Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Sirefef.BV infected


  • This topic is locked This topic is locked
45 replies to this topic

#1 boocat

boocat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 15 March 2012 - 01:04 AM

I keep getting infected announcements from BullGuard, such as this: "BullGuard has just blocked an infected file on your computer. macformatservice.dll" (or, "XFX_program.dll", etc., etc.)
I run Windows XP, service pack 3. I usually use Chrome (or IE 7). I ran Malwarebytes and it doesn't get the "Trojan.Sirefef.BV" out. I am really dumb and don't know what to do. I ran this:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Processes
==============================================
0x8A3C4A00 [4] System
0x89A375E8 [156] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x8A15A6A0 [164] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x893B13D0 [320] C:\WINDOWS\system32\ping.exe (Microsoft Corporation, TCP/IP Ping Command)
0x89B81020 [372] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A1E86B0 [428] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x899F56A0 [508] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89A2D638 [564] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x89B7BBE0 [624] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A268C20 [712] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89B47320 [752] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A10B438 [780] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x88C8C020 [924] C:\Documents and Settings\boocat13\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x8994BA20 [960] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (-, -)
0x89AA1DA0 [1044] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89A86990 [1080] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0x887A3500 [1100] C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x89A64860 [1208] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8991DDA0 [1224] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x89A75DA0 [1232] C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd., BullGuard Behavioural Detection)
0x89A6A988 [1248] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89A59B30 [1268] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88B3ADA0 [1304] C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8A135DA0 [1348] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x89A4E020 [1436] C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd., BullGuard Scanner)
0x8994DDA0 [1480] C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation, User Profile Hive Cleanup Service)
0x89A49BE0 [1500] C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd., BullGuard Update)
0x8A1E15A0 [1560] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A295DA0 [1572] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8A190BE0 [1888] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8993FB28 [1904] C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com, Amazon Unbox Video Service)
0x8A133B28 [1968] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89234308 [3068] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x893F2A30 [3156] C:\WINDOWS\system32\ping.exe (Microsoft Corporation, TCP/IP Ping Command)
0x88E18358 [3380] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x89B5D248 [3620] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x887C0C00 [3704] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd., BullGuard)
0x88795100 [3816] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x888FDA48 [3940] C:\WINDOWS\system32\ping.exe (Microsoft Corporation, TCP/IP Ping Command)
0x88C598B8 [3968] C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9A5C000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF070000 C:\WINDOWS\System32\ialmdd5.DLL 901120 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB9BEA000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 831488 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAB2B8000 C:\WINDOWS\system32\DRIVERS\NSKernel.sys 786432 bytes (NovaShield, Inc., NovaShield Kernel Module )
0xB34BE000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xB99B5000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAB0A6000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAB121000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB33F8000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAB22C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAADBD000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAA1A2000 C:\WINDOWS\system32\DRIVERS\Trufos.sys 344064 bytes (BitDefender S.R.L., Trufos Kernel Module)
0xBF14C000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA8CC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB347E000 C:\WINDOWS\system32\DRIVERS\afwcore.sys 262144 bytes (Agnitum Ltd., Agnitum Firewall Core Driver)
0xB3595000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB9B7E000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBF040000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAAEDD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7434000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAB191000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAB204000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB998F000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xAB1BC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9FEB000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB3571000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9BB2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9B5B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAB1E2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF741A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAB060000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xAB08E000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7461000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB3467000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAB078000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xAB04A000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7478000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xAA7EF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB35D5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9BD6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAB285000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF748E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB3456000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
!!!!!!!!!!!Hidden driver: 0xBA70F000 00002797 65536 bytes
0xB9135000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB4113000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB40F3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB4103000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB9105000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB3B33000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB3B13000 C:\WINDOWS\system32\DRIVERS\BdSpy.sys 57344 bytes (BullGuard Ltd., BullGuard File Monitor (x86))
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9E52000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB3BA3000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9185000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB3B83000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB5841000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB4123000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB3B93000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7697000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB3B53000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB3B63000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAA6B9000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB57F1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA71F000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB3B73000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9155000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB5831000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7777000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xB9CF5000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB63F6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB9CFD000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB3FD9000 C:\WINDOWS\system32\DRIVERS\afw.sys 28672 bytes (Agnitum Ltd., Agnitum Firewall NDIS Driver)
0xF7817000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB4BFB000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB6416000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB3FB9000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 28672 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xF774F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB4C0B000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xB3FE1000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF779F000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xB3FA9000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB3FA1000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB9CD5000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF773F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7737000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB3FB1000 C:\WINDOWS\system32\DRIVERS\gttap1.sys 20480 bytes (GoTrusted, TAP Virtual Ethernet Driver)
0xF7757000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB3FC9000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB3FC1000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB3FD1000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF778F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB6428000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7947000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB3F2D000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB4AD9000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA7D8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB35F1000 C:\WINDOWS\system32\DRIVERS\NSNetmon.sys 16384 bytes (NovaShield, Inc., NovaShield Kernel Module )
0xB4AE5000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA7DC000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF793F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9D0D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB3609000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xAAEA5000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA7FC000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB4ADD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB35FD000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAAC41000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xB35ED000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF798D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79FB000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79A5000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF799B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7991000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7993000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7995000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A09000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF798F000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB4267000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB6424000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB4262000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB37F8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 AM

Posted 15 March 2012 - 01:14 AM

Hello boocat and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________


I am really dumb and don't know what to do.

Don't be so hard on yourself! You knew what your limits were with this, and knew to seek out the assistance of someone to address the issue.


It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 15 March 2012 - 01:34 AM

OTL logfile created on: 3/14/2012 11:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\boocat13\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.24 Gb Available Physical Memory | 19.49% Memory free
1.69 Gb Paging File | 0.98 Gb Available in Paging File | 57.90% Paging File free
Paging file location(s): C:\pagefile.sys 600 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 22.54 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
Drive D: | 18.05 Gb Total Space | 17.97 Gb Free Space | 99.54% Space Free | Partition Type: NTFS
Drive E: | 0.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D34XMCB1 | User Name: boocat13 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/14 23:12:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boocat13\Desktop\OTL.exe
PRC - [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/28 11:59:57 | 000,175,456 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2012/02/28 11:59:55 | 000,299,360 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
PRC - [2012/02/28 11:59:47 | 001,710,944 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
PRC - [2012/02/28 10:50:15 | 000,285,536 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2009/04/10 13:23:02 | 000,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2008/04/13 17:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 18:45:07 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 02:21:42 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 02:21:41 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 02:20:17 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 02:20:16 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 02:20:15 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/09 22:56:11 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2012/02/15 17:02:58 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/02/15 08:51:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 08:50:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 08:44:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 06:04:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 05:23:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/01/12 02:19:20 | 000,028,288 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
MOD - [2011/12/08 07:23:58 | 000,013,952 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
MOD - [2011/11/09 02:23:36 | 000,066,688 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/12 03:48:57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/10 00:53:44 | 000,022,144 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
MOD - [2011/07/19 10:02:06 | 000,482,648 | ---- | M] () -- c:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
MOD - [2011/07/19 10:02:06 | 000,450,392 | ---- | M] () -- c:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
MOD - [2011/07/19 10:02:06 | 000,073,048 | ---- | M] () -- c:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2011/07/19 10:02:06 | 000,057,176 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\libbz2.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/04/10 13:23:08 | 000,097,320 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2007/11/01 18:45:07 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2007/11/01 18:45:05 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2005/07/18 12:25:48 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AlteraByteBlaster.dll -- (wwsecsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s3ssavage.dll -- (wpdusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsvcip.dll -- (vserial)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvsmu.dll -- (vmx86)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AEADIFilters.dll -- (vc8secs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (UPATC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adpu160m.dll -- (umxfwhlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (tosrfsnd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmdm.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bvrp_pci.dll -- (symmpi)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmtdi.dll -- (sqlserveragent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssfs0509.dll -- (sprtsvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atkkeyboardservice.dll -- (sonywbms)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaD10BA.dll -- (sonicwall_netextender)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avp.dll -- (sfusvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7core.dll -- (sfng32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\datunidr.dll -- (se58bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vcomm.dll -- (SE26mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrservice.dll -- (sandradatasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\umwdf.dll -- (s716unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecrpcservice.dll -- (s217bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alcxsens.dll -- (rwbackupsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Slntamr.dll -- (prohlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdrbsdrv.dll -- (pgfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igfx.dll -- (pelusblf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XFX_program.dll -- (pdagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (p2pgasvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Wdf01000.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpuidlep.dll -- (nvlddmkm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmpmsvc.dll -- (nv4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (NMSCFG)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nhcDriverDevice.dll -- (nipsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ALABULK.dll -- (Ndisipo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caili.dll -- (MTC0001_ESB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinHttpAutoProxySvc.dll -- (mssql$pinnaclesys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SaiNtHid.dll -- (msdv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (MREMP50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (mr7910)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssSrv.dll -- (mclogmanagerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pgsql-8.0.dll -- (lmimaint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transbaseservice.dll -- (livesrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\macformatservice.dll -- (lemsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raysat3_4_6_18server.dll -- (kservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GT680x.dll -- (KR10I)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hotspotshieldservice.dll -- (ivscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcq_device.dll -- (ithsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\athr.dll -- (ilicensesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\axinstsv.dll -- (googledesktopmanager)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pnkbstrk.dll -- (filemon701)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advantage.dll -- (Exportit)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58mdm.dll -- (dbmang)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vcommmgr.dll -- (cyberpowerups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATNT40K.dll -- (CTEXFIFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RR2IOMod.dll -- (cqmghost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll -- (cis1284)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Dnd5.dll -- (bc_ngn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntcharge.dll -- (axinstsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpcache.dll -- (atinrvxx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xnacc.dll -- (atimpab)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetMsmqActivator.dll -- (aswrdr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (AKSIFDH)
SRV - [2012/02/28 12:00:05 | 000,058,720 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2012/02/28 11:59:57 | 000,225,632 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2012/02/28 11:59:57 | 000,175,456 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2012/02/28 11:59:55 | 000,299,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2012/02/28 11:59:51 | 000,192,864 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2012/02/28 11:59:47 | 000,449,888 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2012/02/28 11:59:44 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2012/02/28 10:50:15 | 000,285,536 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2009/04/10 13:23:02 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/11/01 18:45:07 | 001,252,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/04 19:05:02 | 000,109,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/03/12 01:52:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/09 08:11:24 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2012/01/09 08:11:24 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2012/01/09 08:11:14 | 000,789,960 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2012/01/09 08:11:14 | 000,019,272 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2012/01/09 08:11:04 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2012/01/09 08:10:54 | 000,064,608 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/02/25 18:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/03/18 17:23:06 | 000,020,480 | ---- | M] (GoTrusted) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gttap1.sys -- (gttap1)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2006/09/27 17:12:30 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/09/15 11:24:46 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/13 01:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.foxnews.com/ [binary data]
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.legacy.com/obituaries/montereyherald/
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes,DefaultScope = {B9F0C42A-C26B-49BC-A302-101D9A40D58D}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{032BAAAD-3904-4562-92CC-25E6926CEA71}: "URL" = http://www.dogpile.com/info.dogpl.prefer/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111202&iesrc={referrer:source}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{B9F0C42A-C26B-49BC-A302-101D9A40D58D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\boocat\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: c:\program files\bullguard ltd\bullguard\Antiphishing\FF\antiphishing@bullguard\ [2012/02/28 10:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 01:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 22:25:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\support@easy-hide-ip.com: C:\Program Files\Easy-Hide-IP\ff-extension
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\program files\bullguard ltd\bullguard\backup\thunderbirdbkplugin [2012/02/28 10:45:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\program files\bullguard ltd\bullguard\Spamfilter\TbSpamfilter [2012/02/28 10:43:39 | 000,000,000 | ---D | M]

[2012/03/13 18:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 18:08:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/16 07:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\boocat\Application Data\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {91AE49E4-ECB0-49E4-80BB-15E99F38401E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BullGuard] c:\program files\bullguard ltd\bullguard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\JonDo [2011/12/11 03:46:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\boocat\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 351
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158136520987 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.net/checkmypc/includes/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56297B71-DAAA-4409-9E20-3A71029186A1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqrp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 23:12:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\boocat13\Desktop\OTL.exe
[2012/03/13 18:07:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/13 18:07:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/13 18:07:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/13 18:07:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/12 00:49:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/05 20:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/04 04:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\My Documents\My Kindle Content
[2012/03/04 03:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Desktop\zlib useless v
[2012/03/04 03:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Desktop\zlib1.dll is v.123
[2012/03/03 22:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zlib-1.2.6
[2012/03/03 11:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Desktop\original zlib dll
[2012/02/28 15:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Application Data\BullGuard
[2012/02/28 10:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\BullGuard
[2012/02/28 10:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BullGuard
[2012/02/28 10:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2012/02/28 10:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2012/02/28 10:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2012/02/25 01:24:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/24 22:52:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/24 22:52:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/24 22:52:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/24 22:52:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/24 22:50:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/24 22:49:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 17:33:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/02/24 17:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/02/23 21:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Start Menu\Programs\Google Chrome
[2012/02/22 22:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\My Documents\Mikeypics
[2012/02/22 09:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/22 04:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/02/21 23:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/21 23:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 23:25:00 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35A381EC-7A8F-40D0-BB6A-BF5AEDF84F53}.job
[2012/03/14 23:24:02 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
[2012/03/14 23:19:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
[2012/03/14 23:12:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boocat13\Desktop\OTL.exe
[2012/03/14 23:12:18 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FE1C0B0-44E8-46F5-A811-952F49C8C776}.job
[2012/03/14 22:56:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 21:19:47 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\RKUnhookerLE.EXE
[2012/03/14 20:24:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/14 20:24:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 20:24:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
[2012/03/14 12:44:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/14 12:43:01 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/14 12:42:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/14 12:42:48 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 10:08:23 | 000,142,620 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rowan felted tweed dk.jpg
[2012/03/14 10:07:20 | 000,149,948 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Cherished_Wisdom_2148.jpg
[2012/03/14 09:22:33 | 000,165,128 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\cardie.JPG
[2012/03/14 08:18:08 | 000,062,158 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\obamaflag2640.jpg
[2012/03/14 07:48:28 | 000,130,887 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rondo03.jpg
[2012/03/14 07:48:14 | 000,198,438 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rondo02.jpg
[2012/03/14 07:48:00 | 000,036,536 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rondo.jpg
[2012/03/14 07:45:55 | 000,050,624 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\converting needle sizes.jpg
[2012/03/14 07:19:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
[2012/03/14 06:53:45 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\needle_conversion.gif
[2012/03/14 05:05:20 | 000,054,438 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Helliwell Cardigan knit picks.jpg
[2012/03/13 19:40:37 | 000,042,954 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\wklnhst.dat
[2012/03/13 19:30:42 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 19:30:41 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Google Chrome.lnk
[2012/03/13 18:17:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/13 18:13:59 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 18:06:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/13 18:06:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/13 18:06:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/13 18:06:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/13 18:06:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/13 17:53:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/12 01:52:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/11 03:01:07 | 000,463,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 03:01:07 | 000,079,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/09 00:51:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/08 06:12:19 | 000,097,914 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\1930s Columbia__71_col4.jpg
[2012/03/08 05:24:55 | 000,640,346 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\howtoknit.pdf
[2012/03/08 05:22:55 | 000,786,846 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\vintage_knitting_tips.pdf
[2012/03/08 05:17:09 | 000,700,450 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\bestway_sleevelesspullover_720.pdf
[2012/03/08 05:09:54 | 000,986,834 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\leetarget_cardigan_5942.pdf
[2012/03/07 04:13:33 | 000,217,188 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Caput Helianthus.jpg
[2012/03/04 18:01:30 | 000,000,169 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2012/03/04 18:01:30 | 000,000,055 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/02/29 06:59:37 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\iTunes.lnk
[2012/02/29 04:40:02 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\OverDrive Media Console.lnk
[2012/02/28 10:45:45 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BullGuard.lnk
[2012/02/25 22:05:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/25 09:28:13 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\O1sSGhI.dat
[2012/02/24 16:25:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/02/18 01:12:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/15 14:01:50 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/02/15 04:17:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 21:20:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\RKUnhookerLE.EXE
[2012/03/14 10:08:51 | 000,142,620 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rowan felted tweed dk.jpg
[2012/03/14 10:07:26 | 000,149,948 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Cherished_Wisdom_2148.jpg
[2012/03/14 09:22:44 | 000,165,128 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\cardie.JPG
[2012/03/14 08:18:13 | 000,062,158 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\obamaflag2640.jpg
[2012/03/14 07:48:31 | 000,130,887 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rondo03.jpg
[2012/03/14 07:48:17 | 000,198,438 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rondo02.jpg
[2012/03/14 07:48:04 | 000,036,536 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rondo.jpg
[2012/03/14 07:46:06 | 000,050,624 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\converting needle sizes.jpg
[2012/03/14 06:53:49 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\needle_conversion.gif
[2012/03/14 05:06:03 | 000,054,438 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Helliwell Cardigan knit picks.jpg
[2012/03/09 20:57:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/08 06:12:17 | 000,097,914 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\1930s Columbia__71_col4.jpg
[2012/03/08 05:24:59 | 000,640,346 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\howtoknit.pdf
[2012/03/08 05:23:12 | 000,786,846 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\vintage_knitting_tips.pdf
[2012/03/08 05:17:33 | 000,700,450 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\bestway_sleevelesspullover_720.pdf
[2012/03/08 05:10:15 | 000,986,834 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\leetarget_cardigan_5942.pdf
[2012/03/07 04:13:33 | 000,217,188 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Caput Helianthus.jpg
[2012/03/04 02:22:55 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2012/02/29 06:59:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\iTunes.lnk
[2012/02/28 10:45:45 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BullGuard.lnk
[2012/02/25 01:26:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/25 01:25:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/24 22:52:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/24 22:52:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/24 22:52:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/24 22:52:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/24 22:52:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/24 10:03:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\O1sSGhI.dat
[2012/02/23 21:29:30 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Google Chrome.lnk
[2012/02/23 21:29:30 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/23 21:19:26 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
[2012/02/23 21:19:25 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
[2012/02/23 08:14:58 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
[2012/02/23 08:14:49 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
[2012/02/22 21:56:50 | 026,850,922 | ---- | C] () -- C:\Documents and Settings\boocat13\My Documents\mikey cute.bmp
[2012/02/21 23:34:07 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/18 01:12:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/14 19:07:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 19:07:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/03 05:15:11 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\AVRedirector.ini
[2012/02/03 05:15:11 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\AVRedirectorOff.ini
[2012/01/30 04:24:48 | 000,003,104 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/12/07 21:51:28 | 000,001,784 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/10/12 15:02:06 | 000,053,472 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D43E156

< End of report >

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 AM

Posted 15 March 2012 - 06:52 AM

Hi!

Do you have the other log files for me to review?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 16 March 2012 - 12:25 AM

#1. Did the TDSSKiller incorrectly the first time. Didn't remember to change the paramenters, and to not to hit "Cure", so I selected "Cure" on the "Virus.Win 32.ZAccess.c" in the object: "C:\WINDOWS\systems32\DEIVERS\serial.sys" before I rebooted the rig. (Sorry. I was too tired.)

