://qus9.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\docume~1\owner\locals~1\temp\ssupdate.exe software\superantispyware.com\SUPERAntiSpyware
uRun: [NortonUpdateAgent] c:\documents and settings\all users\application data\norton\NUA.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [EPSON Stylus CX6600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
dRunOnce: [CMSRegOW.exe] "c:\program files\installshield installation information\{56f3e1ff-54fe-4384-a153-6ccaba097814}\CMSRegOW.exe" /r
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229751901703
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.110.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{9AEE5692-756C-4474-9402-7F9EFC33EAAA} : DhcpNameServer = 68.87.72.134 68.87.77.134
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? MBAMSwissArmy;MBAMSwissArmy
R? McComponentHostService;McAfee Security Scan Component Host Service
R? mrtRate;mrtRate
R? nosGetPlusHelper;getPlus® Helper 3004
R? NPF;WinPcap Packet Driver (NPF)
R? SASENUM;SASENUM
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Symantec Core LC;Symantec Core LC
.
=============== Created Last 30 ================
.
2011-12-24 10:12:04 29184 ----a-w- c:\windows\system32\CCQ51H1.com
2011-12-20 13:09:34 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-12-20 13:09:34 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-12-20 13:09:34 100880 ----a-w- c:\windows\system32\Packet.dll
.
==================== Find3M ====================
.
2011-12-23 02:38:20 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2004-08-04 09:00:00 561179 ----a-w- c:\program files\common files\dao360.dll
.
============= FINISH: 17:19:42.09 ===============
Attached File  dds.txt   11.04KB   1 downloads

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 24 December 2011 - 09:31 PM

:welcome:

Which operating system is installed?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 24 December 2011 - 11:16 PM

I'm running XP

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 24 December 2011 - 11:24 PM

Please post the TDSSKiller report. It should be saved in the C:\ folder.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in


    netsvcs
    set /c
    /md5start
    UXTHEME.DLL
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    Userinit.exe
    Explorer.exe
    Winlogon.exe
    Regedit.exe
    SCLWAPI.dll
    NETBT.sys
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 25 December 2011 - 08:55 AM

Here is the report. I'm working on the download now.Attached File  TDSSKiller.2.6.25.0_24.12.2011_16.39.07_log.txt   60.22KB   1 downloads

