Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD Malware


  • This topic is locked This topic is locked
33 replies to this topic

#1 fudgie'sdad

fudgie'sdad

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 16 April 2012 - 12:50 PM

Hi - Late last week one of my PCS seemed to be infected with a SMART HDD virus. There was a box in the bottom and google searches were redirecting. A quick look online tells me I'm not the only one who is facing this - it appears to be rather nasty.

Anyway, I ran MBAM in Safe Mode and fixed all, then rebooted into Safe Mode again and re-ran MBAM, this time coming up with even MORE hits (over 200). I tried System Restore at at least 3 points in the last week and each time was told I could not restore. I also am not able to run DDS.scr.

Attached is the last MBAM report but I could not save the GMER log in Sage Mode. There are 8 hidden process running and 2 malware files in my temp and 16 more in an uninstall folder.

Thanks in advance for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 18 April 2012 - 11:01 AM

Sorry to sound panicked, but this morning there was a Smart HDD scanner box, about 120 tiled error messages and ALL of my files are gone! Please advise

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 19 April 2012 - 05:57 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, fudgie'sdad

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 19 April 2012 - 05:59 AM

Hello there,

Let me know if unhide restores your files.

Please download Unhide.exe to your desktop:
  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.

===================================================

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
===================================================

Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.
    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


===================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

On your next reply please post :
OTL log
RKU log
Checkup log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 19 April 2012 - 11:46 AM

Thanks for your help.

First, the OTL report:
OTL logfile created on: 4/19/2012 11:17:00 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\DOWNLOAD
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 66.18% Memory free
4.34 Gb Paging File | 3.18 Gb Available in Paging File | 73.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 9.05 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Drive D: | 135.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 136.61 Gb Total Space | 4.40 Gb Free Space | 3.22% Space Free | Partition Type: NTFS
Drive K: | 23.53 Gb Total Space | 1.36 Gb Free Space | 5.77% Space Free | Partition Type: NTFS
Drive P: | 44.68 Gb Total Space | 4.11 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive Q: | 44.68 Gb Total Space | 4.11 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive S: | 136.62 Gb Total Space | 0.55 Gb Free Space | 0.40% Space Free | Partition Type: NTFS
Drive T: | 44.68 Gb Total Space | 4.11 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive Z: | 136.62 Gb Total Space | 0.55 Gb Free Space | 0.40% Space Free | Partition Type: NTFS

Computer Name: BSONNET | User Name: bsonnet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bsonnet\Desktop\iExplore.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\bsonnet\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\DOWNLOAD\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Documents and Settings\bsonnet\Local Settings\temp\RarSFX8\nird\iexplore.exe (NirSoft)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\usbniw32.dll ()
MOD - C:\Documents and Settings\bsonnet\Desktop\iExplore.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMBIOSController.dll ()
MOD - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll ()
MOD - C:\WINDOWS\system32\Wavx_ESC_Logging.dll ()
MOD - C:\WINDOWS\system32\wxvault.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (NEC Usb3) -- File not found
SRV - (JavaQuickStarterService) -- File not found
SRV - (cachemanxp) -- File not found
SRV - (BLKWGU(Belkin)) -- File not found
SRV - (bdselfpr) -- File not found
SRV - (6to4) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (easdrv) -- C:\WINDOWS\system32\pelmouse.dll (Oak Technology Inc.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (klmd23) -- C:\WINDOWS\system32\drivers\klmd.sys (Kaspersky Lab, SLA)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110502.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110502.002\NAVENG.SYS (Symantec Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys ()
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (BASFND) -- C:\Program Files\Broadcom\BACS\BASFND.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F450115E-074B-4A96-8CDB-1AFDDAFA4BCE}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{F450115E-074B-4A96-8CDB-1AFDDAFA4BCE}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1319A177-F720-49F9-AF21-AFE860406BD1}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{1319A177-F720-49F9-AF21-AFE860406BD1}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F52E9448-A9DF-4AE7-BAEC-B6C10DE1DEF8}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{F52E9448-A9DF-4AE7-BAEC-B6C10DE1DEF8}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{00C2CEC9-2779-4972-B805-7489DB1B03DA}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{00C2CEC9-2779-4972-B805-7489DB1B03DA}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BE0E2073-7454-4C77-AC0C-26B831B3A090}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{BE0E2073-7454-4C77-AC0C-26B831B3A090}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D5791BBA-7E74-453B-95EE-24EA16BA2BD5}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{D5791BBA-7E74-453B-95EE-24EA16BA2BD5}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6518BBE5-84FE-4A2A-9201-A961E2C88F69}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{6518BBE5-84FE-4A2A-9201-A961E2C88F69}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9BC4086E-73E9-4D14-BAAA-A545F28EA2D0}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{9BC4086E-73E9-4D14-BAAA-A545F28EA2D0}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6BE64122-4C2B-46F6-856E-1382A91CAB88}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{6BE64122-4C2B-46F6-856E-1382A91CAB88}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1B18CE46-F7EA-4B10-B47F-580A5E033716}: C:\Documents and Settings\bsonnet\Local Settings\Application Data\{1B18CE46-F7EA-4B10-B47F-580A5E033716}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/19 15:31:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 16:57:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/22 11:45:25 | 000,000,000 | ---D | M]