Re-ran the TDSSKiller properly the second time. Remembered to change the parameters!Got a "Report" pop-up window, but the original "Start scan" window didn't change to "Reboot". It merely said "Start scan" still.

Here's the report. (I guess I will just manually reboot from the bottom left screen corner "Start" menu button before I run the next Farbar scan.)

#2.

21:53:07.0203 2716 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:53:07.0875 2716 ============================================================
21:53:07.0875 2716 Current date / time: 2012/03/15 21:53:07.0875
21:53:07.0875 2716 SystemInfo:
21:53:07.0875 2716
21:53:07.0875 2716 OS Version: 5.1.2600 ServicePack: 3.0
21:53:07.0875 2716 Product type: Workstation
21:53:07.0875 2716 ComputerName: D34XMCB1
21:53:07.0875 2716 UserName: boocat13
21:53:07.0875 2716 Windows directory: C:\WINDOWS
21:53:07.0875 2716 System windows directory: C:\WINDOWS
21:53:07.0875 2716 Processor architecture: Intel x86
21:53:07.0875 2716 Number of processors: 1
21:53:07.0875 2716 Page size: 0x1000
21:53:07.0875 2716 Boot type: Normal boot
21:53:07.0875 2716 ============================================================
21:53:11.0921 2716 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:53:11.0921 2716 \Device\Harddisk0\DR0:
21:53:11.0921 2716 MBR used
21:53:11.0921 2716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x696C1A1
21:53:11.0921 2716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x697BCA5, BlocksNum 0x2418834
21:53:12.0062 2716 Initialize success
21:53:12.0062 2716 ============================================================
21:53:51.0109 3908 ============================================================
21:53:51.0109 3908 Scan started
21:53:51.0109 3908 Mode: Manual; SigCheck; TDLFS;
21:53:51.0109 3908 ============================================================
21:53:51.0812 3908 Abiosdsk - ok
21:53:52.0187 3908 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:53:56.0593 3908 abp480n5 - ok
21:53:57.0078 3908 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:53:57.0375 3908 ACPI - ok
21:53:57.0734 3908 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:53:57.0953 3908 ACPIEC - ok
21:53:58.0390 3908 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:53:58.0625 3908 adpu160m - ok
21:53:59.0093 3908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:53:59.0375 3908 aec - ok
21:53:59.0828 3908 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:53:59.0968 3908 AFD - ok
21:54:00.0343 3908 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys
21:54:00.0578 3908 afw - ok
21:54:01.0109 3908 afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\DRIVERS\afwcore.sys
21:54:01.0234 3908 afwcore - ok
21:54:01.0671 3908 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:54:01.0890 3908 agp440 - ok
21:54:02.0312 3908 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:54:02.0531 3908 agpCPQ - ok
21:54:02.0968 3908 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:54:03.0062 3908 Aha154x - ok
21:54:03.0531 3908 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:54:03.0781 3908 aic78u2 - ok
21:54:04.0218 3908 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:54:04.0468 3908 aic78xx - ok
21:54:04.0921 3908 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:54:05.0125 3908 AliIde - ok
21:54:05.0562 3908 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:54:05.0796 3908 alim1541 - ok
21:54:06.0218 3908 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:54:06.0468 3908 amdagp - ok
21:54:06.0843 3908 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:54:06.0937 3908 amsint - ok
21:54:07.0390 3908 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:54:07.0609 3908 asc - ok
21:54:08.0046 3908 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:54:08.0156 3908 asc3350p - ok
21:54:08.0546 3908 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:54:08.0750 3908 asc3550 - ok
21:54:09.0156 3908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:54:09.0375 3908 AsyncMac - ok
21:54:09.0828 3908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:54:10.0031 3908 atapi - ok
21:54:10.0421 3908 Atdisk - ok
21:54:10.0828 3908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:54:11.0062 3908 Atmarpc - ok
21:54:11.0437 3908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:54:11.0640 3908 audstub - ok
21:54:12.0093 3908 BdSpy (42175a3b56922a8c9a294fa6f0b18344) C:\WINDOWS\system32\DRIVERS\BdSpy.sys
21:54:12.0140 3908 BdSpy - ok
21:54:12.0515 3908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:54:12.0796 3908 Beep - ok
21:54:13.0218 3908 bvrp_pci - ok
21:54:13.0625 3908 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:54:13.0843 3908 cbidf - ok
21:54:14.0218 3908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:54:14.0421 3908 cbidf2k - ok
21:54:14.0781 3908 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:54:15.0015 3908 CCDECODE - ok
21:54:15.0453 3908 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:54:15.0531 3908 cd20xrnt - ok
21:54:15.0937 3908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:54:16.0375 3908 Cdaudio - ok
21:54:16.0812 3908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:54:17.0093 3908 Cdfs - ok
21:54:17.0546 3908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:54:17.0781 3908 Cdrom - ok
21:54:18.0156 3908 Changer - ok
21:54:18.0562 3908 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:54:18.0781 3908 CmdIde - ok
21:54:19.0218 3908 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:54:19.0421 3908 Cpqarray - ok
21:54:19.0921 3908 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:54:20.0203 3908 dac2w2k - ok
21:54:20.0609 3908 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:54:20.0828 3908 dac960nt - ok
21:54:21.0250 3908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:54:21.0500 3908 Disk - ok
21:54:21.0875 3908 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:54:21.0937 3908 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:54:21.0937 3908 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:54:22.0343 3908 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:54:22.0375 3908 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:54:22.0375 3908 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:54:22.0765 3908 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:54:22.0796 3908 DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:54:22.0796 3908 DLADResN - detected UnsignedFile.Multi.Generic (1)
21:54:23.0171 3908 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:54:23.0250 3908 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:54:23.0250 3908 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:54:23.0640 3908 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:54:23.0687 3908 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:54:23.0687 3908 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:54:24.0046 3908 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:54:24.0078 3908 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:54:24.0078 3908 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:54:24.0500 3908 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:54:24.0546 3908 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:54:24.0546 3908 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:54:24.0937 3908 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:54:25.0000 3908 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:54:25.0000 3908 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:54:25.0359 3908 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:54:25.0437 3908 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:54:25.0437 3908 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:54:26.0140 3908 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:54:26.0765 3908 dmboot - ok
21:54:27.0265 3908 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:54:27.0562 3908 dmio - ok
21:54:27.0968 3908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:54:28.0187 3908 dmload - ok
21:54:28.0640 3908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:54:28.0875 3908 DMusic - ok
21:54:29.0328 3908 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:54:29.0562 3908 dpti2o - ok
21:54:29.0968 3908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:54:30.0187 3908 drmkaud - ok
21:54:30.0640 3908 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:54:30.0718 3908 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:54:30.0718 3908 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:54:31.0156 3908 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:54:31.0250 3908 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:54:31.0250 3908 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:54:31.0718 3908 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:54:31.0843 3908 E100B - ok
21:54:32.0328 3908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:54:32.0640 3908 Fastfat - ok
21:54:33.0078 3908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:54:33.0296 3908 Fdc - ok
21:54:33.0718 3908 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:54:33.0953 3908 Fips - ok
21:54:34.0375 3908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:54:34.0609 3908 Flpydisk - ok
21:54:35.0031 3908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:54:35.0296 3908 FltMgr - ok
21:54:35.0703 3908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:54:35.0921 3908 Fs_Rec - ok
21:54:36.0359 3908 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:54:36.0640 3908 Ftdisk - ok
21:54:37.0078 3908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:54:37.0093 3908 GEARAspiWDM - ok
21:54:37.0546 3908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:54:37.0765 3908 Gpc - ok
21:54:38.0187 3908 gttap1 (696099dee7610b726f61e26e4ec92aaf) C:\WINDOWS\system32\DRIVERS\gttap1.sys
21:54:38.0281 3908 gttap1 - ok
21:54:38.0734 3908 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
21:54:38.0765 3908 hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
21:54:38.0765 3908 hamachi_oem - detected UnsignedFile.Multi.Generic (1)
21:54:39.0203 3908 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:54:39.0406 3908 HidUsb - ok
21:54:39.0859 3908 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:54:40.0062 3908 hpn - ok
21:54:40.0531 3908 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:54:40.0781 3908 HPZid412 - ok
21:54:41.0218 3908 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:54:41.0406 3908 HPZipr12 - ok
21:54:41.0828 3908 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:54:42.0000 3908 HPZius12 - ok
21:54:42.0484 3908 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:54:42.0625 3908 HSFHWBS2 - ok
21:54:43.0359 3908 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:54:43.0984 3908 HSF_DP - ok
21:54:44.0515 3908 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:54:44.0734 3908 HTTP - ok
21:54:45.0125 3908 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:54:45.0343 3908 i2omgmt - ok
21:54:45.0765 3908 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:54:46.0000 3908 i2omp - ok
21:54:46.0375 3908 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:54:46.0640 3908 i8042prt - ok
21:54:47.0312 3908 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:54:47.0812 3908 ialm - ok
21:54:48.0250 3908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:54:48.0468 3908 Imapi - ok
21:54:48.0906 3908 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:54:49.0125 3908 ini910u - ok
21:54:49.0546 3908 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:54:49.0765 3908 IntelIde - ok
21:54:50.0171 3908 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:54:50.0390 3908 intelppm - ok
21:54:50.0859 3908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:54:51.0078 3908 Ip6Fw - ok
21:54:51.0468 3908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:54:51.0703 3908 IpFilterDriver - ok
21:54:52.0156 3908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:54:52.0343 3908 IpInIp - ok
21:54:52.0812 3908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:54:53.0093 3908 IpNat - ok
21:54:53.0531 3908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:54:53.0796 3908 IPSec - ok
21:54:54.0203 3908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:54:54.0312 3908 IRENUM - ok
21:54:54.0765 3908 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:54:55.0000 3908 isapnp - ok
21:54:55.0421 3908 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:54:55.0656 3908 Kbdclass - ok
21:54:56.0093 3908 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:54:56.0281 3908 kbdhid - ok
21:54:56.0734 3908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:54:56.0984 3908 kmixer - ok
21:54:57.0437 3908 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:54:57.0671 3908 KSecDD - ok
21:54:58.0078 3908 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:54:58.0109 3908 L8042Kbd - ok
21:54:58.0546 3908 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
21:54:58.0609 3908 L8042mou - ok
21:54:59.0000 3908 lbrtfdc - ok
21:54:59.0421 3908 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:54:59.0468 3908 LHidFilt - ok
21:54:59.0906 3908 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:54:59.0953 3908 LMouFilt - ok
21:55:00.0359 3908 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
21:55:00.0421 3908 LMouKE - ok
21:55:00.0796 3908 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:55:00.0859 3908 MBAMSwissArmy - ok
21:55:01.0250 3908 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:55:01.0312 3908 mdmxsdk - ok
21:55:01.0734 3908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:55:01.0953 3908 mnmdd - ok
21:55:02.0375 3908 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:55:02.0609 3908 Modem - ok
21:55:03.0015 3908 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:55:03.0234 3908 MODEMCSA - ok
21:55:03.0625 3908 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:55:03.0859 3908 Mouclass - ok
21:55:04.0281 3908 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:55:04.0515 3908 mouhid - ok
21:55:04.0937 3908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:55:05.0187 3908 MountMgr - ok
21:55:05.0593 3908 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
21:55:05.0734 3908 MR97310_USB_DUAL_CAMERA - ok
21:55:06.0109 3908 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:55:06.0328 3908 mraid35x - ok
21:55:06.0437 3908 MREMPR5 - ok
21:55:06.0468 3908 MRENDIS5 - ok
21:55:06.0890 3908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:55:07.0187 3908 MRxDAV - ok
21:55:07.0750 3908 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:55:08.0078 3908 MRxSmb - ok
21:55:08.0500 3908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:55:08.0734 3908 Msfs - ok
21:55:09.0125 3908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:55:09.0343 3908 MSKSSRV - ok
21:55:09.0796 3908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:55:10.0015 3908 MSPCLOCK - ok
21:55:10.0437 3908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:55:10.0656 3908 MSPQM - ok
21:55:11.0078 3908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:55:11.0296 3908 mssmbios - ok
21:55:11.0718 3908 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:55:11.0937 3908 MSTEE - ok
21:55:12.0375 3908 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:55:12.0515 3908 Mup - ok
21:55:12.0968 3908 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:55:13.0203 3908 NABTSFEC - ok
21:55:13.0656 3908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:55:14.0000 3908 NDIS - ok
21:55:14.0437 3908 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:55:14.0625 3908 NdisIP - ok
21:55:15.0062 3908 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:55:15.0140 3908 NdisTapi - ok
21:55:15.0500 3908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:55:15.0718 3908 Ndisuio - ok
21:55:16.0171 3908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:55:16.0390 3908 NdisWan - ok
21:55:16.0812 3908 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:55:16.0921 3908 NDProxy - ok
21:55:17.0296 3908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:55:17.0531 3908 NetBIOS - ok
21:55:18.0031 3908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:55:18.0312 3908 NetBT - ok
21:55:19.0031 3908 NovaShieldFilterDriver (cb9751585223a77785b915b0591d71f0) C:\WINDOWS\system32\DRIVERS\NSKernel.sys
21:55:19.0500 3908 NovaShieldFilterDriver - ok
21:55:19.0875 3908 NovaShieldTDIDriver (ed6af59b384a092e1c42df79b483b952) C:\WINDOWS\system32\DRIVERS\NSNetmon.sys
21:55:19.0906 3908 NovaShieldTDIDriver - ok
21:55:20.0312 3908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:55:20.0546 3908 Npfs - ok
21:55:21.0140 3908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:55:21.0640 3908 Ntfs - ok
21:55:22.0093 3908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:55:22.0312 3908 Null - ok
21:55:23.0406 3908 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:55:24.0718 3908 nv - ok
21:55:25.0187 3908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:55:25.0390 3908 NwlnkFlt - ok
21:55:25.0796 3908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:55:26.0000 3908 NwlnkFwd - ok
21:55:26.0437 3908 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:55:26.0687 3908 Parport - ok
21:55:27.0093 3908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:55:27.0312 3908 PartMgr - ok
21:55:27.0718 3908 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:55:27.0937 3908 ParVdm - ok
21:55:28.0375 3908 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:55:28.0734 3908 PCI - ok
21:55:29.0109 3908 PCIDump - ok
21:55:29.0515 3908 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:55:29.0718 3908 PCIIde - ok
21:55:30.0203 3908 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:55:31.0078 3908 Pcmcia - ok
21:55:31.0421 3908 PDCOMP - ok
21:55:31.0781 3908 PDFRAME - ok
21:55:32.0250 3908 PDRELI - ok
21:55:32.0609 3908 PDRFRAME - ok
21:55:33.0109 3908 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:55:33.0984 3908 perc2 - ok
21:55:34.0375 3908 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:55:34.0625 3908 perc2hib - ok
21:55:35.0140 3908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:55:35.0390 3908 PptpMiniport - ok
21:55:35.0843 3908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:55:36.0093 3908 PSched - ok
21:55:36.0500 3908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:55:36.0734 3908 Ptilink - ok
21:55:37.0218 3908 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:55:37.0250 3908 PxHelp20 - ok
21:55:37.0609 3908 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:55:37.0828 3908 ql1080 - ok
21:55:38.0265 3908 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:55:38.0484 3908 Ql10wnt - ok
21:55:38.0921 3908 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:55:39.0156 3908 ql12160 - ok
21:55:39.0578 3908 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:55:39.0812 3908 ql1240 - ok
21:55:40.0250 3908 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:55:40.0453 3908 ql1280 - ok
21:55:40.0859 3908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:55:41.0078 3908 RasAcd - ok
21:55:41.0531 3908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:55:41.0734 3908 Rasl2tp - ok
21:55:42.0171 3908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:55:42.0390 3908 RasPppoe - ok
21:55:42.0796 3908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:55:43.0015 3908 Raspti - ok
21:55:43.0437 3908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:55:43.0703 3908 Rdbss - ok
21:55:44.0109 3908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:55:44.0312 3908 RDPCDD - ok
21:55:44.0828 3908 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:55:45.0125 3908 rdpdr - ok
21:55:45.0531 3908 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:55:45.0656 3908 RDPWD - ok
21:55:46.0062 3908 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:55:46.0281 3908 redbook - ok
21:55:46.0765 3908 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
21:55:46.0812 3908 SDDMI2 ( UnsignedFile.Multi.Generic ) - warning
21:55:46.0812 3908 SDDMI2 - detected UnsignedFile.Multi.Generic (1)
21:55:47.0265 3908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:55:47.0375 3908 Secdrv - ok
21:55:48.0031 3908 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:55:48.0531 3908 senfilt - ok
21:55:48.0953 3908 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:55:49.0171 3908 serenum - ok
21:55:49.0609 3908 Serial (2e2fc3a9d9f5f9a938cf3e1af52ce8f2) C:\WINDOWS\system32\DRIVERS\serial.sys
21:55:49.0625 3908 Serial ( Virus.Win32.ZAccess.c ) - infected
21:55:49.0625 3908 Serial - detected Virus.Win32.ZAccess.c (0)
21:55:50.0078 3908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:55:50.0296 3908 Sfloppy - ok
21:55:50.0718 3908 Simbad - ok
21:55:51.0171 3908 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:55:51.0390 3908 sisagp - ok
21:55:51.0750 3908 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:55:52.0015 3908 SLIP - ok
21:55:52.0531 3908 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
21:55:52.0671 3908 smwdm - ok
21:55:53.0062 3908 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:55:53.0203 3908 Sparrow - ok
21:55:53.0609 3908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:55:53.0812 3908 splitter - ok
21:55:54.0234 3908 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:55:54.0375 3908 sr - ok
21:55:54.0859 3908 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:55:55.0218 3908 Srv - ok
21:55:55.0640 3908 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:55:55.0843 3908 streamip - ok
21:55:56.0203 3908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:55:56.0406 3908 swenum - ok
21:55:56.0796 3908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:55:57.0062 3908 swmidi - ok
21:55:57.0687 3908 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:55:57.0890 3908 symc810 - ok
21:55:58.0375 3908 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:55:58.0578 3908 symc8xx - ok
21:55:59.0015 3908 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
21:55:59.0046 3908 symlcbrd - ok
21:55:59.0484 3908 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:55:59.0703 3908 sym_hi - ok
21:56:00.0109 3908 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:56:00.0375 3908 sym_u3 - ok
21:56:00.0796 3908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:56:01.0046 3908 sysaudio - ok
21:56:01.0500 3908 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:56:01.0546 3908 tap0901 ( UnsignedFile.Multi.Generic ) - warning
21:56:01.0546 3908 tap0901 - detected UnsignedFile.Multi.Generic (1)
21:56:02.0046 3908 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:56:02.0375 3908 Tcpip - ok
21:56:02.0765 3908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:56:02.0984 3908 TDPIPE - ok
21:56:03.0437 3908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:56:03.0656 3908 TDTCP - ok
21:56:04.0062 3908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:56:04.0281 3908 TermDD - ok
21:56:04.0718 3908 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:56:04.0921 3908 TosIde - ok
21:56:05.0437 3908 Trufos (b1f9b01f90f08ed91af5a7d3ed66148c) C:\WINDOWS\system32\DRIVERS\Trufos.sys
21:56:05.0593 3908 Trufos - ok
21:56:06.0062 3908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:56:06.0453 3908 Udfs - ok
21:56:06.0890 3908 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:56:07.0187 3908 ultra - ok
21:56:07.0812 3908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:56:08.0296 3908 Update - ok
21:56:08.0734 3908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:56:08.0968 3908 usbccgp - ok
21:56:09.0406 3908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:56:09.0671 3908 usbehci - ok
21:56:10.0046 3908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:56:10.0281 3908 usbhub - ok
21:56:10.0718 3908 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:56:10.0921 3908 usbprint - ok
21:56:11.0390 3908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:56:11.0765 3908 usbscan - ok
21:56:12.0140 3908 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:56:12.0343 3908 USBSTOR - ok
21:56:12.0843 3908 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:56:13.0046 3908 usbuhci - ok
21:56:13.0500 3908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:56:13.0750 3908 VgaSave - ok
21:56:14.0187 3908 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:56:14.0390 3908 viaagp - ok
21:56:14.0890 3908 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:56:15.0062 3908 ViaIde - ok
21:56:15.0500 3908 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:56:15.0718 3908 VolSnap - ok
21:56:16.0140 3908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:56:16.0375 3908 Wanarp - ok
21:56:16.0765 3908 wanatw - ok
21:56:17.0343 3908 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:56:17.0640 3908 Wdf01000 - ok
21:56:18.0046 3908 WDICA - ok
21:56:18.0468 3908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:56:18.0718 3908 wdmaud - ok
21:56:19.0359 3908 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:56:19.0843 3908 winachsf - ok
21:56:20.0281 3908 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:56:20.0484 3908 WS2IFSL - ok
21:56:20.0906 3908 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:56:21.0125 3908 WSTCODEC - ok
21:56:21.0531 3908 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:56:21.0656 3908 WudfPf - ok
21:56:22.0234 3908 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:56:22.0312 3908 WudfRd - ok
21:56:22.0390 3908 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
21:56:22.0515 3908 \Device\Harddisk0\DR0 - ok
21:56:22.0546 3908 Boot (0x1200) (f33b2cdf6a5f07163dc7a5fa0d015fc9) \Device\Harddisk0\DR0\Partition0
21:56:22.0546 3908 \Device\Harddisk0\DR0\Partition0 - ok
21:56:22.0578 3908 Boot (0x1200) (33e900d779deaf7b0bd9ea9954390f25) \Device\Harddisk0\DR0\Partition1
21:56:22.0578 3908 \Device\Harddisk0\DR0\Partition1 - ok
21:56:22.0578 3908 ============================================================
21:56:22.0578 3908 Scan finished
21:56:22.0578 3908 ============================================================
21:56:22.0734 3820 Detected object count: 15
21:56:22.0734 3820 Actual detected object count: 15
21:59:43.0500 3820 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0515 3820 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0515 3820 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0515 3820 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0515 3820 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0515 3820 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0515 3820 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0515 3820 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0531 3820 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0531 3820 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0531 3820 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0531 3820 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0531 3820 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0531 3820 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0531 3820 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0531 3820 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0531 3820 hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0531 3820 hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0531 3820 SDDMI2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0546 3820 SDDMI2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:43.0546 3820 Serial ( Virus.Win32.ZAccess.c ) - skipped by user