16:39:07.0234 3272 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:39:09.0234 3272 ============================================================
16:39:09.0234 3272 Current date / time: 2011/12/24 16:39:09.0234
16:39:09.0234 3272 SystemInfo:
16:39:09.0234 3272
16:39:09.0234 3272 OS Version: 5.1.2600 ServicePack: 2.0
16:39:09.0234 3272 Product type: Workstation
16:39:09.0234 3272 ComputerName: HAL-9000
16:39:09.0234 3272 UserName: Owner
16:39:09.0234 3272 Windows directory: C:\WINDOWS
16:39:09.0234 3272 System windows directory: C:\WINDOWS
16:39:09.0234 3272 Processor architecture: Intel x86
16:39:09.0234 3272 Number of processors: 2
16:39:09.0234 3272 Page size: 0x1000
16:39:09.0234 3272 Boot type: Normal boot
16:39:09.0234 3272 ============================================================
16:39:14.0515 3272 Initialize success
16:39:30.0750 4076 ============================================================
16:39:30.0750 4076 Scan started
16:39:30.0750 4076 Mode: Manual; SigCheck; TDLFS;
16:39:30.0750 4076 ============================================================
16:39:33.0640 4076 Abiosdsk - ok
16:39:33.0671 4076 abp480n5 - ok
16:39:33.0781 4076 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:39:37.0281 4076 ACPI - ok
16:39:37.0421 4076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:39:37.0734 4076 ACPIEC - ok
16:39:37.0765 4076 adpu160m - ok
16:39:37.0843 4076 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:39:39.0375 4076 aec - ok
16:39:39.0515 4076 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:39:39.0609 4076 AFD - ok
16:39:39.0671 4076 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:39:39.0906 4076 agp440 - ok
16:39:39.0984 4076 Aha154x - ok
16:39:40.0000 4076 aic78u2 - ok
16:39:40.0046 4076 aic78xx - ok
16:39:40.0078 4076 AliIde - ok
16:39:40.0125 4076 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:39:40.0375 4076 AmdK7 - ok
16:39:40.0515 4076 amsint - ok
16:39:40.0578 4076 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:39:40.0781 4076 Arp1394 - ok
16:39:40.0843 4076 asc - ok
16:39:40.0875 4076 asc3350p - ok
16:39:40.0890 4076 asc3550 - ok
16:39:40.0953 4076 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:39:41.0171 4076 AsyncMac - ok
16:39:41.0203 4076 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:39:41.0421 4076 atapi - ok
16:39:41.0468 4076 Atdisk - ok
16:39:41.0531 4076 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:39:41.0734 4076 Atmarpc - ok
16:39:41.0937 4076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:39:42.0250 4076 audstub - ok
16:39:42.0421 4076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:39:42.0578 4076 Beep - ok
16:39:42.0625 4076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:39:42.0796 4076 cbidf2k - ok
16:39:42.0843 4076 cd20xrnt - ok
16:39:42.0890 4076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:39:43.0062 4076 Cdaudio - ok
16:39:43.0156 4076 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:39:43.0312 4076 Cdfs - ok
16:39:43.0375 4076 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:39:43.0500 4076 Cdrom - ok
16:39:43.0531 4076 Changer - ok
16:39:43.0578 4076 CmdIde - ok
16:39:43.0609 4076 Cpqarray - ok
16:39:43.0671 4076 ctac32k (e26f760a414840625bcba014077fe4d3) C:\WINDOWS\system32\drivers\ctac32k.sys
16:39:43.0734 4076 ctac32k - ok
16:39:43.0812 4076 ctaud2k (64eff5848a530285f44b5da67210b538) C:\WINDOWS\system32\drivers\ctaud2k.sys
16:39:43.0875 4076 ctaud2k - ok
16:39:43.0984 4076 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:39:53.0156 4076 ctdvda2k - ok
16:39:53.0437 4076 ctprxy2k (1c9154cf6a2e4e765ebdf9c121268b84) C:\WINDOWS\system32\drivers\ctprxy2k.sys
16:39:53.0500 4076 ctprxy2k - ok
16:39:53.0546 4076 ctsfm2k (3eb3112a1f03309eace7be6dabef7bcd) C:\WINDOWS\system32\drivers\ctsfm2k.sys
16:39:53.0609 4076 ctsfm2k - ok
16:39:53.0656 4076 dac2w2k - ok
16:39:53.0703 4076 dac960nt - ok
16:39:53.0781 4076 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:39:54.0000 4076 Disk - ok
16:39:54.0078 4076 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
16:39:54.0515 4076 dmboot - ok
16:39:54.0750 4076 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
16:39:54.0968 4076 dmio - ok
16:39:55.0265 4076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:39:55.0500 4076 dmload - ok
16:39:55.0578 4076 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:39:55.0765 4076 DMusic - ok
16:39:55.0812 4076 dpti2o - ok
16:39:55.0906 4076 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:39:56.0078 4076 drmkaud - ok
16:39:56.0296 4076 eeCtrl (cf06c54cbccf071e1ee322adb8ebd982) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:39:56.0593 4076 eeCtrl - ok
16:39:56.0890 4076 emupia (13fb2f55d7acb5a60773046ed5f9145c) C:\WINDOWS\system32\drivers\emupia2k.sys
16:39:56.0953 4076 emupia - ok
16:39:57.0218 4076 EraserUtilRebootDrv (fd1c2188857a43fb762bf2a947ab1778) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:39:57.0281 4076 EraserUtilRebootDrv - ok
16:39:57.0609 4076 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:39:57.0812 4076 Fastfat - ok
16:39:58.0062 4076 fasttx2k (0df33229f0f017c4bab0c1cf8e0f26f2) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
16:39:58.0156 4076 fasttx2k ( UnsignedFile.Multi.Generic ) - warning
16:39:58.0156 4076 fasttx2k - detected UnsignedFile.Multi.Generic (1)
16:39:58.0390 4076 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:39:58.0609 4076 Fdc - ok
16:39:58.0859 4076 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
16:39:59.0109 4076 Fips - ok
16:39:59.0187 4076 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:39:59.0406 4076 Flpydisk - ok
16:39:59.0546 4076 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
16:39:59.0812 4076 FltMgr - ok
16:40:00.0156 4076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:40:00.0453 4076 Fs_Rec - ok
16:40:00.0843 4076 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys
16:40:01.0109 4076 FTDIBUS - ok
16:40:01.0500 4076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:40:01.0937 4076 Ftdisk - ok
16:40:02.0265 4076 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys
16:40:02.0484 4076 FTSER2K - ok
16:40:02.0781 4076 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:40:02.0859 4076 GEARAspiWDM - ok
16:40:02.0937 4076 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:40:03.0171 4076 Gpc - ok
16:40:03.0421 4076 ha10kx2k (3a7634071aa670e3b782cf9bd3cd3a80) C:\WINDOWS\system32\drivers\ha10kx2k.sys
16:40:03.0593 4076 ha10kx2k - ok
16:40:04.0328 4076 hap16v2k (2562ef331ae2d66edd130501b0455a70) C:\WINDOWS\system32\drivers\hap16v2k.sys
16:40:04.0625 4076 hap16v2k - ok
16:40:04.0953 4076 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:40:05.0187 4076 HidUsb - ok
16:40:05.0296 4076 hpn - ok
16:40:05.0453 4076 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
16:40:05.0656 4076 HTTP - ok
16:40:05.0703 4076 i2omgmt - ok
16:40:05.0734 4076 i2omp - ok
16:40:05.0781 4076 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:40:05.0984 4076 i8042prt - ok
16:40:06.0078 4076 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:40:06.0687 4076 ialm - ok
16:40:06.0984 4076 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:40:07.0187 4076 Imapi - ok
16:40:07.0250 4076 ini910u - ok
16:40:07.0328 4076 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
16:40:07.0562 4076 IntelIde - ok
16:40:07.0625 4076 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:40:07.0843 4076 intelppm - ok
16:40:07.0921 4076 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
16:40:08.0156 4076 ip6fw - ok
16:40:08.0562 4076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:40:08.0859 4076 IpFilterDriver - ok
16:40:09.0203 4076 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:40:09.0437 4076 IpInIp - ok
16:40:09.0687 4076 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:40:09.0812 4076 IpNat - ok
16:40:10.0046 4076 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:40:10.0265 4076 IPSec - ok
16:40:10.0625 4076 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:40:10.0812 4076 IRENUM - ok