[2009/12/07 13:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bsonnet\Application Data\Mozilla\Extensions
[2009/12/07 13:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bsonnet\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2012/02/07 13:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bsonnet\Application Data\Mozilla\Firefox\Profiles\l8rxcsdh.default\extensions
[2010/04/27 11:32:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bsonnet\Application Data\Mozilla\Firefox\Profiles\l8rxcsdh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/10 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/20 16:57:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/25 15:06:00 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/01/25 15:05:50 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/09/29 14:09:08 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/04 19:28:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/04 19:28:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/17 21:05:26 | 000,000,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\bsonnet\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\bsonnet\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.crateandbarrelprojects.com/Projectmates/JUpload/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.16.3 192.168.16.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eastbanc.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29135F70-47C1-4133-BF01-53705CB4D88C}: DhcpNameServer = 172.16.16.3 192.168.16.21
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\intelUsb3Sevices: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\usbniw32: DllName - (usbniw32.dll) - C:\WINDOWS\System32\usbniw32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\bsonnet\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bsonnet\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: cachemanxp - File not found
NetSvcs: symmpi - File not found
NetSvcs: LHidFilt - File not found
NetSvcs: ISAMSvc - File not found
NetSvcs: FreshIO - File not found
NetSvcs: ma_cmidi_installerservice - File not found
NetSvcs: JGOGO - File not found
NetSvcs: uisp - File not found
NetSvcs: easdrv - C:\WINDOWS\system32\pelmouse.dll (Oak Technology Inc.)
NetSvcs: websenserealtimeanalyzer - File not found
NetSvcs: ireike - File not found
NetSvcs: cmbatt - File not found
NetSvcs: O2SCBUS - File not found
NetSvcs: WNCPKT - File not found
NetSvcs: idisw2km - File not found
NetSvcs: icollectservice - File not found
NetSvcs: spmd - File not found
NetSvcs: thkeys - File not found
NetSvcs: vaiomediaplatform-photoserver-appserver - File not found
NetSvcs: askernel - File not found
NetSvcs: symfw - C:\WINDOWS\System32\drivers\symfw.sys (Symantec Corporation)
NetSvcs: VAIOMediaPlatform-VideoServer-HTTP - File not found
NetSvcs: actser - File not found
NetSvcs: oraclesnmppeermasteragent - File not found
NetSvcs: autocomplete - File not found
NetSvcs: digictrl - File not found
NetSvcs: bthmodem - File not found
NetSvcs: yukonwlh - File not found
NetSvcs: WD_FireWire_HID - File not found
NetSvcs: pivot - File not found
NetSvcs: SprintRcAppSvc - File not found
NetSvcs: SMNDIS5 - File not found
NetSvcs: wlankeeper - File not found
NetSvcs: SISNICXP - File not found
NetSvcs: G400DH - File not found
NetSvcs: mxserver - File not found
NetSvcs: lxbx_device - File not found
NetSvcs: spkrmon - File not found
NetSvcs: 3combootp - File not found
NetSvcs: yats32 - File not found
NetSvcs: wmp54gssvc - File not found
NetSvcs: ddxgb - File not found
NetSvcs: DSDrv4 - File not found
NetSvcs: MTC0001_ESB - File not found
NetSvcs: fah@c:+fah+fah-service+fah502-console.exe - File not found
NetSvcs: unlockerdriver5 - File not found
NetSvcs: eliservice - File not found
NetSvcs: bc_filter - File not found
NetSvcs: blueservice - File not found
NetSvcs: msfwsvc - File not found
NetSvcs: MSMQ - File not found
NetSvcs: lxcccustomerconnect - File not found
NetSvcs: ufdsvc - File not found
NetSvcs: atinevxx - File not found
NetSvcs: dm1service - File not found
NetSvcs: was - File not found
NetSvcs: websenseclientdeployservice - File not found
NetSvcs: hsf_msft - File not found
NetSvcs: p17xfilt - File not found
NetSvcs: ipassconnectengine - File not found
NetSvcs: MTsensor - File not found
NetSvcs: UsbserFilt - File not found
NetSvcs: AdfuUd - File not found
NetSvcs: rimmptsk - File not found
NetSvcs: sbservice - File not found