21:59:43.0546 3820 Serial ( Virus.Win32.ZAccess.c ) - User select action: Skip
21:59:43.0546 3820 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:43.0546 3820 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:26.0890 1024 ============================================================
22:00:26.0890 1024 Scan started
22:00:26.0890 1024 Mode: Manual; SigCheck; TDLFS;
22:00:26.0890 1024 ============================================================
22:00:27.0578 1024 Abiosdsk - ok
22:00:27.0968 1024 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:00:28.0406 1024 abp480n5 - ok
22:00:28.0875 1024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:00:29.0062 1024 ACPI - ok
22:00:29.0468 1024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:00:29.0703 1024 ACPIEC - ok
22:00:30.0156 1024 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:00:30.0421 1024 adpu160m - ok
22:00:30.0875 1024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:00:31.0312 1024 aec - ok
22:00:31.0796 1024 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:00:31.0906 1024 AFD - ok
22:00:32.0296 1024 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys
22:00:32.0328 1024 afw - ok
22:00:32.0765 1024 afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\DRIVERS\afwcore.sys
22:00:32.0781 1024 afwcore - ok
22:00:33.0203 1024 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:00:33.0437 1024 agp440 - ok
22:00:33.0843 1024 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:00:34.0046 1024 agpCPQ - ok
22:00:34.0468 1024 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:00:35.0265 1024 Aha154x - ok
22:00:35.0640 1024 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:00:36.0453 1024 aic78u2 - ok
22:00:36.0890 1024 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:00:37.0578 1024 aic78xx - ok
22:00:38.0046 1024 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:00:38.0265 1024 AliIde - ok
22:00:38.0703 1024 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:00:38.0937 1024 alim1541 - ok
22:00:39.0343 1024 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:00:39.0546 1024 amdagp - ok
22:00:40.0000 1024 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:00:40.0109 1024 amsint - ok
22:00:40.0500 1024 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:00:40.0687 1024 asc - ok
22:00:41.0078 1024 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:00:41.0187 1024 asc3350p - ok
22:00:41.0578 1024 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:00:41.0781 1024 asc3550 - ok
22:00:42.0250 1024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:00:42.0453 1024 AsyncMac - ok
22:00:42.0906 1024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:00:43.0093 1024 atapi - ok
22:00:43.0468 1024 Atdisk - ok
22:00:43.0890 1024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:00:44.0109 1024 Atmarpc - ok
22:00:44.0531 1024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:00:44.0734 1024 audstub - ok
22:00:45.0171 1024 BdSpy (42175a3b56922a8c9a294fa6f0b18344) C:\WINDOWS\system32\DRIVERS\BdSpy.sys
22:00:45.0203 1024 BdSpy - ok
22:00:45.0562 1024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:00:45.0765 1024 Beep - ok
22:00:46.0156 1024 bvrp_pci - ok
22:00:46.0515 1024 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:00:46.0703 1024 cbidf - ok
22:00:47.0109 1024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:00:47.0296 1024 cbidf2k - ok
22:00:47.0718 1024 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:00:47.0937 1024 CCDECODE - ok
22:00:48.0359 1024 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:00:48.0468 1024 cd20xrnt - ok
22:00:48.0906 1024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:00:49.0062 1024 Cdaudio - ok
22:00:49.0500 1024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:00:49.0718 1024 Cdfs - ok
22:00:50.0171 1024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:00:50.0375 1024 Cdrom - ok
22:00:50.0687 1024 Changer - ok
22:00:51.0109 1024 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:00:51.0312 1024 CmdIde - ok
22:00:51.0765 1024 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:00:52.0000 1024 Cpqarray - ok
22:00:52.0484 1024 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:00:52.0718 1024 dac2w2k - ok
22:00:53.0140 1024 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:00:53.0359 1024 dac960nt - ok
22:00:53.0828 1024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:00:54.0046 1024 Disk - ok
22:00:54.0437 1024 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:00:54.0468 1024 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
22:00:54.0468 1024 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
22:00:54.0890 1024 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:00:54.0921 1024 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
22:00:54.0921 1024 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
22:00:55.0265 1024 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:00:55.0281 1024 DLADResN ( UnsignedFile.Multi.Generic ) - warning
22:00:55.0281 1024 DLADResN - detected UnsignedFile.Multi.Generic (1)
22:00:55.0640 1024 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:00:55.0671 1024 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
22:00:55.0671 1024 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
22:00:56.0015 1024 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:00:56.0031 1024 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
22:00:56.0031 1024 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
22:00:56.0343 1024 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:00:56.0375 1024 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
22:00:56.0375 1024 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
22:00:56.0781 1024 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:00:56.0812 1024 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
22:00:56.0812 1024 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
22:00:57.0203 1024 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:00:57.0218 1024 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
22:00:57.0218 1024 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
22:00:57.0578 1024 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:00:57.0609 1024 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
22:00:57.0609 1024 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
22:00:58.0281 1024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:00:59.0046 1024 dmboot - ok
22:00:59.0500 1024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:00:59.0703 1024 dmio - ok
22:01:00.0140 1024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:00.0359 1024 dmload - ok
22:01:00.0796 1024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:01.0015 1024 DMusic - ok
22:01:01.0406 1024 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:01:01.0609 1024 dpti2o - ok
22:01:02.0031 1024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:02.0250 1024 drmkaud - ok
22:01:02.0687 1024 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:01:02.0718 1024 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
22:01:02.0718 1024 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
22:01:03.0125 1024 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:01:03.0156 1024 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
22:01:03.0156 1024 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
22:01:03.0625 1024 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:01:03.0671 1024 E100B - ok
22:01:04.0156 1024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:04.0328 1024 Fastfat - ok
22:01:04.0781 1024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:01:05.0031 1024 Fdc - ok
22:01:05.0718 1024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:01:05.0937 1024 Fips - ok
22:01:06.0359 1024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:01:06.0562 1024 Flpydisk - ok
22:01:07.0015 1024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:01:07.0218 1024 FltMgr - ok
22:01:07.0640 1024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:07.0859 1024 Fs_Rec - ok
22:01:08.0328 1024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:08.0531 1024 Ftdisk - ok
22:01:09.0000 1024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:01:09.0000 1024 GEARAspiWDM - ok
22:01:09.0375 1024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:09.0593 1024 Gpc - ok
22:01:10.0062 1024 gttap1 (696099dee7610b726f61e26e4ec92aaf) C:\WINDOWS\system32\DRIVERS\gttap1.sys
22:01:10.0109 1024 gttap1 - ok
22:01:10.0531 1024 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
22:01:10.0546 1024 hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
22:01:10.0546 1024 hamachi_oem - detected UnsignedFile.Multi.Generic (1)
22:01:10.0968 1024 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:11.0171 1024 HidUsb - ok
22:01:11.0593 1024 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:01:11.0796 1024 hpn - ok
22:01:12.0250 1024 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:01:12.0296 1024 HPZid412 - ok
22:01:12.0703 1024 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:01:12.0750 1024 HPZipr12 - ok
22:01:13.0171 1024 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:01:13.0218 1024 HPZius12 - ok
22:01:13.0656 1024 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:01:13.0687 1024 HSFHWBS2 - ok
22:01:14.0437 1024 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:01:14.0734 1024 HSF_DP - ok
22:01:15.0218 1024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:15.0281 1024 HTTP - ok
22:01:15.0656 1024 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:01:15.0875 1024 i2omgmt - ok
22:01:16.0296 1024 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:01:16.0500 1024 i2omp - ok
22:01:16.0921 1024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:01:17.0171 1024 i8042prt - ok
22:01:17.0812 1024 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:01:18.0015 1024 ialm - ok
22:01:18.0453 1024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:18.0656 1024 Imapi - ok
22:01:19.0093 1024 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:01:19.0312 1024 ini910u - ok
22:01:19.0734 1024 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:01:19.0937 1024 IntelIde - ok
22:01:20.0390 1024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:20.0562 1024 intelppm - ok
22:01:20.0953 1024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:01:21.0203 1024 Ip6Fw - ok
22:01:21.0625 1024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:21.0828 1024 IpFilterDriver - ok
22:01:22.0218 1024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:22.0406 1024 IpInIp - ok
22:01:22.0765 1024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:22.0968 1024 IpNat - ok
22:01:23.0421 1024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:23.0625 1024 IPSec - ok
22:01:24.0046 1024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:24.0156 1024 IRENUM - ok
22:01:24.0578 1024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:24.0765 1024 isapnp - ok
22:01:25.0203 1024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:25.0390 1024 Kbdclass - ok
22:01:25.0765 1024 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:25.0953 1024 kbdhid - ok
22:01:26.0437 1024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:26.0656 1024 kmixer - ok
22:01:27.0109 1024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:27.0156 1024 KSecDD - ok
22:01:27.0546 1024 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:01:27.0562 1024 L8042Kbd - ok
22:01:27.0968 1024 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
22:01:27.0984 1024 L8042mou - ok
22:01:28.0312 1024 lbrtfdc - ok
22:01:28.0734 1024 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:01:28.0750 1024 LHidFilt - ok
22:01:29.0156 1024 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:01:29.0187 1024 LMouFilt - ok
22:01:29.0546 1024 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
22:01:29.0562 1024 LMouKE - ok
22:01:29.0937 1024 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:01:29.0953 1024 MBAMSwissArmy - ok
22:01:30.0437 1024 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:01:30.0453 1024 mdmxsdk - ok
22:01:30.0875 1024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:31.0078 1024 mnmdd - ok
22:01:31.0500 1024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:01:31.0703 1024 Modem - ok
22:01:32.0093 1024 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:01:32.0312 1024 MODEMCSA - ok
22:01:32.0718 1024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:32.0921 1024 Mouclass - ok
22:01:33.0296 1024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:33.0500 1024 mouhid - ok
22:01:33.0921 1024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:34.0140 1024 MountMgr - ok
22:01:34.0578 1024 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
22:01:34.0609 1024 MR97310_USB_DUAL_CAMERA - ok
22:01:35.0031 1024 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:01:35.0296 1024 mraid35x - ok
22:01:35.0421 1024 MREMPR5 - ok
22:01:35.0453 1024 MRENDIS5 - ok
22:01:35.0906 1024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:36.0156 1024 MRxDAV - ok
22:01:36.0703 1024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:36.0828 1024 MRxSmb - ok
22:01:37.0281 1024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:37.0468 1024 Msfs - ok
22:01:37.0890 1024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:38.0093 1024 MSKSSRV - ok
22:01:38.0531 1024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:38.0718 1024 MSPCLOCK - ok
22:01:39.0125 1024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:39.0328 1024 MSPQM - ok
22:01:39.0750 1024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:39.0968 1024 mssmbios - ok
22:01:40.0390 1024 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:01:40.0640 1024 MSTEE - ok
22:01:41.0093 1024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:01:41.0156 1024 Mup - ok
22:01:41.0546 1024 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:01:41.0765 1024 NABTSFEC - ok
22:01:42.0359 1024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:42.0515 1024 NDIS - ok
22:01:42.0906 1024 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:01:43.0109 1024 NdisIP - ok
22:01:43.0515 1024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:43.0546 1024 NdisTapi - ok
22:01:44.0015 1024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:44.0218 1024 Ndisuio - ok
22:01:44.0671 1024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:44.0859 1024 NdisWan - ok
22:01:45.0312 1024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:45.0343 1024 NDProxy - ok
22:01:45.0812 1024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:46.0156 1024 NetBIOS - ok
22:01:46.0640 1024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:46.0859 1024 NetBT - ok
22:01:47.0578 1024 NovaShieldFilterDriver (cb9751585223a77785b915b0591d71f0) C:\WINDOWS\system32\DRIVERS\NSKernel.sys
22:01:47.0781 1024 NovaShieldFilterDriver - ok
22:01:48.0140 1024 NovaShieldTDIDriver (ed6af59b384a092e1c42df79b483b952) C:\WINDOWS\system32\DRIVERS\NSNetmon.sys
22:01:48.0171 1024 NovaShieldTDIDriver - ok
22:01:48.0546 1024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:48.0812 1024 Npfs - ok
22:01:49.0546 1024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:49.0843 1024 Ntfs - ok
22:01:50.0296 1024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:50.0468 1024 Null - ok
22:01:51.0562 1024 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:01:52.0562 1024 nv - ok
22:01:53.0046 1024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:53.0296 1024 NwlnkFlt - ok
22:01:53.0703 1024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:53.0937 1024 NwlnkFwd - ok
22:01:54.0359 1024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:54.0656 1024 Parport - ok
22:01:55.0078 1024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:55.0281 1024 PartMgr - ok
22:01:55.0750 1024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:56.0218 1024 ParVdm - ok
22:01:56.0656 1024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:56.0906 1024 PCI - ok
22:01:57.0406 1024 PCIDump - ok
22:01:57.0890 1024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:58.0296 1024 PCIIde - ok
22:01:58.0812 1024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:59.0093 1024 Pcmcia - ok
22:01:59.0500 1024 PDCOMP - ok
22:01:59.0828 1024 PDFRAME - ok
22:02:00.0187 1024 PDRELI - ok
22:02:00.0578 1024 PDRFRAME - ok
22:02:01.0015 1024 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:02:01.0250 1024 perc2 - ok
22:02:01.0671 1024 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:02:01.0968 1024 perc2hib - ok
22:02:02.0500 1024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:02:02.0765 1024 PptpMiniport - ok
22:02:03.0234 1024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:02:03.0640 1024 PSched - ok
22:02:04.0078 1024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:02:04.0390 1024 Ptilink - ok
22:02:04.0828 1024 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:02:04.0859 1024 PxHelp20 - ok
22:02:05.0312 1024 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:02:05.0546 1024 ql1080 - ok
22:02:05.0968 1024 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:02:06.0171 1024 Ql10wnt - ok
22:02:06.0765 1024 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:02:07.0046 1024 ql12160 - ok
22:02:07.0500 1024 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:02:07.0796 1024 ql1240 - ok
22:02:08.0234 1024 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:02:08.0531 1024 ql1280 - ok
22:02:08.0953 1024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:02:09.0140 1024 RasAcd - ok
22:02:09.0625 1024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:02:09.0843 1024 Rasl2tp - ok
22:02:10.0312 1024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:02:10.0500 1024 RasPppoe - ok
22:02:11.0078 1024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:02:11.0250 1024 Raspti - ok
22:02:11.0734 1024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:02:11.0937 1024 Rdbss - ok
22:02:12.0343 1024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:02:12.0546 1024 RDPCDD - ok
22:02:13.0046 1024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:02:13.0312 1024 rdpdr - ok
22:02:13.0875 1024 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:02:13.0921 1024 RDPWD - ok
22:02:14.0359 1024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:02:14.0546 1024 redbook - ok
22:02:15.0015 1024 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
22:02:15.0046 1024 SDDMI2 ( UnsignedFile.Multi.Generic ) - warning
22:02:15.0046 1024 SDDMI2 - detected UnsignedFile.Multi.Generic (1)
22:02:15.0500 1024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:02:15.0593 1024 Secdrv - ok
22:02:16.0265 1024 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
22:02:16.0484 1024 senfilt - ok
22:02:16.0859 1024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:02:17.0031 1024 serenum - ok
22:02:17.0468 1024 Serial (2e2fc3a9d9f5f9a938cf3e1af52ce8f2) C:\WINDOWS\system32\DRIVERS\serial.sys
22:02:17.0468 1024 Serial ( Virus.Win32.ZAccess.c ) - infected
22:02:17.0468 1024 Serial - detected Virus.Win32.ZAccess.c (0)
22:02:17.0843 1024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:02:18.0046 1024 Sfloppy - ok
22:02:18.0453 1024 Simbad - ok
22:02:19.0078 1024 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:02:19.0265 1024 sisagp - ok
22:02:19.0687 1024 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:02:19.0921 1024 SLIP - ok
22:02:20.0531 1024 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
22:02:20.0578 1024 smwdm - ok
22:02:21.0062 1024 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:02:21.0156 1024 Sparrow - ok
22:02:21.0562 1024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:02:21.0750 1024 splitter - ok
22:02:22.0250 1024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:02:22.0359 1024 sr - ok
22:02:22.0984 1024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:02:23.0093 1024 Srv - ok
22:02:23.0593 1024 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:02:23.0953 1024 streamip - ok
22:02:24.0375 1024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:02:24.0578 1024 swenum - ok
22:02:25.0000 1024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:02:25.0250 1024 swmidi - ok
22:02:25.0703 1024 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:02:26.0062 1024 symc810 - ok
22:02:26.0484 1024 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:02:26.0718 1024 symc8xx - ok
22:02:27.0218 1024 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
22:02:27.0281 1024 symlcbrd - ok
22:02:27.0703 1024 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:02:27.0968 1024 sym_hi - ok
22:02:28.0453 1024 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:02:28.0625 1024 sym_u3 - ok
22:02:29.0015 1024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:02:29.0187 1024 sysaudio - ok
22:02:29.0578 1024 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
22:02:29.0593 1024 tap0901 ( UnsignedFile.Multi.Generic ) - warning
22:02:29.0593 1024 tap0901 - detected UnsignedFile.Multi.Generic (1)
22:02:30.0109 1024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:02:30.0218 1024 Tcpip - ok
22:02:30.0593 1024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:02:30.0796 1024 TDPIPE - ok
22:02:31.0281 1024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:02:31.0453 1024 TDTCP - ok
22:02:31.0875 1024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:02:32.0078 1024 TermDD - ok
22:02:32.0531 1024 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:02:32.0734 1024 TosIde - ok
22:02:33.0218 1024 Trufos (b1f9b01f90f08ed91af5a7d3ed66148c) C:\WINDOWS\system32\DRIVERS\Trufos.sys
22:02:33.0234 1024 Trufos - ok
22:02:33.0609 1024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:02:33.0796 1024 Udfs - ok
22:02:34.0250 1024 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:02:34.0343 1024 ultra - ok
22:02:34.0875 1024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:02:35.0140 1024 Update - ok
22:02:35.0609 1024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:02:35.0796 1024 usbccgp - ok
22:02:36.0218 1024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:02:36.0390 1024 usbehci - ok
22:02:36.0828 1024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:02:37.0046 1024 usbhub - ok
22:02:37.0468 1024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:02:37.0640 1024 usbprint - ok
22:02:38.0031 1024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:02:38.0203 1024 usbscan - ok
22:02:38.0687 1024 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:02:38.0984 1024 USBSTOR - ok
22:02:39.0406 1024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:02:39.0593 1024 usbuhci - ok
22:02:40.0015 1024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:02:40.0203 1024 VgaSave - ok
22:02:40.0640 1024 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:02:40.0812 1024 viaagp - ok
22:02:41.0218 1024 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:02:41.0406 1024 ViaIde - ok
22:02:41.0781 1024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:02:42.0000 1024 VolSnap - ok
22:02:42.0484 1024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:02:42.0718 1024 Wanarp - ok
22:02:43.0093 1024 wanatw - ok
22:02:43.0625 1024 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:02:43.0734 1024 Wdf01000 - ok
22:02:44.0109 1024 WDICA - ok
22:02:44.0500 1024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:02:44.0687 1024 wdmaud - ok
22:02:45.0343 1024 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:02:45.0562 1024 winachsf - ok
22:02:46.0000 1024 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:02:46.0187 1024 WS2IFSL - ok
22:02:46.0562 1024 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:02:46.0734 1024 WSTCODEC - ok
22:02:47.0218 1024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:02:47.0250 1024 WudfPf - ok
22:02:47.0687 1024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:02:47.0718 1024 WudfRd - ok
22:02:47.0828 1024 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
22:02:47.0953 1024 \Device\Harddisk0\DR0 - ok
22:02:47.0984 1024 Boot (0x1200) (f33b2cdf6a5f07163dc7a5fa0d015fc9) \Device\Harddisk0\DR0\Partition0
22:02:47.0984 1024 \Device\Harddisk0\DR0\Partition0 - ok
22:02:48.0062 1024 Boot (0x1200) (33e900d779deaf7b0bd9ea9954390f25) \Device\Harddisk0\DR0\Partition1
22:02:48.0062 1024 \Device\Harddisk0\DR0\Partition1 - ok
22:02:48.0062 1024 ============================================================
22:02:48.0062 1024 Scan finished
22:02:48.0062 1024 ============================================================
22:02:48.0093 2380 Detected object count: 15
22:02:48.0093 2380 Actual detected object count: 15
22:03:25.0859 2380 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0859 2380 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0859 2380 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0859 2380 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0859 2380 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0859 2380 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0859 2380 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0859 2380 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0859 2380 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0859 2380 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0875 2380 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0875 2380 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0875 2380 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0875 2380 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0875 2380 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0875 2380 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0875 2380 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0875 2380 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0875 2380 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0875 2380 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0890 2380 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0890 2380 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0890 2380 hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0890 2380 hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0890 2380 SDDMI2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0890 2380 SDDMI2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:25.0890 2380 Serial ( Virus.Win32.ZAccess.c ) - skipped by user
22:03:25.0890 2380 Serial ( Virus.Win32.ZAccess.c ) - User select action: Skip
22:03:25.0890 2380 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:25.0890 2380 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#3. to follow directly after I reboot.