16:40:11.0015 4076 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:40:11.0312 4076 isapnp - ok
16:40:11.0656 4076 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:40:11.0875 4076 Kbdclass - ok
16:40:11.0984 4076 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:40:12.0281 4076 kmixer - ok
16:40:12.0468 4076 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
16:40:12.0625 4076 KSecDD - ok
16:40:12.0750 4076 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:40:12.0812 4076 Lavasoft Kernexplorer - ok
16:40:12.0984 4076 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:40:13.0031 4076 Lbd - ok
16:40:13.0062 4076 lbrtfdc - ok
16:40:13.0203 4076 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
16:40:13.0484 4076 ltmodem5 - ok
16:40:13.0500 4076 MBAMSwissArmy - ok
16:40:13.0562 4076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:40:13.0828 4076 mnmdd - ok
16:40:13.0875 4076 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
16:40:14.0125 4076 Modem - ok
16:40:14.0203 4076 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:40:14.0421 4076 Mouclass - ok
16:40:14.0453 4076 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:40:14.0640 4076 MountMgr - ok
16:40:14.0703 4076 mraid35x - ok
16:40:14.0718 4076 mrtRate - ok
16:40:14.0812 4076 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:40:15.0000 4076 MRxDAV - ok
16:40:15.0140 4076 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:40:15.0281 4076 MRxSmb - ok
16:40:15.0343 4076 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:40:15.0515 4076 Msfs - ok
16:40:15.0546 4076 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:40:15.0765 4076 MSKSSRV - ok
16:40:15.0843 4076 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:40:16.0015 4076 MSPCLOCK - ok
16:40:16.0062 4076 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:40:16.0250 4076 MSPQM - ok
16:40:16.0343 4076 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:40:16.0515 4076 mssmbios - ok
16:40:16.0640 4076 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:40:16.0953 4076 Mup - ok
16:40:17.0093 4076 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys
16:40:17.0171 4076 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
16:40:17.0171 4076 MxlW2k - detected UnsignedFile.Multi.Generic (1)
16:40:17.0484 4076 NAVENG (0f4c87f9594787b4fc2928d381a3d801) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.066\NAVENG.SYS
16:40:17.0531 4076 NAVENG - ok
16:40:17.0640 4076 NAVEX15 (acd6d7ecbd38b3b1a573d97148d3c907) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060823.066\NAVEX15.SYS
16:40:17.0796 4076 NAVEX15 - ok
16:40:18.0078 4076 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:40:18.0312 4076 NDIS - ok
16:40:18.0609 4076 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:40:18.0859 4076 NdisTapi - ok
16:40:19.0000 4076 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:40:19.0234 4076 Ndisuio - ok
16:40:19.0343 4076 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:40:19.0593 4076 NdisWan - ok
16:40:19.0921 4076 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:40:20.0156 4076 NDProxy - ok
16:40:20.0281 4076 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:40:20.0515 4076 NetBIOS - ok
16:40:20.0562 4076 NetBT (6ea52432d25a7b1a98699c1ecba7a167) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:40:20.0609 4076 NetBT ( UnsignedFile.Multi.Generic ) - warning
16:40:20.0609 4076 NetBT - detected UnsignedFile.Multi.Generic (1)
16:40:20.0734 4076 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:40:20.0937 4076 NIC1394 - ok
16:40:21.0109 4076 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
16:40:21.0156 4076 NPF - ok
16:40:21.0218 4076 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:40:21.0421 4076 Npfs - ok
16:40:21.0546 4076 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
16:40:21.0734 4076 Ntfs - ok
16:40:22.0125 4076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:40:22.0343 4076 Null - ok
16:40:22.0906 4076 nv (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:40:23.0234 4076 nv - ok
16:40:23.0593 4076 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
16:40:23.0687 4076 nv_agp - ok
16:40:23.0765 4076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:40:23.0968 4076 NwlnkFlt - ok
16:40:24.0296 4076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:40:24.0531 4076 NwlnkFwd - ok
16:40:24.0640 4076 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:40:24.0812 4076 ohci1394 - ok
16:40:24.0937 4076 ossrv (a1afa94352d0a588bb24f23ea470692e) C:\WINDOWS\system32\drivers\ctoss2k.sys
16:40:25.0015 4076 ossrv - ok
16:40:25.0078 4076 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
16:40:25.0265 4076 Parport - ok
16:40:25.0359 4076 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:40:25.0578 4076 PartMgr - ok
16:40:25.0828 4076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:40:26.0093 4076 ParVdm - ok
16:40:26.0187 4076 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
16:40:26.0375 4076 PCI - ok
16:40:26.0390 4076 PCIDump - ok
16:40:26.0421 4076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:40:26.0687 4076 PCIIde - ok
16:40:26.0859 4076 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:40:27.0046 4076 Pcmcia - ok
16:40:27.0062 4076 PDCOMP - ok
16:40:27.0093 4076 PDFRAME - ok
16:40:27.0125 4076 PDRELI - ok
16:40:27.0140 4076 PDRFRAME - ok
16:40:27.0171 4076 perc2 - ok
16:40:27.0218 4076 perc2hib - ok
16:40:27.0328 4076 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\system32\drivers\pfc.sys
16:40:27.0390 4076 pfc ( UnsignedFile.Multi.Generic ) - warning
16:40:27.0390 4076 pfc - detected UnsignedFile.Multi.Generic (1)
16:40:27.0453 4076 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
16:40:27.0515 4076 PfModNT - ok
16:40:27.0671 4076 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:40:27.0875 4076 PptpMiniport - ok
16:40:27.0953 4076 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
16:40:28.0171 4076 Processor - ok
16:40:28.0281 4076 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
16:40:28.0343 4076 Ps2 - ok
16:40:28.0437 4076 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:40:28.0640 4076 PSched - ok
16:40:28.0843 4076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:40:29.0078 4076 Ptilink - ok
16:40:29.0500 4076 PxHelp20 (80c824c78dd1cac1833ae5dcca02b327) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:40:29.0562 4076 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:40:29.0562 4076 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:40:29.0625 4076 ql1080 - ok
16:40:29.0687 4076 Ql10wnt - ok
16:40:29.0750 4076 ql12160 - ok
16:40:29.0781 4076 ql1240 - ok
16:40:29.0828 4076 ql1280 - ok
16:40:29.0937 4076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:40:30.0125 4076 RasAcd - ok
16:40:30.0203 4076 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:40:30.0406 4076 Rasl2tp - ok
16:40:30.0437 4076 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:40:30.0625 4076 RasPppoe - ok
16:40:30.0671 4076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:40:30.0875 4076 Raspti - ok
16:40:30.0953 4076 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:40:31.0218 4076 Rdbss - ok
16:40:31.0265 4076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:40:31.0484 4076 RDPCDD - ok
16:40:31.0546 4076 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:40:31.0656 4076 RDPWD - ok
16:40:31.0718 4076 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:40:31.0921 4076 redbook - ok
16:40:32.0000 4076 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
16:40:32.0093 4076 rtl8139 - ok
16:40:32.0140 4076 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
16:40:32.0343 4076 S3Psddr - ok
16:40:32.0468 4076 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:40:32.0515 4076 SASDIFSV - ok
16:40:32.0546 4076 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
16:40:32.0578 4076 SASENUM - ok
16:40:32.0625 4076 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