NetSvcs: db2das00 - File not found
NetSvcs: hsxhwazl - File not found
NetSvcs: GoToAssist - File not found
NetSvcs: st330service - File not found
NetSvcs: prodrv06 - File not found
NetSvcs: coste - File not found
NetSvcs: vmnetadapter - File not found
NetSvcs: ctxcpusched - File not found
NetSvcs: PAR1284 - File not found
NetSvcs: cnxtdiag - File not found
NetSvcs: CVirtA - File not found
NetSvcs: ppa3 - File not found
NetSvcs: sweepsrv.sys - File not found
NetSvcs: iPassPeriodicUpdateService - File not found
NetSvcs: toscosrv - File not found
NetSvcs: regmon701 - File not found
NetSvcs: se59mgmt - File not found
NetSvcs: WmFilter - File not found
NetSvcs: DniVad - File not found
NetSvcs: ELacpi - File not found
NetSvcs: Video3D - File not found
NetSvcs: sisidex - File not found
NetSvcs: UpdateCenterService - File not found
NetSvcs: sysenforce - File not found
NetSvcs: rbfilter - File not found
NetSvcs: PolarUSB - File not found
NetSvcs: SABProcEnum - File not found
NetSvcs: avgems - File not found
NetSvcs: taphss - File not found
NetSvcs: freebsd - File not found
NetSvcs: TPECioCtl - File not found
NetSvcs: bdfsdrv - File not found
NetSvcs: AVerBDA - File not found
NetSvcs: RioS30 - File not found
NetSvcs: Tablet2k - File not found
NetSvcs: slip - File not found
NetSvcs: sfcure01 - File not found
NetSvcs: DynDNS_Updater_Service - File not found
NetSvcs: VirtualCam - File not found
NetSvcs: ngserver - File not found
NetSvcs: firelm01 - File not found
NetSvcs: iaimfp0 - File not found
NetSvcs: ramaint - File not found
NetSvcs: vcomm - File not found
NetSvcs: umpusbxp - File not found
NetSvcs: k750mdfl - File not found
NetSvcs: sscdbhk5 - File not found
NetSvcs: ssoftservice - File not found
NetSvcs: SMCB000 - File not found
NetSvcs: bthenum - File not found
NetSvcs: rnadirmultiplexor - File not found
NetSvcs: SaiNtBus - File not found
NetSvcs: Ncrc710 - File not found
NetSvcs: NVR0Dev - File not found
NetSvcs: atierecord - File not found
NetSvcs: transcode360 - File not found
NetSvcs: irbus - File not found
NetSvcs: LMouKE - File not found
NetSvcs: APLMp50 - File not found
NetSvcs: RT25USBAP - File not found
NetSvcs: giveio - File not found
NetSvcs: tossmbnt - File not found
NetSvcs: tng-dtmg - File not found
NetSvcs: compbatt - File not found
NetSvcs: speakerphone - File not found
NetSvcs: pdfcreatormessages - File not found
NetSvcs: w810obex - File not found
NetSvcs: WmaCVideo32 - File not found
NetSvcs: bdselfpr - File not found
NetSvcs: UNDPX2A - File not found
NetSvcs: mbr - File not found
NetSvcs: IFP700 - File not found
NetSvcs: lxdj_device - File not found
NetSvcs: tmactmon - File not found
NetSvcs: MTDVC2 - File not found
NetSvcs: lxct_device - File not found
NetSvcs: rupsmon - File not found
NetSvcs: client32 - File not found
NetSvcs: tgsrvc_smartagent - File not found
NetSvcs: ZD1211BU(ZyDAS) - File not found
NetSvcs: BLKWGU(Belkin) - File not found
NetSvcs: backupexecagentaccelerator - File not found
NetSvcs: DVDVRRdr_xp - File not found
NetSvcs: oracleservicelocalora - File not found
NetSvcs: RecAgent - File not found
NetSvcs: nsm1mdfl - File not found
NetSvcs: teefer2 - File not found
NetSvcs: nim32 - File not found
NetSvcs: tapeware - File not found
NetSvcs: grmnusb - File not found
NetSvcs: DKbFltr - File not found
NetSvcs: pelusblf - File not found
NetSvcs: ntsvcmgr - File not found
NetSvcs: sonypvu1 - File not found
NetSvcs: bc_ip_f - File not found
NetSvcs: Angel2 - File not found
NetSvcs: V0080Dev - File not found
NetSvcs: hsvcmod - File not found
NetSvcs: ichaud - File not found
NetSvcs: tones - File not found
NetSvcs: asctrm - File not found
NetSvcs: s616mdfl - File not found
NetSvcs: pnrouter - File not found
NetSvcs: ms_mpu401 - File not found
NetSvcs: mcods - File not found
NetSvcs: pelmouse - C:\WINDOWS\System32\pelmouse.dll (Oak Technology Inc.)
NetSvcs: W8335XP - File not found
NetSvcs: W2acehid - File not found
NetSvcs: UWProSys - File not found
NetSvcs: sscdmdfl - File not found
NetSvcs: Alpham1 - File not found
NetSvcs: msmpsvc - File not found
NetSvcs: spbbcdrv - File not found
NetSvcs: iolodmv - File not found
NetSvcs: RMCAST - C:\WINDOWS\System32\drivers\rmcast.sys (Microsoft Corporation)
NetSvcs: nvnetbus - File not found
NetSvcs: nbservice - File not found
NetSvcs: vncdrv - File not found
NetSvcs: ndisip - File not found
NetSvcs: proxyhostdriver - File not found
NetSvcs: HpqKbFiltr - File not found