Here is Farbar, ######################################## 3:

Farbar Service Scanner Version: 01-03-2012
Ran by boocat13 (administrator) on 15-03-2012 at 23:24:38
Running from "C:\Documents and Settings\boocat13\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NovaShieldTDIDriver(1) PSched(7) Tcpip(3)
0x06000000040000000300000005000000050000000600000001000000
IpSec Tag value is correct.

**** End of log ****

#4, OTL next...

Edited by boocat, 16 March 2012 - 01:31 AM.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#6 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 16 March 2012 - 01:33 AM

#3 here:

Farbar Service Scanner Version: 01-03-2012
Ran by boocat13 (administrator) on 15-03-2012 at 23:24:38
Running from "C:\Documents and Settings\boocat13\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NovaShieldTDIDriver(1) PSched(7) Tcpip(3)
0x06000000040000000300000005000000050000000600000001000000
IpSec Tag value is correct.

**** End of log ****

#4, OTL to follow...

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#7 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 16 March 2012 - 02:47 AM

#4 OTL logs:


OTL logfile created on: 3/15/2012 11:38:29 PM - Run 2
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\boocat13\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 37.60% Memory free
1.69 Gb Paging File | 1.09 Gb Available in Paging File | 64.29% Paging File free
Paging file location(s): C:\pagefile.sys 600 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 22.49 Gb Free Space | 42.66% Space Free | Partition Type: NTFS
Drive D: | 18.05 Gb Total Space | 17.97 Gb Free Space | 99.54% Space Free | Partition Type: NTFS
Drive E: | 0.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D34XMCB1 | User Name: boocat13 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 23:23:09 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boocat13\Desktop\OTL.exe
PRC - [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/28 11:59:57 | 000,175,456 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2012/02/28 11:59:55 | 000,299,360 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
PRC - [2012/02/28 11:59:47 | 001,710,944 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
PRC - [2012/02/28 10:50:15 | 000,285,536 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2009/04/10 13:23:02 | 000,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 18:45:07 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 02:21:42 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 02:21:41 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 02:20:17 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 02:20:16 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 02:20:15 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/09 22:56:11 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2012/02/15 17:02:58 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/02/15 08:51:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 08:50:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 08:44:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/15 06:04:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 05:23:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/01/12 02:19:20 | 000,028,288 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
MOD - [2011/12/08 07:23:58 | 000,013,952 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
MOD - [2011/11/09 02:23:36 | 000,066,688 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/12 03:48:57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/10 00:53:44 | 000,022,144 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
MOD - [2011/07/19 10:02:06 | 000,482,648 | ---- | M] () -- c:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
MOD - [2011/07/19 10:02:06 | 000,450,392 | ---- | M] () -- c:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
MOD - [2011/07/19 10:02:06 | 000,073,048 | ---- | M] () -- c:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2011/07/19 10:02:06 | 000,057,176 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\libbz2.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/04/10 13:23:08 | 000,097,320 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2007/11/01 18:45:07 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2007/11/01 18:45:05 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2005/07/18 12:25:48 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gearaspiwdm.dll -- (yukonwlh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AlteraByteBlaster.dll -- (wwsecsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s3ssavage.dll -- (wpdusb)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (WNIPROT5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsvcip.dll -- (vserial)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvsmu.dll -- (vmx86)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avsvcmonitor.dll -- (Video3D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AEADIFilters.dll -- (vc8secs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symredrv.dll -- (VAIOMediaPlatform-VideoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btserial.dll -- (uscbs108)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fix.dll -- (UPATC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adpu160m.dll -- (umxfwhlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (tosrfsnd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmdm.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CnxTrUsb.dll -- (thkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bvrp_pci.dll -- (symmpi)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nimcdlbk.dll -- (ss_mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmtdi.dll -- (sqlserveragent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ssfs0509.dll -- (sprtsvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atkkeyboardservice.dll -- (sonywbms)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaD10BA.dll -- (sonicwall_netextender)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avp.dll -- (sfusvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avg7core.dll -- (sfng32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cbus.dll -- (servidor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvspydr2.dll -- (se59mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\datunidr.dll -- (se58bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agnfilt.dll -- (se45nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vcomm.dll -- (SE26mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vrservice.dll -- (sandradatasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aeclienthostservice.dll -- (samfilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KMWDFilter.dll -- (SaiMini)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\umwdf.dll -- (s716unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\centennialclientagent.dll -- (s3savagemx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecrpcservice.dll -- (s217bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lmouflt2.dll -- (s116mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alcxsens.dll -- (rwbackupsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanminiportservice.dll -- (rslinxng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winproxy.dll -- (rpaservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NIPALK.dll -- (rimmptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DgiVecp.dll -- (qhwscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\allegro.dll -- (qcdonner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Slntamr.dll -- (prohlp02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osanbm.dll -- (procmon10)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafeventrouter.dll -- (pnarp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdrbsdrv.dll -- (pgfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igfx.dll -- (pelusblf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XFX_program.dll -- (pdagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\proxyhostservice.dll -- (pchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcmsvc.dll -- (p2pgasvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Wdf01000.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpuidlep.dll -- (nvlddmkm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmpmsvc.dll -- (nv4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ifp800.dll -- (ntrtscan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fa_scheduler.dll -- (NOWMEMDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (NMSCFG)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nhcDriverDevice.dll -- (nipsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gearsecurity.dll -- (niorbk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicser_wmp11.dll -- (nimxdfk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ALABULK.dll -- (Ndisipo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ati2mtaa.dll -- (navap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIVXSTW.dll -- (mwssched)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caili.dll -- (MTC0001_ESB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinHttpAutoProxySvc.dll -- (mssql$pinnaclesys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SaiNtHid.dll -- (msdv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s24trans.dll -- (MREMP50a64)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (MREMP50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (mr7910)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mouclass.dll -- (Memctl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssSrv.dll -- (mclogmanagerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\antivirscheduler.dll -- (maya70docserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pgsql-8.0.dll -- (lmimaint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transbaseservice.dll -- (livesrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PTproct.dll -- (lilsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\macformatservice.dll -- (lemsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raysat3_4_6_18server.dll -- (kservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvalz.dll -- (KR3NPXP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GT680x.dll -- (KR10I)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupexecjobengine.dll -- (keriomailserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\coste.dll -- (JGOGO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hotspotshieldservice.dll -- (ivscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcq_device.dll -- (ithsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amoagent.dll -- (ISAMSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SSHDRV61.dll -- (ireike)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbt_device.dll -- (ipahelper.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\athr.dll -- (ilicensesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\axinstsv.dll -- (googledesktopmanager)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Pcatip.dll -- (gagp30kx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enxpsvc.dll -- (flashcomadmin)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pnkbstrk.dll -- (filemon701)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\advantage.dll -- (Exportit)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\radiosvr.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58mdm.dll -- (dbmang)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eeyeevnt.dll -- (dbmanagerscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vcommmgr.dll -- (cyberpowerups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATNT40K.dll -- (CTEXFIFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RR2IOMod.dll -- (cqmghost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll -- (cis1284)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tones.dll -- (CAMFLT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovsecurityserver.dll -- (bwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asmagent.dll -- (btwdndis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xusb21.dll -- (BRCMDECO)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Dnd5.dll -- (bc_ngn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntcharge.dll -- (axinstsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ktp.dll -- (avgems)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpcache.dll -- (atinrvxx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xnacc.dll -- (atimpab)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetMsmqActivator.dll -- (aswrdr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hclinetd.dll -- (ASNDIS5)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (AKSIFDH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UMPass.dll -- (agrsrvce)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CYGF32X.dll -- (aegisp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gs30s.dll -- ({834170a7-af3b-4d34-a757-e05eb29ee96d})
SRV - [2012/02/28 12:00:05 | 000,058,720 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2012/02/28 11:59:57 | 000,225,632 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2012/02/28 11:59:57 | 000,175,456 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2012/02/28 11:59:55 | 000,299,360 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2012/02/28 11:59:51 | 000,192,864 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2012/02/28 11:59:47 | 000,449,888 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2012/02/28 11:59:44 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2012/02/28 10:50:15 | 000,285,536 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2009/04/10 13:23:02 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/13 17:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\SPCtl.dll -- (rtl8029)
SRV - [2007/11/01 18:45:07 | 001,252,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/04 19:05:02 | 000,109,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2005/04/27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/03/15 18:06:37 | 000,064,512 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2012/03/12 01:52:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/09 08:11:24 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2012/01/09 08:11:24 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2012/01/09 08:11:14 | 000,789,960 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2012/01/09 08:11:14 | 000,019,272 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2012/01/09 08:11:04 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2012/01/09 08:10:54 | 000,064,608 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/02/25 18:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/03/18 17:23:06 | 000,020,480 | ---- | M] (GoTrusted) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gttap1.sys -- (gttap1)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/09/27 17:12:30 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/09/15 11:24:46 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/12/13 01:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.foxnews.com/ [binary data]
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.legacy.com/obituaries/montereyherald/
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes,DefaultScope = {B9F0C42A-C26B-49BC-A302-101D9A40D58D}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{032BAAAD-3904-4562-92CC-25E6926CEA71}: "URL" = http://www.dogpile.com/info.dogpl.prefer/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111202&iesrc={referrer:source}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\SearchScopes\{B9F0C42A-C26B-49BC-A302-101D9A40D58D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\boocat\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: c:\program files\bullguard ltd\bullguard\Antiphishing\FF\antiphishing@bullguard\ [2012/02/28 10:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 01:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/17 22:25:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\support@easy-hide-ip.com: C:\Program Files\Easy-Hide-IP\ff-extension
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\program files\bullguard ltd\bullguard\backup\thunderbirdbkplugin [2012/02/28 10:45:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\program files\bullguard ltd\bullguard\Spamfilter\TbSpamfilter [2012/02/28 10:43:39 | 000,000,000 | ---D | M]