16:40:32.0671 4076 SASKUTIL - ok
16:40:32.0890 4076 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
16:40:33.0078 4076 sbp2port - ok
16:40:33.0203 4076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:40:33.0312 4076 Secdrv - ok
16:40:33.0359 4076 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:40:33.0562 4076 Serenum - ok
16:40:33.0640 4076 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
16:40:33.0843 4076 Serial - ok
16:40:33.0890 4076 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:40:34.0109 4076 Sfloppy - ok
16:40:34.0375 4076 Simbad - ok
16:40:34.0468 4076 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
16:40:34.0703 4076 SiS315 - ok
16:40:34.0843 4076 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
16:40:34.0968 4076 SISAGP - ok
16:40:35.0062 4076 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
16:40:35.0140 4076 SiSkp - ok
16:40:35.0171 4076 Sparrow - ok
16:40:35.0500 4076 SPBBCDrv (286ae4ae9b10f92e97e51a1ab684b432) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:40:35.0578 4076 SPBBCDrv - ok
16:40:35.0734 4076 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:40:35.0921 4076 splitter - ok
16:40:36.0250 4076 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
16:40:36.0453 4076 sr - ok
16:40:36.0812 4076 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
16:40:36.0875 4076 SRTSP - ok
16:40:37.0000 4076 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
16:40:37.0109 4076 SRTSPL - ok
16:40:37.0187 4076 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
16:40:37.0296 4076 SRTSPX - ok
16:40:37.0421 4076 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
16:40:37.0578 4076 Srv - ok
16:40:37.0859 4076 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:40:38.0046 4076 swenum - ok
16:40:38.0359 4076 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:40:38.0578 4076 swmidi - ok
16:40:38.0625 4076 symc810 - ok
16:40:38.0656 4076 symc8xx - ok
16:40:38.0750 4076 SYMDNS (1d8fb1e5d6859d38e3ebca5febc6839f) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
16:40:38.0843 4076 SYMDNS - ok
16:40:38.0906 4076 SymEvent (9e4188476848b2ef86f9c44d5164e724) C:\WINDOWS\System32\Drivers\SYMEVENT.SYS
16:40:38.0984 4076 SymEvent - ok
16:40:39.0015 4076 SYMFW (91fcddf2cbaf898126ae7dfa5ce570ed) C:\WINDOWS\System32\Drivers\SYMFW.SYS
16:40:39.0062 4076 SYMFW - ok
16:40:39.0125 4076 SYMIDS (9584e278787ad65e82eec5694f77cb54) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
16:40:39.0171 4076 SYMIDS - ok
16:40:39.0359 4076 SYMIDSCO (e9d69811c57a4e36ba14c5f71b6741b2) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\SymIDSCo.sys
16:40:39.0453 4076 SYMIDSCO - ok
16:40:39.0812 4076 SYMNDIS (ceadd29bd10fe8775775e5707790dd6c) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
16:40:39.0875 4076 SYMNDIS - ok
16:40:40.0187 4076 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16:40:40.0234 4076 SYMREDRV - ok
16:40:40.0578 4076 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
16:40:40.0734 4076 SYMTDI - ok
16:40:41.0000 4076 sym_hi - ok
16:40:41.0093 4076 sym_u3 - ok
16:40:41.0203 4076 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:40:41.0421 4076 sysaudio - ok
16:40:41.0828 4076 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:40:42.0171 4076 Tcpip - ok
16:40:42.0468 4076 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:40:42.0671 4076 TDPIPE - ok
16:40:43.0093 4076 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:40:43.0359 4076 TDTCP - ok
16:40:43.0781 4076 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:40:44.0015 4076 TermDD - ok
16:40:44.0343 4076 TosIde - ok
16:40:44.0515 4076 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:40:44.0843 4076 Udfs - ok
16:40:45.0093 4076 ultra - ok
16:40:45.0171 4076 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
16:40:45.0312 4076 Update - ok
16:40:45.0437 4076 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:40:45.0625 4076 USBAAPL - ok
16:40:45.0703 4076 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:40:45.0906 4076 usbccgp - ok
16:40:45.0953 4076 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:40:46.0125 4076 usbehci - ok
16:40:46.0203 4076 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:40:46.0421 4076 usbhub - ok
16:40:46.0500 4076 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:40:46.0718 4076 usbohci - ok
16:40:46.0750 4076 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:40:46.0937 4076 usbprint - ok
16:40:46.0953 4076 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:40:47.0156 4076 usbscan - ok
16:40:47.0203 4076 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:40:47.0406 4076 USBSTOR - ok
16:40:47.0437 4076 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:40:47.0640 4076 usbuhci - ok
16:40:47.0687 4076 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:40:47.0890 4076 VgaSave - ok
16:40:47.0968 4076 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
16:40:48.0093 4076 viaagp1 - ok
16:40:48.0140 4076 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
16:40:48.0375 4076 ViaIde - ok
16:40:48.0421 4076 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
16:40:48.0640 4076 VolSnap - ok
16:40:48.0734 4076 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:40:48.0937 4076 Wanarp - ok
16:40:48.0953 4076 WDICA - ok
16:40:49.0015 4076 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:40:49.0140 4076 wdmaud - ok
16:40:49.0281 4076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:40:49.0515 4076 WS2IFSL - ok
16:40:49.0687 4076 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
16:40:49.0781 4076 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
16:40:49.0843 4076 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
16:40:49.0937 4076 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
16:40:49.0968 4076 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
16:40:50.0015 4076 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:40:50.0015 4076 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:40:50.0031 4076 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
16:40:56.0234 4076 \Device\Harddisk2\DR4 - ok
16:40:56.0250 4076 MBR (0x1B8) (3e752626494c3e5f1bb570a2c8e0c0d3) \Device\Harddisk5\DR7
16:41:06.0796 4076 \Device\Harddisk5\DR7 - ok
16:41:06.0812 4076 Boot (0x1200) (bc50d40dad9d9af4f36c766fdc993fbe) \Device\Harddisk0\DR0\Partition0
16:41:06.0828 4076 \Device\Harddisk0\DR0\Partition0 - ok
16:41:06.0859 4076 Boot (0x1200) (69d276d12825b0400ffbfab3c87a293c) \Device\Harddisk0\DR0\Partition1
16:41:06.0875 4076 \Device\Harddisk0\DR0\Partition1 - ok
16:41:07.0531 4076 Boot (0x1200) (6ddcdbfbf182d40db9e073ed0436a4b6) \Device\Harddisk2\DR4\Partition0
16:41:07.0531 4076 \Device\Harddisk2\DR4\Partition0 - ok
16:41:07.0578 4076 Boot (0x1200) (49ac77f1bd591e682b2af10acd4f0479) \Device\Harddisk5\DR7\Partition0
16:41:07.0578 4076 \Device\Harddisk5\DR7\Partition0 - ok
16:41:07.0578 4076 ============================================================
16:41:07.0578 4076 Scan finished
16:41:07.0578 4076 ============================================================
16:41:07.0703 3568 Detected object count: 6
16:41:07.0703 3568 Actual detected object count: 6
16:41:45.0265 3568 fasttx2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:45.0265 3568 fasttx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:41:45.0265 3568 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:45.0265 3568 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:41:45.0265 3568 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:45.0265 3568 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:41:45.0265 3568 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:45.0265 3568 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:41:45.0281 3568 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:45.0281 3568 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:41:45.0281 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:41:45.0281 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:44:02.0234 0688 Deinitialize success