NetSvcs: pcnet - File not found
NetSvcs: hpdskflt - File not found
NetSvcs: atitool - File not found
NetSvcs: fsdfwd - File not found
NetSvcs: PNRPSvc - File not found
NetSvcs: rnadiagreceiver - File not found
NetSvcs: z525mdm - File not found
NetSvcs: fasttraksvc - File not found
NetSvcs: WaveEnrollmentService - File not found
NetSvcs: bdftdif - File not found
NetSvcs: mvserver - File not found
NetSvcs: Wbutton - File not found
NetSvcs: wlluc48b - File not found
NetSvcs: netmnt - File not found
NetSvcs: ROB_V - File not found
NetSvcs: guardian2 - File not found
NetSvcs: IFPUSB - File not found
NetSvcs: GT680x - File not found
NetSvcs: scarddrv - File not found
NetSvcs: Hotkey - File not found
NetSvcs: swmsflt - File not found
NetSvcs: anydvd - File not found
NetSvcs: rvscc - File not found
NetSvcs: SbieDrv - File not found
NetSvcs: tmmbd - File not found
NetSvcs: fix - File not found
NetSvcs: xnacc - File not found
NetSvcs: qserver - File not found
NetSvcs: si3114r - File not found
NetSvcs: uscbs108 - File not found
NetSvcs: mcafeeantispyware - File not found
NetSvcs: vaiomediaplatform-musicserver-appserver - File not found
NetSvcs: nvlddmkm - File not found
NetSvcs: MR97310_USB_DUAL_CAMERA - File not found
NetSvcs: VNUSB - File not found
NetSvcs: pdlnecfg - File not found
NetSvcs: wuolservice - File not found
NetSvcs: NCPro - File not found
NetSvcs: cqmghost - File not found
NetSvcs: pdlnepkt - File not found
NetSvcs: wacomkey - File not found
NetSvcs: se27unic - File not found
NetSvcs: wkscfgsrv - File not found
NetSvcs: E1000 - File not found
NetSvcs: DFUBTUSB - File not found
NetSvcs: mclogmanagerservice - File not found
NetSvcs: FreeTdi - File not found
NetSvcs: NWSLP - File not found
NetSvcs: EKECioCtl - File not found
NetSvcs: penclass - File not found
NetSvcs: w300bus - File not found
NetSvcs: crauto - File not found
NetSvcs: iAimFP6 - File not found
NetSvcs: slservice - File not found
NetSvcs: arhidfltr - File not found
NetSvcs: ooclevercacheagent - File not found
NetSvcs: mcupdmgr.exe - File not found
NetSvcs: ELhid - File not found
NetSvcs: nicconfigsvc - File not found
NetSvcs: cnmpar21 - File not found
NetSvcs: iviVD - File not found
NetSvcs: Hardlock - File not found
NetSvcs: se44mdfl - File not found
NetSvcs: w200bus - File not found
NetSvcs: application - File not found
NetSvcs: oracle_load_balancer_60_server-forms6i - File not found
NetSvcs: elagopro - File not found
NetSvcs: vmkbd2 - File not found
NetSvcs: nvstor32 - File not found
NetSvcs: ntuneservice - File not found
NetSvcs: df5serv - File not found
NetSvcs: ptserial - File not found
NetSvcs: iAimTV6 - File not found
NetSvcs: pserve - File not found
NetSvcs: openldap-slapd - File not found
NetSvcs: WDM_YAMAHAAC97 - File not found
NetSvcs: SNP2UVC - File not found
NetSvcs: s125mgmt - File not found
NetSvcs: SiS7018 - File not found
NetSvcs: kraidsvc - File not found
NetSvcs: slabser - File not found
NetSvcs: CTSYN - File not found
NetSvcs: ds1 - File not found
NetSvcs: authsyssvc - File not found
NetSvcs: ssfs0509 - File not found
NetSvcs: basfipm - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 18:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/04/18 18:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bsonnet\Application Data\Aimersoft Video Converter Std
[2012/04/18 18:35:00 | 000,000,000 | ---D | C] -- \\srv01\users$\bsonnet\Aimersoft Video Converter Std
[2012/04/18 18:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Aimersoft
[2012/04/18 18:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2012/04/18 11:51:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bsonnet\Recent
[2012/04/16 12:41:40 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\bsonnet\Desktop\iExplore3.exe
[2012/04/14 03:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/04/14 03:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/13 18:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/13 18:47:28 | 000,000,000 | ---D | C] -- C:\Moo
[2012/04/13 18:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bsonnet\Start Menu\Programs\SMART HDD
[2012/04/12 18:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/04/12 18:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/04/09 17:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/04/09 17:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/03/23 12:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bsonnet\Desktop\Drawings 032212