[2012/03/13 18:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 18:08:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/16 07:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\boocat\Application Data\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Gmail = C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {91AE49E4-ECB0-49E4-80BB-15E99F38401E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BullGuard] c:\program files\bullguard ltd\bullguard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\JonDo [2011/12/11 03:46:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\boocat\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 351
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158136520987 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.net/checkmypc/includes/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56297B71-DAAA-4409-9E20-3A71029186A1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqrp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "usnjsvc"
MsConfig - Services: "Bonjour Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe - (Amazon.com)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^boocat13^Start Menu^Programs^Startup^PowerReg Scheduler.exe - - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: Launch LCDMon - hkey= - key= - File not found
MsConfig - StartUpReg: Launch LGDCore - hkey= - key= - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
MsConfig - StartUpReg: Launch LgDevAgt - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: VerizonServicepoint.exe - hkey= - key= - C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: 00844456.sys - Driver
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsMain - C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SafeBootMin: BsScanner - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: msdv - %systemroot%\system32\SaiNtHid.dll File not found
NetSvcs: s217bus - %systemroot%\system32\backupexecrpcservice.dll File not found
NetSvcs: wlidsvc - File not found
NetSvcs: axinstsv - %systemroot%\system32\ntcharge.dll File not found
NetSvcs: dashsvc - File not found
NetSvcs: rpskt - File not found
NetSvcs: vmx86 - %systemroot%\system32\nvsmu.dll File not found
NetSvcs: pelusblf - %systemroot%\system32\igfx.dll File not found
NetSvcs: tosrfsnd - %systemroot%\system32\qcdonner.dll File not found
NetSvcs: dbmang - %systemroot%\system32\se58mdm.dll File not found
NetSvcs: nipsvc - %systemroot%\system32\nhcDriverDevice.dll File not found
NetSvcs: aswrdr - %systemroot%\system32\NetMsmqActivator.dll File not found
NetSvcs: wpdusb - %systemroot%\system32\s3ssavage.dll File not found
NetSvcs: ilicensesvc - %systemroot%\system32\athr.dll File not found
NetSvcs: KR10I - %systemroot%\system32\GT680x.dll File not found
NetSvcs: MTC0001_ESB - %systemroot%\system32\caili.dll File not found
NetSvcs: p2pgasvc - %systemroot%\system32\npkcmsvc.dll File not found
NetSvcs: vc8secs - %systemroot%\system32\AEADIFilters.dll File not found
NetSvcs: pgfilter - %systemroot%\system32\cdrbsdrv.dll File not found
NetSvcs: sqlserveragent - %systemroot%\system32\tmtdi.dll File not found
NetSvcs: vserial - %systemroot%\system32\nsvcip.dll File not found
NetSvcs: sfusvc - %systemroot%\system32\avp.dll File not found
NetSvcs: googledesktopmanager - %systemroot%\system32\axinstsv.dll File not found
NetSvcs: livesrv - %systemroot%\system32\transbaseservice.dll File not found
NetSvcs: SE26mdfl - %systemroot%\system32\vcomm.dll File not found
NetSvcs: AKSIFDH - %systemroot%\system32\qmofiltr.dll File not found
NetSvcs: cqmghost - %systemroot%\system32\RR2IOMod.dll File not found
NetSvcs: wwsecsvc - %systemroot%\system32\AlteraByteBlaster.dll File not found
NetSvcs: sandradatasrv - %systemroot%\system32\vrservice.dll File not found
NetSvcs: cis1284 - %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll File not found
NetSvcs: sonywbms - %systemroot%\system32\atkkeyboardservice.dll File not found
NetSvcs: lemsgt - %systemroot%\system32\macformatservice.dll File not found
NetSvcs: bc_ngn - %systemroot%\system32\se2Dnd5.dll File not found
NetSvcs: KR3NPXP - %systemroot%\system32\tvalz.dll File not found
NetSvcs: JGOGO - %systemroot%\system32\coste.dll File not found
NetSvcs: VAIOMediaPlatform-VideoServer-HTTP - %systemroot%\system32\symredrv.dll File not found
NetSvcs: lilsgt - %systemroot%\system32\PTproct.dll File not found
NetSvcs: nimxdfk - %systemroot%\system32\nicser_wmp11.dll File not found
NetSvcs: samfilt - %systemroot%\system32\aeclienthostservice.dll File not found
NetSvcs: DSI_SiUSBXp_3_1 - %systemroot%\system32\radiosvr.dll File not found
NetSvcs: gagp30kx - %systemroot%\system32\Pcatip.dll File not found
NetSvcs: se45nd5 - %systemroot%\system32\agnfilt.dll File not found
NetSvcs: se59mdm - %systemroot%\system32\cvspydr2.dll File not found
NetSvcs: CAMFLT - %systemroot%\system32\tones.dll File not found
NetSvcs: rimmptsk - %systemroot%\system32\NIPALK.dll File not found
NetSvcs: avgems - %systemroot%\system32\Ktp.dll File not found
NetSvcs: NOWMEMDF - %systemroot%\system32\fa_scheduler.dll File not found
NetSvcs: thkeys - %systemroot%\system32\CnxTrUsb.dll File not found
NetSvcs: roammgr - File not found
NetSvcs: flashcomadmin - %systemroot%\system32\enxpsvc.dll File not found
NetSvcs: keriomailserver - %systemroot%\system32\backupexecjobengine.dll File not found
NetSvcs: qhwscsvc - %systemroot%\system32\DgiVecp.dll File not found
NetSvcs: ipahelper.exe - %systemroot%\system32\lxbt_device.dll File not found
NetSvcs: agrsrvce - %systemroot%\system32\UMPass.dll File not found
NetSvcs: ss_mdm - %systemroot%\system32\nimcdlbk.dll File not found
NetSvcs: qcdonner - %systemroot%\system32\allegro.dll File not found
NetSvcs: Memctl - %systemroot%\system32\mouclass.dll File not found
NetSvcs: BRCMDECO - %systemroot%\system32\xusb21.dll File not found
NetSvcs: Video3D - %systemroot%\system32\avsvcmonitor.dll File not found
NetSvcs: rtl8029 - C:\WINDOWS\system32\SPCtl.dll (Oak Technology Inc.)
NetSvcs: ASNDIS5 - %systemroot%\system32\hclinetd.dll File not found
NetSvcs: maya70docserver - %systemroot%\system32\antivirscheduler.dll File not found
NetSvcs: aegisp - %systemroot%\system32\CYGF32X.dll File not found
NetSvcs: navap - %systemroot%\system32\ati2mtaa.dll File not found
NetSvcs: ntrtscan - %systemroot%\system32\ifp800.dll File not found
NetSvcs: mwssched - %systemroot%\system32\ATIVXSTW.dll File not found
NetSvcs: s116mgmt - %systemroot%\system32\lmouflt2.dll File not found
NetSvcs: SaiMini - %systemroot%\system32\KMWDFilter.dll File not found
NetSvcs: MREMP50a64 - %systemroot%\system32\s24trans.dll File not found
NetSvcs: {834170a7-af3b-4d34-a757-e05eb29ee96d} - %systemroot%\system32\gs30s.dll File not found
NetSvcs: rslinxng - %systemroot%\system32\wanminiportservice.dll File not found
NetSvcs: procmon10 - %systemroot%\system32\osanbm.dll File not found
NetSvcs: btwdndis - %systemroot%\system32\asmagent.dll File not found
NetSvcs: dbmanagerscheduler - %systemroot%\system32\eeyeevnt.dll File not found
NetSvcs: ISAMSvc - %systemroot%\system32\amoagent.dll File not found
NetSvcs: s3savagemx - %systemroot%\system32\centennialclientagent.dll File not found
NetSvcs: niorbk - %systemroot%\system32\gearsecurity.dll File not found
NetSvcs: bwsvc - %systemroot%\system32\ovsecurityserver.dll File not found
NetSvcs: pnarp - %systemroot%\system32\cwafeventrouter.dll File not found
NetSvcs: uscbs108 - %systemroot%\system32\btserial.dll File not found
NetSvcs: pchost - %systemroot%\system32\proxyhostservice.dll File not found
NetSvcs: yukonwlh - %systemroot%\system32\gearaspiwdm.dll File not found
NetSvcs: servidor - %systemroot%\system32\SE2Cbus.dll File not found
NetSvcs: ireike - %systemroot%\system32\SSHDRV61.dll File not found
NetSvcs: rpaservice - %systemroot%\system32\winproxy.dll File not found
NetSvcs: lmimaint - %systemroot%\system32\pgsql-8.0.dll File not found
NetSvcs: pdagent - %systemroot%\system32\XFX_program.dll File not found
NetSvcs: sonicwall_netextender - %systemroot%\system32\CdaD10BA.dll File not found
NetSvcs: atimpab - %systemroot%\system32\xnacc.dll File not found
NetSvcs: se58bus - %systemroot%\system32\datunidr.dll File not found
NetSvcs: kservice - %systemroot%\system32\raysat3_4_6_18server.dll File not found
NetSvcs: lhidusb - %systemroot%\system32\dlacdbhm.dll File not found
NetSvcs: mssql$pinnaclesys - %systemroot%\system32\WinHttpAutoProxySvc.dll File not found
NetSvcs: nv4 - %systemroot%\system32\ibmpmsvc.dll File not found
NetSvcs: sfng32 - %systemroot%\system32\avg7core.dll File not found
NetSvcs: ivscheduler - %systemroot%\system32\hotspotshieldservice.dll File not found
NetSvcs: Exportit - %systemroot%\system32\advantage.dll File not found
NetSvcs: CTEXFIFX.DLL - %systemroot%\system32\ATNT40K.dll File not found
NetSvcs: sprtsvc_smartagent - %systemroot%\system32\ssfs0509.dll File not found
NetSvcs: UPATC - %systemroot%\system32\fix.dll File not found
NetSvcs: tosporte - %systemroot%\system32\SE2Dmdm.dll File not found
NetSvcs: atinrvxx - %systemroot%\system32\zpcache.dll File not found
NetSvcs: rwbackupsrv - %systemroot%\system32\alcxsens.dll File not found
NetSvcs: mr7910 - %systemroot%\system32\psadd.dll File not found
NetSvcs: MREMP50 - %systemroot%\system32\RecAgent.dll File not found
NetSvcs: NMSCFG - %systemroot%\system32\CdaC15BA.dll File not found
NetSvcs: ithsgt - %systemroot%\system32\dlcq_device.dll File not found
NetSvcs: OracleOraHome92ClientCache - %systemroot%\system32\Wdf01000.dll File not found
NetSvcs: filemon701 - %systemroot%\system32\pnkbstrk.dll File not found
NetSvcs: bc_ip_f - File not found
NetSvcs: umxfwhlp - %systemroot%\system32\adpu160m.dll File not found
NetSvcs: prohlp02 - %systemroot%\system32\Slntamr.dll File not found
NetSvcs: Ndisipo - %systemroot%\system32\ALABULK.dll File not found
NetSvcs: s716unic - %systemroot%\system32\umwdf.dll File not found
NetSvcs: nvlddmkm - %systemroot%\system32\cpuidlep.dll File not found
NetSvcs: symmpi - %systemroot%\system32\bvrp_pci.dll File not found
NetSvcs: mclogmanagerservice - %systemroot%\system32\HssSrv.dll File not found
NetSvcs: cyberpowerups - %systemroot%\system32\vcommmgr.dll File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 23:23:19 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\boocat13\Desktop\OTL.exe
[2012/03/15 18:03:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/15 03:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Application Data\com.amazon.music.uploader
[2012/03/15 03:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\My Documents\Amazon MP3 Uploader
[2012/03/15 01:25:41 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\boocat13\Desktop\tdsskiller.exe
[2012/03/13 18:07:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/13 18:07:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/13 18:07:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/13 18:07:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/12 00:49:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/05 20:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/04 04:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\My Documents\My Kindle Content
[2012/03/04 03:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Desktop\zlib useless v
[2012/03/04 03:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Desktop\zlib1.dll is v.123
[2012/03/03 22:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zlib-1.2.6
[2012/03/03 11:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Desktop\original zlib dll
[2012/02/28 15:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Application Data\BullGuard
[2012/02/28 10:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\BullGuard
[2012/02/28 10:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BullGuard
[2012/02/28 10:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2012/02/28 10:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2012/02/28 10:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd
[2012/02/25 01:24:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/24 22:52:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/24 22:52:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/24 22:52:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/24 22:52:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/24 22:50:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/24 22:49:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 17:33:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/02/24 17:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/02/23 21:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\Start Menu\Programs\Google Chrome
[2012/02/22 22:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boocat13\My Documents\Mikeypics
[2012/02/22 09:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/22 04:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/02/21 23:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/21 23:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/15 23:52:35 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0FE1C0B0-44E8-46F5-A811-952F49C8C776}.job
[2012/03/15 23:51:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/15 23:51:02 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35A381EC-7A8F-40D0-BB6A-BF5AEDF84F53}.job
[2012/03/15 23:24:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
[2012/03/15 23:23:09 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boocat13\Desktop\OTL.exe
[2012/03/15 23:19:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
[2012/03/15 22:56:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 22:34:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 22:33:41 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 22:32:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 22:32:26 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 20:24:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
[2012/03/15 17:24:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/15 16:41:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/15 10:11:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/15 03:47:05 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon MP3 Uploader.lnk
[2012/03/15 03:45:11 | 007,417,288 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\AmazonMP3UploaderInstaller-1.0.8._V136578432_.exe
[2012/03/15 01:25:54 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\FSS.exe
[2012/03/15 01:25:40 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\boocat13\Desktop\tdsskiller.exe
[2012/03/15 01:04:25 | 000,944,640 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\zeroaccess_analysis.pdf
[2012/03/14 21:19:47 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\RKUnhookerLE.EXE
[2012/03/14 10:08:23 | 000,142,620 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rowan felted tweed dk.jpg
[2012/03/14 10:07:20 | 000,149,948 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Cherished_Wisdom_2148.jpg
[2012/03/14 09:22:33 | 000,165,128 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\cardie.JPG
[2012/03/14 08:18:08 | 000,062,158 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\obamaflag2640.jpg
[2012/03/14 07:48:28 | 000,130,887 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rondo03.jpg
[2012/03/14 07:48:14 | 000,198,438 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rondo02.jpg
[2012/03/14 07:48:00 | 000,036,536 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\rondo.jpg
[2012/03/14 07:45:55 | 000,050,624 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\converting needle sizes.jpg
[2012/03/14 07:19:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
[2012/03/14 06:53:45 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\needle_conversion.gif
[2012/03/14 05:05:20 | 000,054,438 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Helliwell Cardigan knit picks.jpg
[2012/03/13 19:40:37 | 000,042,954 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\wklnhst.dat
[2012/03/13 19:30:42 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 19:30:41 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Google Chrome.lnk
[2012/03/13 18:13:59 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 18:06:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/13 18:06:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/13 18:06:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/13 18:06:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/13 18:06:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/13 17:53:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/12 01:52:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/11 03:01:07 | 000,463,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 03:01:07 | 000,079,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/08 06:12:19 | 000,097,914 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\1930s Columbia__71_col4.jpg
[2012/03/08 05:24:55 | 000,640,346 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\howtoknit.pdf
[2012/03/08 05:22:55 | 000,786,846 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\vintage_knitting_tips.pdf
[2012/03/08 05:17:09 | 000,700,450 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\bestway_sleevelesspullover_720.pdf
[2012/03/08 05:09:54 | 000,986,834 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\leetarget_cardigan_5942.pdf
[2012/03/07 04:13:33 | 000,217,188 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\Caput Helianthus.jpg
[2012/03/04 18:01:30 | 000,000,169 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2012/03/04 18:01:30 | 000,000,055 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/02/29 06:59:37 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\iTunes.lnk
[2012/02/29 04:40:02 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\boocat13\Desktop\OverDrive Media Console.lnk
[2012/02/28 10:45:45 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BullGuard.lnk
[2012/02/25 22:05:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/25 09:28:13 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\O1sSGhI.dat
[2012/02/24 16:25:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/02/18 01:12:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/15 14:01:50 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/02/15 04:17:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/15 03:47:06 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2012/03/15 03:47:05 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon MP3 Uploader.lnk
[2012/03/15 03:44:45 | 007,417,288 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\AmazonMP3UploaderInstaller-1.0.8._V136578432_.exe
[2012/03/15 01:25:54 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\FSS.exe
[2012/03/15 01:04:21 | 000,944,640 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\zeroaccess_analysis.pdf
[2012/03/14 21:20:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\RKUnhookerLE.EXE
[2012/03/14 10:08:51 | 000,142,620 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rowan felted tweed dk.jpg
[2012/03/14 10:07:26 | 000,149,948 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Cherished_Wisdom_2148.jpg
[2012/03/14 09:22:44 | 000,165,128 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\cardie.JPG
[2012/03/14 08:18:13 | 000,062,158 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\obamaflag2640.jpg
[2012/03/14 07:48:31 | 000,130,887 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rondo03.jpg
[2012/03/14 07:48:17 | 000,198,438 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rondo02.jpg
[2012/03/14 07:48:04 | 000,036,536 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\rondo.jpg
[2012/03/14 07:46:06 | 000,050,624 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\converting needle sizes.jpg
[2012/03/14 06:53:49 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\needle_conversion.gif
[2012/03/14 05:06:03 | 000,054,438 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Helliwell Cardigan knit picks.jpg
[2012/03/09 20:57:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/08 06:12:17 | 000,097,914 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\1930s Columbia__71_col4.jpg
[2012/03/08 05:24:59 | 000,640,346 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\howtoknit.pdf
[2012/03/08 05:23:12 | 000,786,846 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\vintage_knitting_tips.pdf
[2012/03/08 05:17:33 | 000,700,450 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\bestway_sleevelesspullover_720.pdf
[2012/03/08 05:10:15 | 000,986,834 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\leetarget_cardigan_5942.pdf
[2012/03/07 04:13:33 | 000,217,188 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Caput Helianthus.jpg
[2012/03/04 02:22:55 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2012/02/29 06:59:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\iTunes.lnk
[2012/02/28 10:45:45 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BullGuard.lnk
[2012/02/25 01:26:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/25 01:25:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/24 22:52:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/24 22:52:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/24 22:52:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/24 22:52:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/24 22:52:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/24 10:03:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\O1sSGhI.dat
[2012/02/23 21:29:30 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\boocat13\Desktop\Google Chrome.lnk
[2012/02/23 21:29:30 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/23 21:19:26 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
[2012/02/23 21:19:25 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
[2012/02/23 08:14:58 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
[2012/02/23 08:14:49 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
[2012/02/22 21:56:50 | 026,850,922 | ---- | C] () -- C:\Documents and Settings\boocat13\My Documents\mikey cute.bmp
[2012/02/21 23:34:07 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/18 01:12:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\boocat13\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/14 19:07:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 05:15:11 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\AVRedirector.ini
[2012/02/03 05:15:11 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\AVRedirectorOff.ini
[2012/01/30 04:24:48 | 000,003,104 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/12/07 21:51:28 | 000,001,784 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/10/12 15:02:06 | 000,053,472 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 10:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 10:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 10:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/01/09 08:11:24 | 000,034,280 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\drivers\afw.sys
[2012/01/09 08:11:24 | 000,267,624 | ---- | M] (Agnitum Ltd.) -- C:\WINDOWS\system32\drivers\afwcore.sys
[2012/01/09 08:10:54 | 000,064,608 | ---- | M] (BullGuard Ltd.) -- C:\WINDOWS\system32\drivers\BdSpy.sys
[2012/03/12 01:52:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2012/01/09 08:11:14 | 000,789,960 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\system32\drivers\NSKernel.sys
[2012/01/09 08:11:14 | 000,019,272 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\system32\drivers\NSNetmon.sys
[2012/01/09 09:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/01/09 08:11:04 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\system32\drivers\Trufos.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 06:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 08:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 03:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/04 03:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\i386\afd.sys
[2004/08/04 03:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\pebuilder3110a\BartPE\i386\system32\drivers\afd.sys
[2004/08/04 03:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 06:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 03:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/06/20 04:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 03:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 06:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011/08/17 06:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/09/15 15:04:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/15 15:04:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\i386\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\pebuilder3110a\BartPE\i386\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 03:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 03:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\pebuilder3110a\BartPE\i386\system32\winlogon.exe
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 07:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 07:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 07:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\shell\open\command\\: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 04:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 07:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 07:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 07:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\boocat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.boocat13\shell\open\command\\: "C:\Documents and Settings\boocat13\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/10 02:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 04:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB34263$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D43E156

< End of report >

second OTL log:


OTL Extras logfile created on: 3/15/2012 11:38:29 PM - Run 2
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\boocat13\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 37.60% Memory free
1.69 Gb Paging File | 1.09 Gb Available in Paging File | 64.29% Paging File free
Paging file location(s): C:\pagefile.sys 600 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 22.49 Gb Free Space | 42.66% Space Free | Partition Type: NTFS
Drive D: | 18.05 Gb Total Space | 17.97 Gb Free Space | 99.54% Space Free | Partition Type: NTFS
Drive E: | 0.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D34XMCB1 | User Name: boocat13 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.boocat13] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\pouyabgr.exe" = C:\WINDOWS\system32\pouyostic\xpnetdiag.exe
"C:\WINDOWS\system32\rucrgppt.exe" = C:\WINDOWS\system32\rucr\wmdc.exe
"C:\WINDOWS\system32\txhlncht.exe" = C:\WINDOWS\system32\txhl\wmdc.exe
"C:\WINDOWS\system32\tyhdpjkn.exe" = C:\WINDOWS\system32\tyhd\wmdc.exe
"C:\WINDOWS\system32\dxtweshc.exe" = C:\WINDOWS\system32\dxt
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59FD743D-A699-449E-8197-BD2899DAD69A}" = OverDrive Media Console
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}" = Windows Desktop Search 3.01
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEC93E6F-6E73-46BE-8152-59C66B272219}" = Deal Info
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon Kindle" = Amazon Kindle
"AudibleDownloadManager" = Audible Download Manager
"BullGuard" = BullGuard
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Encore LaunchPad_is1" = Encore LaunchPad 6.7.25.300
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"Peggle Deluxe" = Peggle Deluxe
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"Plants vs. Zombies" = Plants vs. Zombies
"PROSet" = Intel® PRO Network Adapters and Drivers
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1804308828-3233334788-2982936748-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2012 11:33:02 PM | Computer Name = D34XMCB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/5/2012 11:34:19 PM | Computer Name = D34XMCB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 3/5/2012 11:34:19 PM | Computer Name = D34XMCB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/5/2012 11:34:19 PM | Computer Name = D34XMCB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/7/2012 5:28:30 PM | Computer Name = D34XMCB1 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.4.1.10, faulting module
itunes.dll, version 10.4.1.10, fault address 0x0081beb3.

Error - 3/9/2012 1:27:01 PM | Computer Name = D34XMCB1 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.60.0.61, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00036822.