Edited by JSntgRvr, 25 December 2011 - 10:22 AM.


#6 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 25 December 2011 - 09:27 AM

Here is the text file. I have attached the extra fileAttached File  Extras.Txt   36.36KB   0 downloads


OTL logfile created on: 12/25/2011 9:03:13 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 163.15 Mb Available Physical Memory | 15.94% Memory free
2.41 Gb Paging File | 1.52 Gb Available in Paging File | 63.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.95 Gb Total Space | 91.63 Gb Free Space | 61.93% Space Free | Partition Type: NTFS
Drive D: | 4.69 Gb Total Space | 0.80 Gb Free Space | 17.09% Space Free | Partition Type: FAT32
Drive I: | 124.94 Mb Total Space | 29.73 Mb Free Space | 23.80% Space Free | Partition Type: FAT
Drive M: | 5.67 Gb Total Space | 4.04 Gb Free Space | 71.28% Space Free | Partition Type: FAT32

Computer Name: HAL-9000 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 09:01:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/04/17 18:17:31 | 001,378,040 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/17 18:17:31 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/07 14:40:04 | 001,819,504 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/20 19:58:48 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/03 02:04:26 | 000,084,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/03 02:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/09/02 18:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
PRC - [2006/09/02 18:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/09/01 23:33:40 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2004/08/04 02:56:55 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2004/02/29 21:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE
PRC - [2003/07/24 04:36:57 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/05/28 21:59:16 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\cthelper.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/04/17 18:17:39 | 000,177,624 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/04/17 18:17:38 | 000,272,368 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/02/20 19:14:08 | 000,403,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2010/11/03 18:30:41 | 000,300,368 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2008/06/20 12:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:41:10 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/09/02 18:36:33 | 000,159,744 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
MOD - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
MOD - [2003/02/21 05:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2003/02/21 05:49:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/17 18:17:31 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/03/03 20:01:16 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/09/05 20:22:26 | 000,079,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/09/03 02:54:52 | 000,048,272 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/09/03 02:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006/09/03 02:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/09/03 02:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/09/03 02:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/09/02 18:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 18:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/09/01 23:33:40 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/12/22 21:38:20 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2011/12/22 18:23:25 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/22 18:23:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/12/22 18:23:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/12/20 08:09:34 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/11/03 18:30:42 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/27 20:11:00 | 000,140,800 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2010/07/06 12:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/24 07:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 11:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 09:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/22 06:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/10/01 12:01:28 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/08/14 04:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 05:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/03 20:02:09 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/12/18 04:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/30 19:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 19:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/30 19:55:28 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/30 19:55:24 | 000,035,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/10/30 19:55:20 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/30 19:55:14 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/05/17 10:22:42 | 000,057,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/05/17 10:22:40 | 000,024,209 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/04/23 05:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/08/28 22:55:04 | 000,176,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20060901.084\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006/08/23 03:00:00 | 000,828,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060823.066\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/08/23 03:00:00 | 000,384,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/08/23 03:00:00 | 000,099,176 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/08/23 03:00:00 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060823.066\NAVENG.SYS -- (NAVENG)
DRV - [2006/08/21 04:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/08/18 08:47:10 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/06/14 04:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 03:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 03:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/05 04:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/02/14 19:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/09 23:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/09/29 17:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 03:01:07 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 03:01:07 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 03:01:07 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 01:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 01:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 01:15:20 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 01:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 01:14:36 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 01:14:31 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 01:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 01:14:26 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 01:14:22 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 01:14:16 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 01:14:10 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 01:10:08 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2004/08/04 01:08:46 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2004/08/04 01:08:42 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 01:08:37 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 01:08:37 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 01:08:36 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 01:08:05 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 01:07:57 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 01:07:47 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 01:07:46 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 01:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440)
DRV - [2004/08/04 01:07:38 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2004/08/04 01:07:17 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 01:07:16 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 01:07:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 01:06:25 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 01:05:07 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 01:05:03 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 01:04:57 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 01:04:45 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 01:04:19 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 01:04:12 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 01:03:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 01:03:12 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 01:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/04 01:00:46 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 01:00:43 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 01:00:41 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 01:00:31 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 01:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 01:00:15 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 01:00:06 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2004/08/04 00:59:56 | 000,043,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/04 00:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 00:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 00:59:42 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2004/08/04 00:59:41 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/04 00:59:37 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/04 00:59:27 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 00:59:27 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 00:59:20 | 000,037,376 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2004/08/04 00:59:19 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/04 00:59:17 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 00:59:07 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (Serenum)
DRV - [2004/08/04 00:59:06 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 00:58:45 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/04 00:58:41 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/04 00:58:41 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 00:58:40 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2004/08/04 00:58:38 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/04 00:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 00:58:32 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 00:58:30 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 00:58:30 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 00:58:29 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/04 00:58:29 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/07/24 04:38:21 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/05/28 21:35:10 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/05/28 21:34:58 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/05/28 21:34:40 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/05/28 21:34:32 | 000,184,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/05/28 21:34:18 | 000,497,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/05/28 21:32:52 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/05/28 21:32:32 | 000,139,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/05/28 21:32:16 | 000,822,928 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/05/03 01:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/02 11:02:00 | 000,017,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2003/04/28 08:13:06 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/15 19:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 19:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/04/15 19:39:46 | 000,090,907 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/03/31 23:29:42 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/03/27 10:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/20 00:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/03/06 00:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/29 14:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2002/08/29 05:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2002/08/29 05:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2002/08/29 05:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2002/08/29 05:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2002/08/29 05:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2002/08/29 05:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2002/08/29 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 05:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2002/08/29 05:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2002/08/29 05:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2002/08/29 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2002/08/29 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2002/08/29 05:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2002/08/29 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2002/08/29 05:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2002/08/29 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2002/08/29 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2002/08/29 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2002/08/29 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2002/08/29 05:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2002/08/29 05:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2002/07/30 00:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 17:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 15:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-9d8ee47fdc21422e\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/20 19:58:49 | 000,000,000 | ---D | M]