[2011/08/05 15:39:37 | 000,625,984 | ---- | C] (How Inc.) -- C:\Program Files\Common Files\ZugoInstaller.exe
[2009/12/09 18:49:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\bsonnet\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 11:23:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 11:10:34 | 000,541,642 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 11:10:34 | 000,102,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 11:06:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\WavXMapDrive.bat
[2012/04/19 11:05:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/19 11:05:11 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/19 11:05:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/19 11:05:05 | 3755,507,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 15:21:34 | 001,650,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/18 13:58:56 | 000,002,681 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\HiJackThis.lnk
[2012/04/18 13:33:57 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\eacbafdeeeebdct.exe
[2012/04/17 21:18:55 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dHliYMNUgYpu5zr
[2012/04/17 21:18:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dHliYMNUgYpu5z
[2012/04/17 21:18:51 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dHliYMNUgYpu5z
[2012/04/17 18:37:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/16 13:06:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\yj427j3h.exe
[2012/04/16 12:41:40 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\bsonnet\Desktop\iExplore3.exe
[2012/04/14 11:01:17 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/13 18:52:48 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\iExplore.exe
[2012/04/13 18:38:08 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 18:36:15 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xZKbevvWAnlGQ6
[2012/04/13 18:35:59 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/13 18:35:59 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-xZKbevvWAnlGQ6r
[2012/04/13 18:35:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-xZKbevvWAnlGQ6
[2012/04/12 18:06:57 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/04/12 18:06:57 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/11 03:01:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/09 17:50:13 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/28 15:33:21 | 002,406,204 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\CO Canal OGB DD Submission_TO PRINT.pdf
[2012/03/28 15:31:58 | 006,786,121 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\CO Canal OGB DD Submission_April 2012.pdf
[2012/03/27 17:34:24 | 000,083,318 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\Boilermaker Colored Layout.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 18:34:39 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\AI_VideoConverterContextMenu.dll
[2012/04/18 18:34:36 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2012/04/18 13:09:28 | 3755,507,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/18 12:07:09 | 000,002,081 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Roxio Creator DE.lnk
[2012/04/18 12:07:09 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/18 12:07:09 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/18 12:07:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/18 12:07:08 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/04/18 12:07:08 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/18 12:07:08 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2012/04/18 12:07:08 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/18 12:07:08 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/18 12:07:08 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.LNK
[2012/04/18 12:07:08 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.LNK
[2012/04/18 12:07:07 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
[2012/04/18 12:07:07 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.LNK