Error - 3/9/2012 3:16:47 PM | Computer Name = D34XMCB1 | Source = ESENT | ID = 485
Description = wuauclt (1140) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 3/9/2012 11:00:05 PM | Computer Name = D34XMCB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/9/2012 11:00:11 PM | Computer Name = D34XMCB1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/10/2012 8:30:58 AM | Computer Name = D34XMCB1 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Backupexecnamingservice service terminated with the following
error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Dcsloader service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Btcsrusb service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Retroexplauncher service terminated with the following error:
%%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The NVR0FLASHDev service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The SiSRaid2 service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Sandradatasrv service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Cercsr6 service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Iviregmgr service terminated with the following error: %%126

Error - 3/16/2012 1:33:31 AM | Computer Name = D34XMCB1 | Source = Service Control Manager | ID = 7023
Description = The Savscan service terminated with the following error: %%126


< End of report >

#5: Anecdotal performance report.

The rig is throwing up very few BullGuard interception announcement windows, as opposed to yesterday when the malware warning windows were very frequent.

Also, it is running faster and seems to go through almost everywhere, whereas yesterday, it kept telling me Chrome couldn't connect to whichever website, and to try "Reload"
Thanks again for your help!!! Bless you!

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 AM

Posted 16 March 2012 - 09:04 AM

Hi boocat!

#1. Did the TDSSKiller incorrectly the first time. Didn't remember to change the paramenters, and to not to hit "Cure", so I selected "Cure" on the "Virus.Win 32.ZAccess.c" in the object: "C:\WINDOWS\systems32\DEIVERS\serial.sys" before I rebooted the rig. (Sorry. I was too tired.)

Okay, that's not a problem.

We need to run a more powerful tool. This infection still has a strong grip on your computer.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 17 March 2012 - 03:24 AM

Here is the ComboFix scan thingee:


ComboFix 12-03-16.05 - boocat13 03/17/2012 0:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.841 [GMT -7:00]
Running from: c:\documents and settings\boocat13\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\boocat13\Recent\Thumbs.db
c:\documents and settings\boocat13\WINDOWS
c:\temp\fCOe
c:\temp\iee
c:\windows\system32\abgmfuhl.ini
c:\windows\system32\abmdodgf.ini
c:\windows\system32\affohnhf.ini
c:\windows\system32\arhskxpw.ini
c:\windows\system32\crmidefa.ini
c:\windows\system32\crwegywy.ini
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\dqkrlsqx.ini
c:\windows\system32\excarueh.ini
c:\windows\system32\fjiteeic.ini
c:\windows\system32\frqwtnrl.ini
c:\windows\system32\gscxburc.ini
c:\windows\system32\gvhgrrqq.ini
c:\windows\system32\ieilnxvo.ini
c:\windows\system32\ijaasxje.ini
c:\windows\system32\itrylvvk.ini
c:\windows\system32\izyxkrwq.dllbox
c:\windows\system32\jfvuxsmo.ini
c:\windows\system32\jmpgnfav.ini
c:\windows\system32\jtukduhr.ini
c:\windows\system32\lakvdflk.ini
c:\windows\system32\lujiokuf.ini
c:\windows\system32\myurcgph.ini
c:\windows\system32\ngbsufvl.ini
c:\windows\system32\njunrsgd.ini
c:\windows\system32\npepvith.ini
c:\windows\system32\nxvihmsf.ini
c:\windows\system32\o02PrEz
c:\windows\system32\onjoxgdw.ini
c:\windows\system32\pcktpgir.ini
c:\windows\system32\pewsilua.ini
c:\windows\system32\plsxpiti.ini
c:\windows\system32\prqss.bak1
c:\windows\system32\prqss.bak2
c:\windows\system32\prqss.ini
c:\windows\system32\prqss.ini2
c:\windows\system32\prqss.tmp
c:\windows\system32\pwdlqwhx.ini
c:\windows\system32\rjreeqol.ini
c:\windows\system32\setb0.tmp
c:\windows\system32\sneqinna.ini
c:\windows\system32\tgogypcl.ini
c:\windows\system32\uafokfae.ini
c:\windows\system32\uijvstsr.ini
c:\windows\system32\uvlubfcp.ini
c:\windows\system32\vcjjaebc.ini
c:\windows\system32\vcjjaebc.ini2
c:\windows\system32\vcjjaebc.tmp
c:\windows\system32\vhhjbfuh.ini
c:\windows\system32\vsjwrogi.ini
c:\windows\system32\vyidpksp.ini
c:\windows\system32\wdnuysew.ini
c:\windows\system32\wljwqllp.ini
c:\windows\system32\woemfgwq.ini
c:\windows\system32\wtbfgyni.ini
c:\windows\system32\xakjpnwt.ini
c:\windows\system32\xdukpavb.ini
c:\windows\system32\xfmubngw.ini
c:\windows\system32\xveajwuq.ini
c:\windows\system32\yciwtglx.ini
c:\windows\system32\yclpwckk.ini
c:\windows\system32\ytkeyvoh.ini
c:\windows\system32\ywkyilmq.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_DOMAINSERVICE
-------\Legacy_NETWORKLOG
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-16 01:03 . 2012-03-16 01:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 10:47 . 2012-03-15 10:47 -------- d-----w- c:\documents and settings\boocat13\Application Data\com.amazon.music.uploader
2012-03-14 01:07 . 2012-03-14 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 07:49 . 2012-03-12 08:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-06 03:35 . 2012-03-06 03:35 -------- d-----w- c:\program files\ESET
2012-03-04 09:22 . 2005-07-18 19:25 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-03-04 05:50 . 2012-03-04 05:51 -------- d-----w- c:\windows\system32\zlib-1.2.6
2012-03-03 06:49 . 2012-03-03 06:49 -------- d-----w- c:\documents and settings\MysticMeg
2012-03-02 12:53 . 2012-03-02 13:00 -------- d-----w- c:\documents and settings\Max\Application Data\BullGuard
2012-02-28 22:06 . 2012-03-06 04:12 -------- d-----w- c:\documents and settings\boocat13\Application Data\BullGuard
2012-02-28 17:48 . 2012-02-28 17:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\BullGuard
2012-02-28 17:41 . 2012-03-17 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2012-02-28 17:39 . 2012-02-28 17:39 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-02-28 17:38 . 2012-02-28 17:38 -------- d-----w- c:\program files\BullGuard Ltd
2012-02-25 00:33 . 2012-02-25 16:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-25 00:33 . 2012-02-25 00:33 -------- d-----w- c:\program files\Uniblue
2012-02-22 06:34 . 2012-03-15 23:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 06:22 . 2012-02-22 06:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-19 00:50 . 2012-02-19 00:50 -------- d-sh--w- c:\documents and settings\boocat\IECompatCache
2012-02-18 08:12 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:06 . 2011-05-15 01:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 00:53 . 2011-06-05 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 23:56 . 2011-12-08 04:44 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-01-11 19:06 . 2012-02-15 02:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-10 18:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-09 15:11 . 2012-01-09 15:11 34280 ----a-w- c:\windows\system32\drivers\afw.sys
2012-01-09 15:11 . 2012-01-09 15:11 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-01-09 15:11 . 2012-01-09 15:11 789960 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-01-09 15:11 . 2012-01-09 15:11 19272 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-01-09 15:11 . 2012-01-09 15:11 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-01-09 15:10 . 2012-01-09 15:10 64608 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2012-01-09 14:45 . 2012-01-09 14:45 100216 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2011-12-19 08:13 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2011-06-07 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-03-01 16:28 . 2009-03-01 16:25 463128 ----a-w- c:\program files\get.exe
2012-02-16 14:40 . 2012-02-18 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe" [2012-02-28 1710944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^boocat13^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\boocat13\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 19:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 09:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2006-07-23 01:22 1126400 ------w- c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2007-12-14 01:59 346648 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2006-02-02 02:33 1880064 ------w- c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\windows\system32\pouyabgr.exe"= c:\windows\system32\pou
"c:\windows\system32\rucrgppt.exe"= c:\windows\system32\ruc
"c:\windows\system32\txhlncht.exe"= c:\windows\system32\txh
"c:\windows\system32\tyhdpjkn.exe"= c:\windows\system32\tyh
"c:\windows\system32\dxtweshc.exe"= c:\windows\system32\dxt
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 136176]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 136176]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-09-28 10664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-12 40776]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-01-09 64608]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2012-01-09 789960]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2012-01-09 19272]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [2008-04-14 14336]
S2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2012-02-28 299360]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2008-04-14 14336]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2008-04-14 14336]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2008-04-14 14336]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2008-04-14 14336]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-02-28 175456]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-02-28 285536]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2012-01-09 34280]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-01-09 267624]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys [2008-03-19 20480]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsFire
BullGuard_Proxy REG_MULTI_SZ BsMailProxy
BullGuard_Backup REG_MULTI_SZ BsBackup
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
msdv
s217bus
wlidsvc
axinstsv
dashsvc
rpskt
vmx86
pelusblf
tosrfsnd
dbmang
nipsvc
aswrdr
wpdusb
ilicensesvc
KR10I
MTC0001_ESB
p2pgasvc
vc8secs
pgfilter
sqlserveragent
vserial
sfusvc
googledesktopmanager
livesrv
SE26mdfl
AKSIFDH
cqmghost
wwsecsvc
sandradatasrv
cis1284
sonywbms
lemsgt
bc_ngn
KR3NPXP
JGOGO
VAIOMediaPlatform-VideoServer-HTTP
lilsgt
nimxdfk
samfilt
DSI_SiUSBXp_3_1
gagp30kx
se45nd5
se59mdm
CAMFLT
rimmptsk
avgems
NOWMEMDF
thkeys
roammgr
flashcomadmin
keriomailserver
qhwscsvc
ipahelper.exe
agrsrvce
ss_mdm
qcdonner
Memctl
BRCMDECO
Video3D
rtl8029
ASNDIS5
maya70docserver
aegisp
navap
ntrtscan
mwssched
s116mgmt
SaiMini
MREMP50a64
{834170a7-af3b-4d34-a757-e05eb29ee96d}
rslinxng
procmon10
btwdndis
dbmanagerscheduler
ISAMSvc
s3savagemx
niorbk
bwsvc
pnarp
uscbs108
pchost
yukonwlh
servidor
ireike
rpaservice
lmimaint
pdagent
sonicwall_netextender
atimpab
se58bus
kservice
lhidusb
mssql$pinnaclesys
nv4
sfng32
ivscheduler
Exportit
CTEXFIFX.DLL
sprtsvc_smartagent
UPATC
tosporte
atinrvxx
rwbackupsrv
mr7910
MREMP50
NMSCFG
ithsgt
OracleOraHome92ClientCache
filemon701
bc_ip_f
umxfwhlp
prohlp02
Ndisipo
s716unic
nvlddmkm
symmpi
mclogmanagerservice
cyberpowerups
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 22:48]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 22:48]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
- c:\documents and settings\boocat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 15:13]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
- c:\documents and settings\boocat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 15:13]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
- c:\documents and settings\boocat13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-24 04:19]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
- c:\documents and settings\boocat13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-24 04:19]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{0FE1C0B0-44E8-46F5-A811-952F49C8C776}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{35A381EC-7A8F-40D0-BB6A-BF5AEDF84F53}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91AE49E4-ECB0-49E4-80BB-15E99F38401E} - (no file)
SafeBoot-00844456.sys
MSConfigStartUp-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 00:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\BGLsp.dll
.
- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\WININET.dll
c:\program files\bullguard ltd\bullguard\spamfilter\LittleHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-17 00:56:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 07:56
.
Pre-Run: 23,847,063,552 bytes free
Post-Run: 24,400,678,912 bytes free
.
- - End Of File - - FC2D37E2EEE52461B24F78CD8A873767

Thank you and happy St. Patrick's day!

p.s. I know I am supposed to delete the sets of duplicated files ComboFix made up before it ran
(I messed up and had to run it twice), but I am not sure how/where to find those duplicates.

Edited by boocat, 17 March 2012 - 05:25 AM.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 AM

Posted 17 March 2012 - 07:14 AM

Hi boocat!

Happy Saint Patty's day to you as well! :)

p.s. I know I am supposed to delete the sets of duplicated files ComboFix made up before it ran
(I messed up and had to run it twice), but I am not sure how/where to find those duplicates.

Could you elaborate on this a bit more? I'm not sure I follow you.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\windows\system32\pouyabgr.exe"=-
"c:\windows\system32\rucrgppt.exe"=-
"c:\windows\system32\txhlncht.exe"=-
"c:\windows\system32\tyhdpjkn.exe"=-
"c:\windows\system32\dxtweshc.exe"=-
File::
c:\windows\system32\dxtweshc.exe
c:\windows\system32\dxt
c:\windows\system32\tyh
c:\windows\system32\tyhdpjkn.exe
c:\windows\system32\txh
c:\windows\system32\txhlncht.exe
c:\windows\system32\ruc
c:\windows\system32\rucrgppt.exe
c:\windows\system32\pou
c:\windows\system32\pouyabgr.exe
c:\windows\system32\dds_trash_log.cmd

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 18 March 2012 - 02:50 AM

Here is the new ComboFix scan log:

ComboFix 12-03-16.05 - boocat13 03/17/2012 20:59:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.802 [GMT -7:00]
Running from: c:\documents and settings\boocat13\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\boocat13\Desktop\CFScript.txt
AV: BullGuard Antivirus *Enabled/Updated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *Enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\system32\dxt"
"c:\windows\system32\dxtweshc.exe"
"c:\windows\system32\pou"
"c:\windows\system32\pouyabgr.exe"
"c:\windows\system32\ruc"
"c:\windows\system32\rucrgppt.exe"
"c:\windows\system32\txh"
"c:\windows\system32\txhlncht.exe"
"c:\windows\system32\tyh"
"c:\windows\system32\tyhdpjkn.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\default_user_class.dat.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 01:03 . 2012-03-16 01:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 10:47 . 2012-03-15 10:47 -------- d-----w- c:\documents and settings\boocat13\Application Data\com.amazon.music.uploader
2012-03-14 01:07 . 2012-03-14 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 07:49 . 2012-03-12 08:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-06 03:35 . 2012-03-06 03:35 -------- d-----w- c:\program files\ESET
2012-03-04 09:22 . 2005-07-18 19:25 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-03-04 05:50 . 2012-03-04 05:51 -------- d-----w- c:\windows\system32\zlib-1.2.6
2012-03-03 06:49 . 2012-03-03 06:49 -------- d-----w- c:\documents and settings\MysticMeg
2012-03-02 12:53 . 2012-03-02 13:00 -------- d-----w- c:\documents and settings\Max\Application Data\BullGuard
2012-02-28 22:06 . 2012-03-06 04:12 -------- d-----w- c:\documents and settings\boocat13\Application Data\BullGuard
2012-02-28 17:48 . 2012-02-28 17:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\BullGuard
2012-02-28 17:41 . 2012-03-18 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2012-02-28 17:39 . 2012-02-28 17:39 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-02-28 17:38 . 2012-02-28 17:38 -------- d-----w- c:\program files\BullGuard Ltd
2012-02-25 00:33 . 2012-02-25 16:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-25 00:33 . 2012-02-25 00:33 -------- d-----w- c:\program files\Uniblue
2012-02-22 06:34 . 2012-03-15 23:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 06:22 . 2012-02-22 06:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-19 00:50 . 2012-02-19 00:50 -------- d-sh--w- c:\documents and settings\boocat\IECompatCache
2012-02-18 08:12 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:06 . 2011-05-15 01:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 00:53 . 2011-06-05 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 23:56 . 2011-12-08 04:44 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-01-11 19:06 . 2012-02-15 02:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-10 18:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-09 15:11 . 2012-01-09 15:11 34280 ----a-w- c:\windows\system32\drivers\afw.sys
2012-01-09 15:11 . 2012-01-09 15:11 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-01-09 15:11 . 2012-01-09 15:11 789960 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-01-09 15:11 . 2012-01-09 15:11 19272 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-01-09 15:11 . 2012-01-09 15:11 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-01-09 15:10 . 2012-01-09 15:10 64608 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2012-01-09 14:45 . 2012-01-09 14:45 100216 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2011-12-19 08:13 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2004-08-10 17:51 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2011-06-07 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-03-01 16:28 . 2009-03-01 16:25 463128 ----a-w- c:\program files\get.exe
2012-02-16 14:40 . 2012-02-18 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe" [2012-02-28 1710944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^boocat13^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\boocat13\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 19:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 09:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2006-07-23 01:22 1126400 ------w- c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2007-12-14 01:59 346648 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2006-02-02 02:33 1880064 ------w- c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\windows\system32\pouyabgr.exe"= c:\windows\system32\pou
"c:\windows\system32\rucrgppt.exe"= c:\windows\system32\ruc
"c:\windows\system32\txhlncht.exe"= c:\windows\system32\txh
"c:\windows\system32\tyhdpjkn.exe"= c:\windows\system32\tyh
"c:\windows\system32\dxtweshc.exe"= c:\windows\system32\dxt
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [1/9/2012 8:10 AM 64608]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [1/9/2012 8:11 AM 789960]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [1/9/2012 8:11 AM 19272]
R2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe -k BullGuard_Backup [8/10/2004 10:51 AM 14336]
R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [1/31/2012 6:47 AM 299360]
R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [8/10/2004 10:51 AM 14336]
R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [8/10/2004 10:51 AM 14336]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard_Proxy [8/10/2004 10:51 AM 14336]
R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [8/10/2004 10:51 AM 14336]
R2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2/2/2012 7:57 AM 175456]
R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [1/31/2012 6:47 AM 285536]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [1/9/2012 8:11 AM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [1/9/2012 8:11 AM 267624]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [3/18/2008 5:23 PM 20480]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/12/2012 12:49 AM 40776]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsFire
BullGuard_Proxy REG_MULTI_SZ BsMailProxy
BullGuard_Backup REG_MULTI_SZ BsBackup
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
msdv
s217bus
wlidsvc
axinstsv
dashsvc
rpskt
vmx86
pelusblf
tosrfsnd
dbmang
nipsvc
aswrdr
wpdusb
ilicensesvc
KR10I
MTC0001_ESB
p2pgasvc
vc8secs
pgfilter
sqlserveragent
vserial
sfusvc
googledesktopmanager
livesrv
SE26mdfl
AKSIFDH
cqmghost
wwsecsvc
sandradatasrv
cis1284
sonywbms
lemsgt
bc_ngn
KR3NPXP
JGOGO
VAIOMediaPlatform-VideoServer-HTTP
lilsgt
nimxdfk
samfilt
DSI_SiUSBXp_3_1
gagp30kx
se45nd5
se59mdm
CAMFLT
rimmptsk
avgems
NOWMEMDF
thkeys
roammgr
flashcomadmin
keriomailserver
qhwscsvc
ipahelper.exe
agrsrvce
ss_mdm
qcdonner
Memctl
BRCMDECO
Video3D
rtl8029
ASNDIS5
maya70docserver
aegisp
navap
ntrtscan
mwssched
s116mgmt
SaiMini
MREMP50a64
{834170a7-af3b-4d34-a757-e05eb29ee96d}
rslinxng
procmon10
btwdndis
dbmanagerscheduler
ISAMSvc
s3savagemx
niorbk
bwsvc
pnarp
uscbs108
pchost
yukonwlh
servidor
ireike
rpaservice
lmimaint
pdagent
sonicwall_netextender
atimpab
se58bus
kservice
lhidusb
mssql$pinnaclesys
nv4
sfng32
ivscheduler
Exportit
CTEXFIFX.DLL
sprtsvc_smartagent
UPATC
tosporte
atinrvxx
rwbackupsrv
mr7910
MREMP50
NMSCFG
ithsgt
OracleOraHome92ClientCache
filemon701
bc_ip_f
umxfwhlp
prohlp02
Ndisipo
s716unic
nvlddmkm
symmpi
mclogmanagerservice
cyberpowerups
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 22:48]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 22:48]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
- c:\documents and settings\boocat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 15:13]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
- c:\documents and settings\boocat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 15:13]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
- c:\documents and settings\boocat13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-24 04:19]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
- c:\documents and settings\boocat13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-24 04:19]
.
2012-03-18 c:\windows\Tasks\User_Feed_Synchronization-{0FE1C0B0-44E8-46F5-A811-952F49C8C776}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
2012-03-18 c:\windows\Tasks\User_Feed_Synchronization-{35A381EC-7A8F-40D0-BB6A-BF5AEDF84F53}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\BGLsp.dll
.
- - - - - - - > 'explorer.exe'(1048)
c:\windows\system32\WININET.dll
c:\program files\bullguard ltd\bullguard\spamfilter\LittleHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-17 21:36:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 04:36
ComboFix2.txt 2012-03-17 07:56
.
Pre-Run: 24,011,190,272 bytes free
Post-Run: 24,119,955,456 bytes free
.
- - End Of File - - AA22CE63554B1A25752BE2EF54D7437B

***********************************************************************************
An explanation of this dumb question:


------------ QUOTE ----------
p.s. I know I am supposed to delete the sets of duplicated files ComboFix made up before it ran
(I messed up and had to run it twice), but I am not sure how/where to find those duplicates.
-----------------------------


"Could you elaborate on this a bit more? I'm not sure I follow you."