[2009/02/21 23:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/02/21 23:26:44 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-9d8ee47fdc21422e\\NPRobloxProxy.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: getPlusPlus for Adobe 16297 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/20 08:10:41 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\cthelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229751901703 (MUWebControl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.110.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AEE5692-756C-4474-9402-7F9EFC33EAAA}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Kaspersky Lab)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/24 03:29:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 09:01:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/25 01:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/12/24 17:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2011/12/24 17:16:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/12/24 17:16:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/24 16:38:54 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/20 08:09:34 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/12/20 08:09:34 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/12/20 08:09:34 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/12/11 10:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2004/08/04 04:00:00 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[2003/05/28 21:30:04 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 09:12:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/25 09:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/25 09:04:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 09:01:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/25 08:55:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/25 08:52:34 | 000,001,404 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/12/25 08:52:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 08:52:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 08:30:10 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000004-10091102}.CDF
[2011/12/25 08:12:26 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/25 08:12:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/25 07:40:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 07:12:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/25 07:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/25 06:12:31 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/25 06:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/25 05:12:32 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/25 05:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/25 04:12:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/25 04:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/25 03:12:31 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/25 03:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/25 02:12:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/12/25 02:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/25 01:42:23 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/25 01:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/25 00:44:24 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/25 00:44:24 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/25 00:44:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\CCQ51H1.com.b
[2011/12/25 00:44:21 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\CCQ51H1.com_
[2011/12/25 00:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/24 23:23:25 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/24 23:23:25 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/24 23:12:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/24 22:16:26 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/24 22:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/24 21:16:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/24 21:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/24 20:18:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/24 20:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/24 19:26:24 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/24 19:17:29 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/24 19:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/24 19:05:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/24 18:12:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/24 17:30:12 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/12/24 17:16:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/24 17:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/24 16:39:03 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/24 09:14:40 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx
[2011/12/24 09:14:40 | 000,030,180 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx
[2011/12/24 09:14:40 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx
[2011/12/24 09:14:40 | 000,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx
[2011/12/24 09:14:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/12/24 09:14:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/12/24 09:14:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-10091102}.dat
[2011/12/24 09:14:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-10091102}.dat
[2011/12/24 07:57:05 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\p4uyu1Q.dat
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/21 20:15:34 | 000,000,203 | ---- | M] () -- C:\WINDOWS\RealFlight.INI
[2011/12/21 18:09:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job
[2011/12/21 08:56:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/20 08:09:34 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/12/20 08:09:34 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/12/20 08:09:34 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/12/19 21:24:52 | 000,017,442 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\633606y4q601n766l640f6ptl7l8
[2011/12/19 21:24:51 | 000,017,442 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\633606y4q601n766l640f6ptl7l8
[2011/12/18 14:29:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2011/12/16 07:54:59 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/12/15 03:42:59 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/11 17:34:57 | 000,172,636 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hannah0001.jpg
[2011/12/11 17:29:51 | 000,044,408 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\max0001-corrected.jpg
[2011/12/11 17:29:44 | 000,048,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\max0001.jpg
[2011/11/28 18:20:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 07:17:17 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\CCQ51H1.com_
[2011/12/25 00:44:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CCQ51H1.com.b
[2011/12/24 17:30:08 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/12/24 05:12:20 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\p4uyu1Q.dat
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/12/24 05:12:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/12/24 05:12:04 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/24 05:12:04 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/12/19 19:33:20 | 000,017,442 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\633606y4q601n766l640f6ptl7l8
[2011/12/19 19:33:20 | 000,017,442 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\633606y4q601n766l640f6ptl7l8
[2011/12/11 17:29:51 | 000,044,408 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\max0001-corrected.jpg
[2011/12/11 17:29:44 | 000,048,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\max0001.jpg
[2011/10/23 20:03:58 | 000,000,266 | ---- | C] () -- C:\WINDOWS\AQUALAND.INI
[2010/07/18 08:22:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 19:53:13 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/13 19:57:37 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2009/10/09 09:37:40 | 000,012,884 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dchy8w3hi.cab
[2009/10/09 09:37:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\miuevyi83.cab
[2009/08/22 14:22:58 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/22 14:22:58 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/08/22 14:22:35 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/08/22 14:22:34 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/08/22 14:22:34 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/08/09 21:08:17 | 000,004,965 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/04 20:04:56 | 000,001,089 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/07/20 21:01:55 | 000,000,203 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/04/06 21:16:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/03/18 21:38:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/03/15 06:19:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/04 21:13:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/03/04 21:10:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/04 21:10:23 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/03/04 21:10:23 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/03/04 21:10:23 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/03/04 21:10:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/04 21:08:04 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/03/04 21:08:04 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2008/03/04 21:08:04 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/03/04 21:05:32 | 000,000,227 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2008/03/03 21:29:26 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/03 21:14:38 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-10091102}.dat
[2008/03/03 21:14:38 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-10091102}.dat
[2008/03/03 20:39:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/03/03 20:39:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/03/03 20:39:09 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/03/03 20:39:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/03/03 20:38:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/03 20:38:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/03/03 20:38:27 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/03/03 20:37:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/03/03 20:36:42 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/03/03 20:09:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/03 19:23:25 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/03 19:23:25 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/03 19:23:24 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/03 19:23:15 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/03 19:23:05 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2004/04/15 19:00:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/07/26 05:17:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/26 05:16:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/07/26 03:57:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/07/24 05:10:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/07/24 05:10:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/07/24 05:10:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/07/24 05:05:31 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/07/24 05:02:11 | 000,025,438 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/07/24 05:01:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/07/24 05:01:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/07/24 04:47:54 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/24 04:47:40 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/24 04:19:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/24 04:10:16 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fasttx2k.sys
[2003/07/24 04:09:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/07/24 04:09:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/07/24 03:52:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/24 03:44:55 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/07/24 03:44:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/07/24 03:44:37 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/07/24 03:32:33 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/24 03:30:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/07/24 03:26:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/07/24 03:18:12 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/24 03:17:42 | 000,384,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/24 03:17:42 | 000,054,280 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/24 00:46:21 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/24 00:46:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/07/23 20:22:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/23 20:21:21 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/06/23 20:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/28 22:00:50 | 000,184,320 | ---- | C] () -- C:\WINDOWS\psconv.exe
[2003/05/28 21:57:20 | 000,191,028 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/05/28 21:45:14 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/05/28 21:40:32 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/05/28 21:40:16 | 000,003,662 | ---- | C] () -- C:\WINDOWS\System32\aud2_hp.ini
[2003/05/28 21:40:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/05/28 21:29:28 | 000,052,992 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/14 18:19:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002/05/24 10:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 10:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/09/22 02:08:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\killapps.exe
[2001/07/27 02:39:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\editinf.ini
[2001/07/27 02:39:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\editinf.exe
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll

========== Custom Scans ==========


< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAL-9000
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HAL-9000
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HAL-9000
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


< MD5 for: AGP440.SYS >
[2008/03/18 21:49:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/03/18 21:49:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 22:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/03/18 21:49:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/03/18 21:49:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 05:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 05:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 05:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: NETBT.SYS >
[2004/08/04 01:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2002/08/29 05:00:00 | 000,157,056 | ---- | M] (Microsoft Corporation) MD5=D96F3BC5A6E7452B0E3275B560DC8528 -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2004/08/04 01:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=FFDBA5117566BCE39547C8A40646B613 -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETLOGON.DLL >
[2002/08/29 05:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: REGEDIT.EXE >
[2004/08/04 02:56:55 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\regedit.exe
[2004/08/04 02:56:55 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2002/08/29 05:00:00 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=B28FB518CD2949715CBFCE0E93A7A535 -- C:\I386\REGEDIT.EXE
[2002/08/29 14:00:00 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=B28FB518CD2949715CBFCE0E93A7A535 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2002/08/29 14:00:00 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=B28FB518CD2949715CBFCE0E93A7A535 -- C:\WINDOWS\I386\REGEDIT.EXE