This incoherent question came about as a result of my completely misunderstanding how ComboFix works.

I had previously run ComboFix on my own, without the direction of a tech - exactly what n00bs are never to do (as I unfortunately discovered subsequently.) This ill-conceived action by me had left a duplicate of the files to clean out.

Until earlier today, I had mistakenly believed ComboFix always left duplications to remove.

Sorry about wasting your time with that.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 AM

Posted 18 March 2012 - 04:56 AM

Hi!

Thanks for the clarificaton on that question, your explanation gives me a much better understanding of what you were referring to. :)

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\windows\system32\dds_trash_log.cmd
ClearJavaCache::
NetSvc::
msdv
s217bus
wlidsvc
axinstsv
dashsvc
rpskt
vmx86
pelusblf
tosrfsnd
dbmang
nipsvc
aswrdr
wpdusb
ilicensesvc
KR10I
MTC0001_ESB
p2pgasvc
vc8secs
pgfilter
sqlserveragent
vserial
sfusvc
googledesktopmanager
livesrv
SE26mdfl
AKSIFDH
cqmghost
wwsecsvc
sandradatasrv
cis1284
sonywbms
lemsgt
bc_ngn
KR3NPXP
JGOGO
VAIOMediaPlatform-VideoServer-HTTP
lilsgt
nimxdfk
samfilt
DSI_SiUSBXp_3_1
gagp30kx
se45nd5
se59mdm
CAMFLT
rimmptsk
avgems
NOWMEMDF
thkeys
roammgr
flashcomadmin
keriomailserver
qhwscsvc
ipahelper.exe
agrsrvce
ss_mdm
qcdonner
Memctl
BRCMDECO
Video3D
rtl8029
ASNDIS5
maya70docserver
aegisp
navap
ntrtscan
mwssched
s116mgmt
SaiMini
MREMP50a64
{834170a7-af3b-4d34-a757-e05eb29ee96d}
rslinxng
procmon10
btwdndis
dbmanagerscheduler
ISAMSvc
s3savagemx
niorbk
bwsvc
pnarp
uscbs108
pchost
yukonwlh
servidor
ireike
rpaservice
lmimaint
pdagent
sonicwall_netextender
atimpab
se58bus
kservice
lhidusb
mssql$pinnaclesys
nv4
sfng32
ivscheduler
Exportit
CTEXFIFX.DLL
sprtsvc_smartagent
UPATC
tosporte
atinrvxx
rwbackupsrv
mr7910
MREMP50
NMSCFG
ithsgt
OracleOraHome92ClientCache
filemon701
bc_ip_f
umxfwhlp
prohlp02
Ndisipo
s716unic
nvlddmkm
symmpi
mclogmanagerservice
cyberpowerups
Driver::
msdv
s217bus
wlidsvc
axinstsv
dashsvc
rpskt
vmx86
pelusblf
tosrfsnd
dbmang
nipsvc
aswrdr
wpdusb
ilicensesvc
KR10I
MTC0001_ESB
p2pgasvc
vc8secs
pgfilter
sqlserveragent
vserial
sfusvc
googledesktopmanager
livesrv
SE26mdfl
AKSIFDH
cqmghost
wwsecsvc
sandradatasrv
cis1284
sonywbms
lemsgt
bc_ngn
KR3NPXP
JGOGO
VAIOMediaPlatform-VideoServer-HTTP
lilsgt
nimxdfk
samfilt
DSI_SiUSBXp_3_1
gagp30kx
se45nd5
se59mdm
CAMFLT
rimmptsk
avgems
NOWMEMDF
thkeys
roammgr
flashcomadmin
keriomailserver
qhwscsvc
ipahelper.exe
agrsrvce
ss_mdm
qcdonner
Memctl
BRCMDECO
Video3D
rtl8029
ASNDIS5
maya70docserver
aegisp
navap
ntrtscan
mwssched
s116mgmt
SaiMini
MREMP50a64
{834170a7-af3b-4d34-a757-e05eb29ee96d}
rslinxng
procmon10
btwdndis
dbmanagerscheduler
ISAMSvc
s3savagemx
niorbk
bwsvc
pnarp
uscbs108
pchost
yukonwlh
servidor
ireike
rpaservice
lmimaint
pdagent
sonicwall_netextender
atimpab
se58bus
kservice
lhidusb
mssql$pinnaclesys
nv4
sfng32
ivscheduler
Exportit
CTEXFIFX.DLL
sprtsvc_smartagent
UPATC
tosporte
atinrvxx
rwbackupsrv
mr7910
MREMP50
NMSCFG
ithsgt
OracleOraHome92ClientCache
filemon701
bc_ip_f
umxfwhlp
prohlp02
Ndisipo
s716unic
nvlddmkm
symmpi
mclogmanagerservice
cyberpowerups
Driver::
msdv
s217bus
wlidsvc
axinstsv
dashsvc
rpskt
vmx86
pelusblf
tosrfsnd
dbmang
nipsvc
aswrdr
wpdusb
ilicensesvc
KR10I
MTC0001_ESB
p2pgasvc
vc8secs
pgfilter
sqlserveragent
vserial
sfusvc
googledesktopmanager
livesrv
SE26mdfl
AKSIFDH
cqmghost
wwsecsvc
sandradatasrv
cis1284
sonywbms
lemsgt
bc_ngn
KR3NPXP
JGOGO
VAIOMediaPlatform-VideoServer-HTTP
lilsgt
nimxdfk
samfilt
DSI_SiUSBXp_3_1
gagp30kx
se45nd5
se59mdm
CAMFLT
rimmptsk
avgems
NOWMEMDF
thkeys
roammgr
flashcomadmin
keriomailserver
qhwscsvc
ipahelper.exe
agrsrvce
ss_mdm
qcdonner
Memctl
BRCMDECO
Video3D
rtl8029
ASNDIS5
maya70docserver
aegisp
navap
ntrtscan
mwssched
s116mgmt
SaiMini
MREMP50a64
{834170a7-af3b-4d34-a757-e05eb29ee96d}
rslinxng
procmon10
btwdndis
dbmanagerscheduler
ISAMSvc
s3savagemx
niorbk
bwsvc
pnarp
uscbs108
pchost
yukonwlh
servidor
ireike
rpaservice
lmimaint
pdagent
sonicwall_netextender
atimpab
se58bus
kservice
lhidusb
mssql$pinnaclesys
nv4
sfng32
ivscheduler
Exportit
CTEXFIFX.DLL
sprtsvc_smartagent
UPATC
tosporte
atinrvxx
rwbackupsrv
mr7910
MREMP50
NMSCFG
ithsgt
OracleOraHome92ClientCache
filemon701
bc_ip_f
umxfwhlp
prohlp02
Ndisipo
s716unic
nvlddmkm
symmpi
mclogmanagerservice
cyberpowerups

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 19 March 2012 - 02:04 PM

Thank you so much for all your terrific help!! Here is the log:
***

ComboFix 12-03-16.05 - boocat13 03/19/2012 10:58:34.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.839 [GMT -7:00]
Running from: c:\documents and settings\boocat13\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\boocat13\Desktop\CFScript.txt
AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AEGISP
-------\Legacy_AGRSRVCE
-------\Legacy_AKSIFDH
-------\Legacy_ASNDIS5
-------\Legacy_ASWRDR
-------\Legacy_ATIMPAB
-------\Legacy_ATINRVXX
-------\Legacy_AVGEMS
-------\Legacy_AXINSTSV
-------\Legacy_BC_IP_F
-------\Legacy_BC_NGN
-------\Legacy_BRCMDECO
-------\Legacy_BTWDNDIS
-------\Legacy_BWSVC
-------\Legacy_CAMFLT
-------\Legacy_CIS1284
-------\Legacy_CQMGHOST
-------\Legacy_CTEXFIFX.DLL
-------\Legacy_CYBERPOWERUPS
-------\Legacy_DASHSVC
-------\Legacy_DBMANAGERSCHEDULER
-------\Legacy_DBMANG
-------\Legacy_DSI_SIUSBXP_3_1
-------\Legacy_EXPORTIT
-------\Legacy_FILEMON701
-------\Legacy_FLASHCOMADMIN
-------\Legacy_GAGP30KX
-------\Legacy_GOOGLEDESKTOPMANAGER
-------\Legacy_ILICENSESVC
-------\Legacy_IPAHELPER.EXE
-------\Legacy_IREIKE
-------\Legacy_ISAMSVC
-------\Legacy_ITHSGT
-------\Legacy_IVSCHEDULER
-------\Legacy_JGOGO
-------\Legacy_KERIOMAILSERVER
-------\Legacy_KR10I
-------\Legacy_KR3NPXP
-------\Legacy_KSERVICE
-------\Legacy_LEMSGT
-------\Legacy_LHIDUSB
-------\Legacy_LILSGT
-------\Legacy_LIVESRV
-------\Legacy_LMIMAINT
-------\Legacy_MAYA70DOCSERVER
-------\Legacy_MCLOGMANAGERSERVICE
-------\Legacy_MEMCTL
-------\Legacy_MR7910
-------\Legacy_MREMP50
-------\Legacy_MREMP50A64
-------\Legacy_MSDV
-------\Legacy_MSSQL$PINNACLESYS
-------\Legacy_MTC0001_ESB
-------\Legacy_MWSSCHED
-------\Legacy_NAVAP
-------\Legacy_NDISIPO
-------\Legacy_NIMXDFK
-------\Legacy_NIORBK
-------\Legacy_NIPSVC
-------\Legacy_NMSCFG
-------\Legacy_NOWMEMDF
-------\Legacy_NTRTSCAN
-------\Legacy_NV4
-------\Legacy_NVLDDMKM
-------\Legacy_ORACLEORAHOME92CLIENTCACHE
-------\Legacy_P2PGASVC
-------\Legacy_PCHOST
-------\Legacy_PDAGENT
-------\Legacy_PELUSBLF
-------\Legacy_PGFILTER
-------\Legacy_PNARP
-------\Legacy_PROHLP02
-------\Legacy_QCDONNER
-------\Legacy_QHWSCSVC
-------\Legacy_RIMMPTSK
-------\Legacy_ROAMMGR
-------\Legacy_RPASERVICE
-------\Legacy_RPSKT
-------\Legacy_RSLINXNG
-------\Legacy_RTL8029
-------\Legacy_RWBACKUPSRV
-------\Legacy_S116MGMT
-------\Legacy_S217BUS
-------\Legacy_S3SAVAGEMX
-------\Legacy_S716UNIC
-------\Legacy_SAIMINI
-------\Legacy_SAMFILT
-------\Legacy_SANDRADATASRV
-------\Legacy_SE26MDFL
-------\Legacy_SE45ND5
-------\Legacy_SE58BUS
-------\Legacy_SE59MDM
-------\Legacy_SERVIDOR
-------\Legacy_SFNG32
-------\Legacy_SFUSVC
-------\Legacy_SONICWALL_NETEXTENDER
-------\Legacy_SONYWBMS
-------\Legacy_SPRTSVC_SMARTAGENT
-------\Legacy_SQLSERVERAGENT
-------\Legacy_SS_MDM
-------\Legacy_SYMMPI
-------\Legacy_THKEYS
-------\Legacy_TOSPORTE
-------\Legacy_TOSRFSND
-------\Legacy_UMXFWHLP
-------\Legacy_UPATC
-------\Legacy_USCBS108
-------\Legacy_VAIOMEDIAPLATFORM-VIDEOSERVER-HTTP
-------\Legacy_VC8SECS
-------\Legacy_VIDEO3D
-------\Legacy_VMX86
-------\Legacy_VSERIAL
-------\Legacy_WPDUSB
-------\Legacy_WWSECSVC
-------\Legacy_YUKONWLH
-------\Legacy_{834170A7-AF3B-4D34-A757-E05EB29EE96D}
-------\Service_{834170a7-af3b-4d34-a757-e05eb29ee96d}
-------\Service_aegisp
-------\Service_agrsrvce
-------\Service_AKSIFDH
-------\Service_ASNDIS5
-------\Service_aswrdr
-------\Service_atimpab
-------\Service_atinrvxx
-------\Service_avgems
-------\Service_axinstsv
-------\Service_bc_ngn
-------\Service_BRCMDECO
-------\Service_btwdndis
-------\Service_bwsvc
-------\Service_CAMFLT
-------\Service_cis1284
-------\Service_cqmghost
-------\Service_CTEXFIFX.DLL
-------\Service_cyberpowerups
-------\Service_dbmanagerscheduler
-------\Service_dbmang
-------\Service_DSI_SiUSBXp_3_1
-------\Service_Exportit
-------\Service_filemon701
-------\Service_flashcomadmin
-------\Service_gagp30kx
-------\Service_googledesktopmanager
-------\Service_ilicensesvc
-------\Service_ipahelper.exe
-------\Service_ireike
-------\Service_ISAMSvc
-------\Service_ithsgt
-------\Service_ivscheduler
-------\Service_JGOGO
-------\Service_keriomailserver
-------\Service_KR10I
-------\Service_KR3NPXP
-------\Service_kservice
-------\Service_lemsgt
-------\Service_lhidusb
-------\Service_lilsgt
-------\Service_livesrv
-------\Service_lmimaint
-------\Service_maya70docserver
-------\Service_mclogmanagerservice
-------\Service_Memctl
-------\Service_mr7910
-------\Service_MREMP50
-------\Service_MREMP50a64
-------\Service_msdv
-------\Service_mssql$pinnaclesys
-------\Service_MTC0001_ESB
-------\Service_mwssched
-------\Service_navap
-------\Service_Ndisipo
-------\Service_nimxdfk
-------\Service_niorbk
-------\Service_nipsvc
-------\Service_NMSCFG
-------\Service_NOWMEMDF
-------\Service_ntrtscan
-------\Service_nv4
-------\Service_nvlddmkm
-------\Service_OracleOraHome92ClientCache
-------\Service_p2pgasvc
-------\Service_pchost
-------\Service_pdagent
-------\Service_pelusblf
-------\Service_pgfilter
-------\Service_pnarp
-------\Service_prohlp02
-------\Service_qcdonner
-------\Service_qhwscsvc
-------\Service_rimmptsk
-------\Service_rpaservice
-------\Service_rslinxng
-------\Service_rtl8029
-------\Service_rwbackupsrv
-------\Service_s116mgmt
-------\Service_s217bus
-------\Service_s3savagemx
-------\Service_s716unic
-------\Service_SaiMini
-------\Service_samfilt
-------\Service_sandradatasrv
-------\Service_SE26mdfl
-------\Service_se45nd5
-------\Service_se58bus
-------\Service_se59mdm
-------\Service_servidor
-------\Service_sfng32
-------\Service_sfusvc
-------\Service_sonicwall_netextender
-------\Service_sonywbms
-------\Service_sprtsvc_smartagent
-------\Service_sqlserveragent
-------\Service_ss_mdm
-------\Service_symmpi
-------\Service_thkeys
-------\Service_tosporte
-------\Service_tosrfsnd
-------\Service_umxfwhlp
-------\Service_UPATC
-------\Service_uscbs108
-------\Service_VAIOMediaPlatform-VideoServer-HTTP
-------\Service_vc8secs
-------\Service_Video3D
-------\Service_vmx86
-------\Service_vserial
-------\Service_wpdusb
-------\Service_wwsecsvc
-------\Service_yukonwlh
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-16 01:03 . 2012-03-16 01:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 10:47 . 2012-03-15 10:47 -------- d-----w- c:\documents and settings\boocat13\Application Data\com.amazon.music.uploader
2012-03-14 01:07 . 2012-03-14 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 07:49 . 2012-03-12 08:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-06 03:35 . 2012-03-06 03:35 -------- d-----w- c:\program files\ESET
2012-03-04 09:22 . 2005-07-18 19:25 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-03-04 05:50 . 2012-03-04 05:51 -------- d-----w- c:\windows\system32\zlib-1.2.6
2012-03-03 06:49 . 2012-03-03 06:49 -------- d-----w- c:\documents and settings\MysticMeg
2012-03-02 12:53 . 2012-03-02 13:00 -------- d-----w- c:\documents and settings\Max\Application Data\BullGuard
2012-02-28 22:06 . 2012-03-06 04:12 -------- d-----w- c:\documents and settings\boocat13\Application Data\BullGuard
2012-02-28 17:48 . 2012-02-28 17:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\BullGuard
2012-02-28 17:41 . 2012-03-19 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2012-02-28 17:39 . 2012-02-28 17:39 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-02-28 17:38 . 2012-02-28 17:38 -------- d-----w- c:\program files\BullGuard Ltd
2012-02-25 00:33 . 2012-02-25 16:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-25 00:33 . 2012-02-25 00:33 -------- d-----w- c:\program files\Uniblue
2012-02-22 06:34 . 2012-03-15 23:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-22 06:22 . 2012-02-22 06:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-19 00:50 . 2012-02-19 00:50 -------- d-sh--w- c:\documents and settings\boocat\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:06 . 2011-05-15 01:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 00:53 . 2011-06-05 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 23:56 . 2011-12-08 04:44 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-01-11 19:06 . 2012-02-15 02:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-10 18:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-09 15:11 . 2012-01-09 15:11 34280 ----a-w- c:\windows\system32\drivers\afw.sys
2012-01-09 15:11 . 2012-01-09 15:11 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-01-09 15:11 . 2012-01-09 15:11 789960 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-01-09 15:11 . 2012-01-09 15:11 19272 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-01-09 15:11 . 2012-01-09 15:11 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-01-09 15:10 . 2012-01-09 15:10 64608 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2012-01-09 14:45 . 2012-01-09 14:45 100216 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2009-03-01 16:28 . 2009-03-01 16:25 463128 ----a-w- c:\program files\get.exe
2012-02-16 14:40 . 2012-02-18 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"BullGuard"="c:\program files\bullguard ltd\bullguard\BullGuard.exe" [2012-02-28 1710944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^boocat13^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\boocat13\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 19:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 09:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2006-07-23 01:22 1126400 ------w- c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2007-12-14 01:59 346648 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2006-02-02 02:33 1880064 ------w- c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\windows\system32\pouyabgr.exe"= c:\windows\system32\pou
"c:\windows\system32\rucrgppt.exe"= c:\windows\system32\ruc
"c:\windows\system32\txhlncht.exe"= c:\windows\system32\txh
"c:\windows\system32\tyhdpjkn.exe"= c:\windows\system32\tyh
"c:\windows\system32\dxtweshc.exe"= c:\windows\system32\dxt
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [1/9/2012 8:10 AM 64608]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [1/9/2012 8:11 AM 789960]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [1/9/2012 8:11 AM 19272]
R2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe -k BullGuard_Backup [8/10/2004 10:51 AM 14336]
R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [1/31/2012 6:47 AM 299360]
R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [8/10/2004 10:51 AM 14336]
R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [8/10/2004 10:51 AM 14336]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard_Proxy [8/10/2004 10:51 AM 14336]
R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [8/10/2004 10:51 AM 14336]
R2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2/2/2012 7:57 AM 175456]
R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [1/31/2012 6:47 AM 285536]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [1/9/2012 8:11 AM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [1/9/2012 8:11 AM 267624]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [3/18/2008 5:23 PM 20480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 3:54 PM 136176]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe --> c:\program files\Fighters\FighterSuiteService.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/5/2010 3:54 PM 136176]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/12/2012 12:49 AM 40776]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsFire
BullGuard_Proxy REG_MULTI_SZ BsMailProxy
BullGuard_Backup REG_MULTI_SZ BsBackup
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 22:48]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-05 22:48]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006Core.job
- c:\documents and settings\boocat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 15:13]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1006UA.job
- c:\documents and settings\boocat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-23 15:13]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013Core.job
- c:\documents and settings\boocat13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-24 04:19]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804308828-3233334788-2982936748-1013UA.job
- c:\documents and settings\boocat13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-24 04:19]
.
2012-03-19 c:\windows\Tasks\User_Feed_Synchronization-{0FE1C0B0-44E8-46F5-A811-952F49C8C776}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
2012-03-19 c:\windows\Tasks\User_Feed_Synchronization-{35A381EC-7A8F-40D0-BB6A-BF5AEDF84F53}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-19 11:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1932)
c:\windows\system32\BGLsp.dll
.
- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\WININET.dll
c:\program files\bullguard ltd\bullguard\spamfilter\LittleHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-19 11:33:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 18:33
ComboFix2.txt 2012-03-18 04:36
ComboFix3.txt 2012-03-17 07:56
.
Pre-Run: 23,924,334,592 bytes free
Post-Run: 23,943,880,704 bytes free
.
- - End Of File - - 971825524DFA0BA4AF16A3AFD0FEB7DD

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:12 AM

Posted 20 March 2012 - 02:12 AM

Good Evening boocat!

Thank you so much for all your terrific help!! Here is the log:

Not a problem! I'm glad to be able to be of assistance. :)

Looks like some of this stuff isn't wanting to go away.

We'll need to run another script with ComboFix followed by another tool, so that I can have a better idea of what's going on with some of these files being recreated.

Be sure to let me know how things are running in your next reply.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
ClearJavaCache::
Rootkit::
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\pouyabgr.exe
c:\windows\system32\rucrgppt.exe
c:\windows\system32\txhlncht.exe
c:\windows\system32\tyhdpjkn.exe
c:\windows\system32\dxtweshc.exe
c:\windows\system32\pou
c:\windows\system32\ruc
c:\windows\system32\txh
c:\windows\system32\tyh
c:\windows\system32\dxt
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\windows\system32\pouyabgr.exe"=-
"c:\windows\system32\rucrgppt.exe"=-
"c:\windows\system32\txhlncht.exe"=-
"c:\windows\system32\tyhdpjkn.exe"=-
"c:\windows\system32\dxtweshc.exe"=-

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:12:12 AM

Posted 21 March 2012 - 09:35 AM

Here is the latest ComboFix log.

First, I wanted to tell you that our rig is running much more smoothly. Neither of us got one, single frozen screen box pop-up from Chrome telling us it couldn't connect to the website and asking us if we wanted to kill the page! I went to all my knitting sites with no trouble whatsoever.

[[It says this post is too long, so I will make it Part one log and Part two log.]]
UPDATE: Some time later... I'm having no luck cutting this in half...

PART ONE of the CBFix log:

ComboFix 12-03-16.05 - boocat13 03/21/2012 6:03.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.833 [GMT -7:00]
Running from: c:\documents and settings\boocat13\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\boocat13\Desktop\CFScript.txt
AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-16 01:03 . 2012-03-16 01:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 10:47 . 2012-03-15 10:47 -------- d-----w- c:\documents and settings\boocat13\Application Data\com.amazon.music.uploader
2012-03-14 01:07 . 2012-03-14 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 07:49 . 2012-03-12 08:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-06 03:35 . 2012-03-06 03:35 -------- d-----w- c:\program files\ESET
2012-03-04 09:22 . 2005-07-18 19:25 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-03-04 05:50 . 2012-03-04 05:51 -------- d-----w- c:\windows\system32\zlib-1.2.6
2012-03-03 06:49 . 2012-03-03 06:49 -------- d-----w- c:\documents and settings\MysticMeg
2012-03-02 12:53 . 2012-03-02 13:00 -------- d-----w- c:\documents and settings\Max\Application Data\BullGuard
2012-02-28 22:06 . 2012-03-06 04:12 -------- d-----w- c:\documents and settings\boocat13\Application Data\BullGuard
2012-02-28 17:48 . 2012-02-28 17:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\BullGuard
2012-02-28 17:41 . 2012-03-21 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BullGuard
2012-02-28 17:39 . 2012-02-28 17:39 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-02-28 17:38 . 2012-02-28 17:38 -------- d-----w- c:\program files\BullGuard Ltd
2012-02-25 00:33 . 2012-02-25 16:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-25 00:33 . 2012-02-25 00:33 -------- d-----w- c:\program files\Uniblue
2012-02-22 06:22 . 2012-02-22 06:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 01:06 . 2011-05-15 01:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 00:53 . 2011-06-05 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 23:56 . 2011-12-08 04:44 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-01-11 19:06 . 2012-02-15 02:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-10 18:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-09 15:11 . 2012-01-09 15:11 34280 ----a-w- c:\windows\system32\drivers\afw.sys
2012-01-09 15:11 . 2012-01-09 15:11 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-01-09 15:11 . 2012-01-09 15:11 789960 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-01-09 15:11 . 2012-01-09 15:11 19272 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-01-09 15:11 . 2012-01-09 15:11 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-01-09 15:10 . 2012-01-09 15:10 64608 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2012-01-09 14:45 . 2012-01-09 14:45 100216 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2009-03-01 16:28 . 2009-03-01 16:25 463128 ----a-w- c:\program files\get.exe
2012-02-16 14:40 . 2012-02-18 08:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_18.21.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-30 00:20 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2004-08-10 17:57 . 2004-08-04 10:00 54784 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 50688 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2006-12-02 07:46 . 2006-12-02 07:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2008-08-30 00:20 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
+ 2008-10-01 00:45 . 2008-10-01 00:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2006-07-19 14:51 . 2006-07-19 14:51 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 18944 c:\windows\vmmreg32.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 25600 c:\windows\twunk_32.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 49680 c:\windows\twunk_16.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 94784 c:\windows\twain.dll
+ 2012-03-21 13:26 . 2012-03-21 13:26 16384 c:\windows\temp\Perflib_Perfdata_cf4.dat
+ 2012-03-21 13:22 . 2012-03-21 13:22 16384 c:\windows\temp\Perflib_Perfdata_708.dat
+ 2004-08-10 17:57 . 2004-08-04 10:00 15360 c:\windows\TASKMAN.EXE
+ 2002-03-13 23:46 . 2002-10-07 03:37 53760 c:\windows\system32\zlib.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
+ 2006-10-09 22:52 . 2005-12-06 01:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2006-10-09 22:53 . 2006-07-28 16:30 62744 c:\windows\system32\xinput1_2.dll
+ 2006-10-09 22:53 . 2006-03-31 19:39 62672 c:\windows\system32\xinput1_1.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
+ 2006-10-09 22:52 . 2006-02-03 15:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2004-08-04 05:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
+ 2005-05-26 11:16 . 2009-08-07 02:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-10 18:02 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 32256 c:\windows\system32\wupdmgr.exe
+ 2006-09-29 01:56 . 2006-09-29 01:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 03:13 . 2006-09-29 03:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2004-08-10 18:02 . 2009-08-07 02:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 11776 c:\windows\system32\wshisn.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
+ 2004-08-10 17:51 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
+ 2006-07-19 14:19 . 2005-01-28 20:44 10752 c:\windows\system32\wpdtrace.dll
+ 2006-10-19 04:47 . 2006-10-19 04:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 03:00 . 2006-10-19 03:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-07-19 14:19 . 2006-10-19 04:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-07-19 14:19 . 2006-10-19 04:47 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
+ 2001-08-18 03:36 . 2004-08-04 10:00 13824 c:\windows\system32\wowfaxui.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 10368 c:\windows\system32\wowexec.exe
+ 2004-08-10 17:51 . 2005-01-28 20:44 20480 c:\windows\system32\wmpui.dll
+ 2004-08-10 17:51 . 2006-10-19 04:47 99840 c:\windows\system32\wmpshell.dll
+ 2004-08-10 17:51 . 2005-01-28 20:44 20480 c:\windows\system32\wmpcore.dll
+ 2004-08-10 17:51 . 2005-01-28 20:44 20480 c:\windows\system32\wmpcd.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 18944 c:\windows\system32\wmiprop.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 51200 c:\windows\system32\wmerrenu.dll
+ 2004-08-10 17:51 . 2006-10-19 04:47 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-10 17:51 . 2006-10-19 04:47 33792 c:\windows\system32\wmdmlog.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
+ 2008-08-30 00:36 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 18944 c:\windows\system32\winstrm.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 11776 c:\windows\system32\winmsd.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 35328 c:\windows\system32\winchat.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 13312 c:\windows\system32\win87em.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 18432 c:\windows\system32\win.com
+ 2004-08-10 17:51 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 13600 c:\windows\system32\wfwnet.drv
+ 2004-08-10 17:51 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 40448 c:\windows\system32\webhits.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 05:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
+ 2004-08-10 17:51 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 45568 c:\windows\system32\wbem\xml\wmi2xml.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 52224 c:\windows\system32\wbem\wmitimep.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 75264 c:\windows\system32\wbem\wmipicmp.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 61440 c:\windows\system32\wbem\wmimsg.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 16384 c:\windows\system32\wbem\winmgmtr.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 13312 c:\windows\system32\wbem\winmgmt.exe
+ 2004-08-10 18:01 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 12288 c:\windows\system32\wbem\wbemads.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 16896 c:\windows\system32\wbem\unsecapp.exe
+ 2004-08-10 18:01 . 2004-08-04 10:00 59904 c:\windows\system32\wbem\trnsprov.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 61952 c:\windows\system32\wbem\tmplprov.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 40960 c:\windows\system32\wbem\smtpcons.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
+ 2004-08-10 18:01 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2004-08-10 18:01 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 53248 c:\windows\system32\wbem\fwdprov.dll
+ 2004-08-10 17:51 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2004-08-10 17:51 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 22016 c:\windows\system32\w32topl.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 49664 c:\windows\system32\w32tm.exe
+ 2004-12-13 04:41 . 2004-12-13 04:41 87104 c:\windows\system32\vzCheckSys.dll
+ 2003-03-13 20:10 . 2003-03-13 20:10 40960 c:\windows\system32\vxdmdcdlg.dll
+ 2005-08-12 06:00 . 2007-10-20 00:56 88824 c:\windows\system32\vxblock.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 33792 c:\windows\system32\vssadmin.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 16896 c:\windows\system32\vss_ps.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 18176 c:\windows\system32\vga64k.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 51456 c:\windows\system32\vga256.dll
+ 2006-08-30 08:58 . 2008-04-14 00:12 53760 c:\windows\system32\vfwwdm32.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 20535 c:\windows\system32\vfpodbc.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 98304 c:\windows\system32\verifier.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
+ 2006-03-17 00:38 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
+ 1999-11-25 01:40 . 1999-11-25 01:40 40960 c:\windows\system32\VBAME.DLL
+ 2001-08-18 15:00 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
+ 1998-06-18 09:00 . 1998-06-18 09:00 89360 c:\windows\system32\VB5DB.DLL
+ 2004-08-10 17:51 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 25600 c:\windows\system32\utildll.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 49211 c:\windows\system32\usrvpa.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 45116 c:\windows\system32\usrvoica.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 49209 c:\windows\system32\usrv80a.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 41019 c:\windows\system32\usrsvpia.dll
+ 2001-08-18 03:37 . 2004-08-04 10:00 69700 c:\windows\system32\usrshuta.exe
+ 2001-08-18 03:36 . 2004-08-04 10:00 49211 c:\windows\system32\usrsdpia.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 77883 c:\windows\system32\usrrtosa.dll
+ 2001-08-18 03:37 . 2004-08-04 10:00 61508 c:\windows\system32\usrprbda.exe
+ 2001-08-18 03:37 . 2004-08-04 10:00 77891 c:\windows\system32\usrmlnka.exe
+ 2001-08-18 03:36 . 2004-08-04 10:00 53305 c:\windows\system32\usrlbva.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 86073 c:\windows\system32\usrfaxa.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 77890 c:\windows\system32\usrdpa.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 69699 c:\windows\system32\usrcoina.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 61500 c:\windows\system32\usrcntra.dll
+ 2004-08-10 17:51 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
+ 2008-08-30 00:22 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 47872 c:\windows\system32\user.exe
+ 2004-08-10 17:58 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
+ 2003-02-21 10:16 . 2003-02-21 10:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2004-08-10 18:09 . 2003-02-21 00:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 17920 c:\windows\system32\ureg.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
+ 2006-08-25 03:33 . 2008-04-14 00:11 76288 c:\windows\system32\uniime.dll
+ 2007-02-05 22:40 . 2007-02-05 22:40 98304 c:\windows\system32\UncCplExt.dll
+ 2004-09-16 06:00 . 2004-09-16 06:00 77824 c:\windows\system32\UMLoader.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 13312 c:\windows\system32\umdmxfrm.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 82432 c:\windows\system32\ufat.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2004-08-10 18:01 . 2004-08-04 10:00 16896 c:\windows\system32\tsshutdn.exe
+ 2008-08-30 00:35 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 16384 c:\windows\system32\tskill.exe
+ 2008-08-30 00:35 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 14848 c:\windows\system32\tsdiscon.exe
+ 2004-08-10 17:51 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 15360 c:\windows\system32\tsd32.dll
+ 2004-08-10 18:01 . 2004-08-04 10:00 44544 c:\windows\system32\tscupgrd.exe
+ 2004-08-10 18:01 . 2004-08-04 10:00 14848 c:\windows\system32\tscon.exe
+ 2004-08-10 18:01 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 52224 c:\windows\system32\tsappcmp.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
+ 2004-08-10 17:51 . 2004-08-04 10:00 31232 c:\windows\system32\traffic.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 31744 c:\windows\system32\tracert6.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 13888 c:\windows\system32\toolhelp.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 16896 c:\windows\system32\tftp.exe
+ 2004-08-10 17:51 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 19456 c:\windows\system32\tcpsvcs.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 12288 c:\windows\system32\tcmsetup.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 15360 c:\windows\system32\taskman.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 78848 c:\windows\system32\tapiui.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 19200 c:\windows\system32\tapi.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 36864 c:\windows\system32\syskey.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 15872 c:\windows\system32\sysinv.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 18896 c:\windows\system32\sysedit.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 51200 c:\windows\system32\syncapp.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
+ 2007-02-05 21:24 . 2007-02-05 21:24 18271 c:\windows\system32\structuredqueryschematrivial.bin
+ 2007-02-05 21:24 . 2007-02-05 21:24 99999 c:\windows\system32\structuredqueryschema.bin
+ 2004-08-10 17:51 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-10 17:57 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
+ 1998-05-07 02:59 . 1998-05-07 02:59 72192 c:\windows\system32\ssprn32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
+ 2004-08-10 17:51 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
+ 1999-08-28 02:36 . 1999-08-28 02:36 61440 c:\windows\system32\ssmedt32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
+ 2004-08-10 17:51 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
+ 2004-08-10 17:51 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-10 18:02 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 49179 c:\windows\system32\sqlwoa.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 24603 c:\windows\system32\sqlwid.dll
+ 2004-08-10 17:57 . 2004-08-04 10:00 24661 c:\windows\system32\spxcoins.dll
+ 2008-08-30 00:34 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2006-08-02 03:16 . 2009-01-08 01:21 26144 c:\windows\system32\spupdsvc.exe
+ 2001-08-18 03:36 . 2004-08-04 10:00 72192 c:\windows\system32\sprio800.dll
+ 2001-08-18 03:36 . 2004-08-04 10:00 70656 c:\windows\system32\sprio600.dll
+ 2006-08-01 13:44 . 2005-04-21 02:22 11264 c:\windows\system32\sporder.dll
+ 2004-08-10 17:51 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2007-03-30 02:33 . 2006-04-10 21:02 74240 c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
+ 2009-08-21 10:59 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2007-03-30 02:33 . 2006-04-10 21:02 74752 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzpr054.dll
+ 2007-03-30 02:33 . 2005-09-19 21:17 79872 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfrs054.dll
+ 2007-03-30 02:33 . 2006-04-10 21:02 74752 c:\windows\system32\spool\drivers\w32x86\3\hpzpr054.dll
+ 2007-11-20 09:51 . 2007-08-09 07:27 73728 c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
+ 2007-03-30 02:33 . 2005-09-19 21:17 79872 c:\windows\system32\spool\drivers\w32x86\3\hpfrs054.dll
+ 2004-08-10 18:01 . 2008-04-14 00:11 26624 c:\windows\system32\spool\drivers\w32x86\3\fxsdrv.dll
+ 2004-08-10 17:51 . 2008-04-14 12:42 11264 c:\windows\system32\spnpinst.exe
+ 2001-08-18 03:36 . 2004-08-04 10:00 69632 c:\windows\system32\spnike.dll
+ 2011-04-22 04:10 . 2009-01-08 01:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
+ 2004-08-10 18:01 . 2004-08-04 10:00 56832 c:\windows\system32\sol.exe
+ 2009-10-02 02:39 . 2009-08-07 02:24 44768

*************************************************************************************************
******************************************************************************************************Going to try to send the rest...

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users