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 05:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/08/07 03:27:38 | 000,025,080 | ---- | M] (Kaspersky Lab) MD5=162EB9C9275EE7FB471E9E0E90D455D9 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2002/08/29 05:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: UXTHEME.DLL >
[2004/08/04 02:56:46 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2004/08/04 02:56:46 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\system32\uxtheme.dll
[2002/08/29 05:00:00 | 000,203,264 | ---- | M] (Microsoft Corporation) MD5=A33F4AF655381E7E7C4581FF2B8992B2 -- C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2002/08/29 05:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2011/12/25 08:51:51 | 000,019,915 | ---- | M] () -- C:\aaw7boot.log
[2009/12/18 12:48:56 | 000,177,664 | ---- | M] () -- C:\amy_checkbook_2008.xls
[2003/07/24 03:29:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/03/03 19:21:16 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2008/03/18 21:58:35 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2002/08/29 05:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2003/07/24 03:29:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/27 21:03:22 | 000,016,430 | ---- | M] () -- C:\cptime.log
[2003/07/24 03:29:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/16 12:41:19 | 000,000,373 | -H-- | M] () -- C:\IPH.PH
[2003/07/24 03:29:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/03/18 21:53:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/03/18 21:53:27 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/12/25 08:51:52 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2011/10/23 20:39:35 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/12/19 22:02:17 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/08/27 20:08:38 | 000,045,636 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_27.08.2010_21.07.54_log.txt
[2011/12/22 21:35:40 | 000,058,686 | ---- | M] () -- C:\TDSSKiller.2.6.24.0_22.12.2011_21.33.58_log.txt
[2011/12/23 17:04:34 | 000,179,874 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_23.12.2011_16.56.33_log.txt
[2011/12/24 16:44:02 | 000,061,662 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_24.12.2011_16.39.07_log.txt
[2010/06/06 20:23:18 | 000,000,032 | ---- | M] () -- C:\wizard.txt
[2008/09/14 02:45:16 | 000,000,308 | ---- | M] () -- C:\xcrashdump.dat

< %systemroot%\System32\config\*.sav >
[2003/07/23 20:20:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/07/23 20:20:45 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/07/23 20:20:45 | 000,385,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2011/12/25 08:55:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/21 08:56:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011/12/25 00:44:24 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/25 04:12:24 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/12/25 05:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/25 05:12:32 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/12/25 06:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/25 06:12:31 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/12/25 07:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/25 07:12:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/12/25 08:12:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/25 08:12:26 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/25 09:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/12/25 00:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/25 09:12:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/12/24 05:12:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/12/25 01:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/12/24 05:12:06 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/12/24 05:12:06 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/12/24 19:05:05 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/12/24 17:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/12/24 19:26:24 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/12/24 18:12:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/24 19:17:29 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/12/25 01:42:23 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/24 19:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/12/24 20:18:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/12/24 20:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/12/24 21:16:25 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/12/24 21:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/12/24 22:16:26 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/12/24 22:12:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/12/25 00:44:24 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/12/24 23:12:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/12/25 02:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/12/25 02:12:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/12/25 03:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/12/25 03:12:31 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/12/25 04:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/12/25 08:52:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 07:40:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 05:41:09 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/12/21 18:09:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Norton PC Checkup Weekday Scanner.job
[2011/12/18 14:29:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Norton PC Checkup Weekend Scanner.job

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB38281$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Edited by Doug B, 25 December 2011 - 09:30 AM.


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 25 December 2011 - 10:31 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 December 2011 - 01:02 PM

JSntgRvr,
I turned off my antivirus stuff, and ran COMBOFIX, as you described above.

I've been up and running for about a half-hour, visiting varios websites, with no apparent problems with re-directs. Also, good news, there is no PING.EXE running in my task manager. Things seem to be working correctly now, but how can I be sure?

Also, is there some sort of test or anti-virus thing I can try to make sure I don't have a data-miner?

Finally, what are the "PnkBstrA.exe" and "PnkBstrB.exe" files?



Here is the combfix text file:

ComboFix 11-12-26.02 - Owner 12/26/2011 12:14:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.679 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
C:\NetworkControl
c:\windows\$NtUninstallKB38281$\3342357169\@
c:\windows\$NtUninstallKB38281$\3342357169\bckfg.tmp
c:\windows\$NtUninstallKB38281$\3342357169\cfg.ini
c:\windows\$NtUninstallKB38281$\3342357169\Desktop.ini
c:\windows\$NtUninstallKB38281$\3342357169\keywords
c:\windows\$NtUninstallKB38281$\3342357169\kwrd.dll
c:\windows\$NtUninstallKB38281$\3342357169\L\qudmaeki
c:\windows\$NtUninstallKB38281$\3342357169\lsflt7.ver
c:\windows\$NtUninstallKB38281$\3342357169\U\00000001.$
c:\windows\$NtUninstallKB38281$\3342357169\U\00000001.@
c:\windows\$NtUninstallKB38281$\3342357169\U\00000002.@
c:\windows\$NtUninstallKB38281$\3342357169\U\00000004.@
c:\windows\$NtUninstallKB38281$\3342357169\U\80000000.@
c:\windows\$NtUninstallKB38281$\3342357169\U\80000004.@
c:\windows\$NtUninstallKB38281$\3342357169\U\80000032.@
c:\windows\$NtUninstallKB38281$\3846260535
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\ps2.bat
c:\windows\system32\stu2.exe
c:\windows\system32\userinitxx.exe
c:\windows\system32\wpcap.dll
C:\xcrashdump.dat
D:\Autorun.inf
c:\windows\$NtUninstallKB38281$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-25 12:17 . 2011-12-25 05:44 79872 ----a-w- c:\windows\system32\CCQ51H1.com_
2011-12-25 06:57 . 2011-12-25 06:57 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-24 14:18 . 2011-12-24 21:27 -------- d-----w- c:\documents and settings\Administrator
2011-12-20 13:09 . 2011-12-20 13:09 50704 ----a-w- c:\windows\system32\drivers\npf.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 02:38 . 2008-03-04 01:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2004-08-04 09:00 . 2004-08-04 09:00 561179 ----a-w- c:\program files\Common Files\dao360.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 835654]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2010-09-07 1819504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"CTHelper"="CTHELPER.EXE" [2003-05-29 28672]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 84640]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-06 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-04 49152]
"CMSRegOW.exe"="c:\program files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-12-29 233936]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/11/2010 6:13 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 1:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07 PM 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 12:28 PM 1378040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/3/2008 7:52 PM 99176]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 6:03 PM 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 6:03 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/21/2010 7:14 PM 15264]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/3/2008 8:39 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07 PM 12872]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 23:17]
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-12-25 c:\windows\Tasks\At10.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At12.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At14.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At16.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At18.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At2.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-26 c:\windows\Tasks\At20.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-26 c:\windows\Tasks\At22.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-26 c:\windows\Tasks\At24.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At26.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At28.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At30.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At32.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At34.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At36.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-24 c:\windows\Tasks\At38.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At4.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At40.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At42.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At44.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At46.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At48.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At6.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-25 c:\windows\Tasks\At8.job
- c:\windows\system32\CCQ51H1.com_ [2011-12-25 05:44]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 23:02]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 23:02]
.
2011-11-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-07 05:38]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-56241050.sys
SafeBoot-klmdb.sys
AddRemove-Creative Driver - c:\windows\System32\ctdrvins
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 12:39
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d8,49,b1,ef,04,c8,44,b8,8f,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d8,49,b1,ef,04,c8,44,b8,8f,15,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\CTSvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-12-26 12:46:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 17:46
.
Pre-Run: 98,230,595,584 bytes free
Post-Run: 99,321,929,728 bytes free
.
- - End Of File - - C216C21DAF4E32BF26D5E68A7981B21D

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 26 December 2011 - 03:20 PM

http://en.wikipedia.org/wiki/PunkBuster

Download the enclosed file.

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

=============================================

Update and launch Malwarebytes.

  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

=====================================================

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Edited by JSntgRvr, 26 December 2011 - 04:00 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 December 2011 - 05:22 PM

I'm re-running the combofix now, as instructed above. It says I still have a rootkit problem.

About an hour ago, the electrical power in my entire house shut down for a few seconds. Computer re-booted, and SpyBot anti-virus program (I guess it reactivated during start up) asked me about a bunch of registry changes. One of them was asking about re-setting the home page - I remember reading about that, the combofix may do something. My question is, during this process, during a reboot, should I tell Spybot to allow or deny registry changes? I was clicking on "deny" for nearly all of them.

#11 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 December 2011 - 05:36 PM

Just re-ran combofix, as directed above, dragging the file overtop. Here's the result, below.

PROBLEM: Tried to re-run Malwarebytes, as directed above. When I try, I get an error popping up in a blue box saying:

MALWAREBYTES ANTI-MALWARE
AN ERROR HAS OCCURRED. PLEASE REPORT THIS ERROR CODE TO OUR SUPPORT TEAM
PROGRAM ERROR LOAD_DATABASE (2,2,CREATESDK)
THE SYSTEM CANNOT FIND THE SPECIFIED FILE

I un-installed Malwarebytes, and re-installed from their website. No change.

Do you still want me to run the ESET scan? or??????



ComboFix 11-12-26.03 - Owner 12/26/2011 17:19:47.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.771 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\help\wmplayer.bak
c:\windows\system32\drivers\npf.sys
c:\windows\system32\regobj.dll
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 20:56 . 2011-12-26 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-26 20:56 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 12:17 . 2011-12-25 05:44 79872 ----a-w- c:\windows\system32\CCQ51H1.com_
2011-12-25 06:57 . 2011-12-25 06:57 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-24 14:18 . 2011-12-24 21:27 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 02:38 . 2008-03-04 01:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2004-08-04 09:00 . 2004-08-04 09:00 561179 ----a-w- c:\program files\Common Files\dao360.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_17.39.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-26 22:18 . 2011-12-26 22:18 16384 c:\windows\Temp\Perflib_Perfdata_588.dat
+ 2003-07-24 08:17 . 2011-12-26 17:51 54280 c:\windows\system32\perfc009.dat
- 2003-07-24 08:17 . 2011-12-25 04:23 54280 c:\windows\system32\perfc009.dat
+ 2003-07-24 08:17 . 2011-12-26 17:51 384596 c:\windows\system32\perfh009.dat
- 2003-07-24 08:17 . 2011-12-25 04:23 384596 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 835654]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"nwiz"="nwiz.exe" [2003-05-03 323584]
"CTHelper"="CTHELPER.EXE" [2003-05-29 28672]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-04 49152]
"CMSRegOW.exe"="c:\program files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-12-29 233936]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56241050.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/11/2010 6:13 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 1:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07 PM 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 6:03 PM 135664]
S2 mrtRate;mrtRate; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2010 6:03 PM 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 12:28 PM 1378040]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/21/2010 7:14 PM 15264]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/3/2008 8:39 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07 PM 12872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 23:17]
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 23:02]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 23:02]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/
mStart Page = hxxp://qus9.hpwis.com/
mSearch Bar = hxxp://srch-qus9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 17:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d8,49,b1,ef,04,c8,44,b8,8f,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d8,49,b1,ef,04,c8,44,b8,8f,15,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2011-12-26 17:31:31
ComboFix-quarantined-files.txt 2011-12-26 22:31
ComboFix2.txt 2011-12-26 17:46
.
Pre-Run: 100,068,614,144 bytes free
Post-Run: 100,155,768,832 bytes free
.
- - End Of File - - B64CF101A054BA90B7AF43BD5DF8D5FC

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 26 December 2011 - 07:09 PM

Combofix did what was instructed to do.

Please follow these steps:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. mbam-setup.exe

Launch the program. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that you can run a quick scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In regard to the online scan, please do.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 26 December 2011 - 08:55 PM

Understood.
When I re-boot my computer, I believe the Spybot antivirus software will notice several changes in the registry. What should I do when the Spybot asks me to "allow" or "deny" the changes?

Doug B

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,305 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:56 PM

Posted 26 December 2011 - 09:05 PM

Understood.
When I re-boot my computer, I believe the Spybot antivirus software will notice several changes in the registry. What should I do when the Spybot asks me to "allow" or "deny" the changes?

Doug B

Remove the program for the time being. You can always reinstall later.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Doug B

Doug B
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 27 December 2011 - 06:49 AM

Here is the log from the Malwarebytes scan, I ran this first. It found one item, and said it deleted the item.

Database version: 911122605

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/26/2011 9:34:55 PM
mbam-log-2011-12-26 (21-34-55).txt

Scan type: Quick scan
Objects scanned: 180837
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\ccq51h1.com_ (Trojan.Email) -> Quarantined and deleted successfully.







Here is the scan log from ESET. It found 18 items, and said it was able to delete 17 of them.Attached File  ESETscan results.txt   2.67KB   0 downloads

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAKMAntivirusPro2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance12.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.FXR trojan deleted - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1478\A0183223.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1478\A0184223.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1478\A0184256.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1479\A0184281.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1479\A0184309.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1480\A0184381.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1481\A0184408.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1481\A0184430.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1481\A0185429.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1481\A0185443.com a variant of Win32/Kryptik.XZQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1481\A0186429.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1481\A0186451.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1483\A0186688.exe a variant of Win32/Kryptik.FXR trojan deleted - quarantined
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan unable to clean



-Doug B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users