[2012/04/18 12:07:07 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2012/04/18 12:07:07 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/18 12:07:07 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/04/18 12:07:07 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/18 12:07:07 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2012/04/18 12:07:04 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/04/18 12:07:03 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/04/18 12:07:03 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/04/18 12:07:03 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/18 12:07:03 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/18 12:07:03 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 6.0.lnk
[2012/04/18 12:07:03 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/04/17 21:18:55 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dHliYMNUgYpu5zr
[2012/04/17 21:18:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dHliYMNUgYpu5z
[2012/04/17 21:18:54 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/17 21:18:50 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dHliYMNUgYpu5z
[2012/04/17 21:12:15 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eacbafdeeeebdct.exe
[2012/04/16 13:06:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\bsonnet\Desktop\yj427j3h.exe
[2012/04/14 11:01:17 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\usbniw32.dll
[2012/04/13 18:52:48 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\bsonnet\Desktop\iExplore.exe
[2012/04/13 18:35:59 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-xZKbevvWAnlGQ6r
[2012/04/13 18:35:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-xZKbevvWAnlGQ6
[2012/04/13 18:35:56 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xZKbevvWAnlGQ6
[2012/04/13 18:30:01 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/09 17:50:34 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/04/09 17:50:13 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/28 15:33:21 | 002,406,204 | ---- | C] () -- C:\Documents and Settings\bsonnet\Desktop\CO Canal OGB DD Submission_TO PRINT.pdf
[2012/03/28 15:31:55 | 006,786,121 | ---- | C] () -- C:\Documents and Settings\bsonnet\Desktop\CO Canal OGB DD Submission_April 2012.pdf
[2012/03/27 17:34:24 | 000,083,318 | ---- | C] () -- C:\Documents and Settings\bsonnet\Desktop\Boilermaker Colored Layout.pdf
[2012/02/16 11:22:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2012/02/16 11:03:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 20:06:01 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2012/01/17 15:47:23 | 002,129,710 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/06 17:09:25 | 000,741,878 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-448539723-725345543-1115-0.dat
[2012/01/06 17:09:24 | 000,397,894 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/05 19:53:12 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/11/03 20:39:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/10/25 17:05:24 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw7c.bin
[2011/10/25 17:04:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV500P.ini
[2011/06/06 11:04:40 | 000,014,700 | -HS- | C] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\1mr105511ect811gr6ffm8qap1612a05r3
[2011/06/06 11:04:40 | 000,014,700 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1mr105511ect811gr6ffm8qap1612a05r3
[2011/02/08 17:27:38 | 000,278,756 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/02/08 17:20:41 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/08 17:17:16 | 000,278,756 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/02/08 17:17:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/10 14:06:15 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/11/10 14:06:15 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/11/09 13:38:33 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/11/09 13:38:33 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2010/06/17 19:36:30 | 000,078,632 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/21 11:59:52 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/03/31 11:08:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\housecall.guid.cache
[2010/01/22 11:46:11 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Efalahubimudu.dat
[2010/01/21 19:32:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yyiquyo.bin
[2010/01/14 12:51:25 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/13 12:30:42 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009/12/09 18:49:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\pcouffin.cat
[2009/12/09 18:49:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\bsonnet\Application Data\pcouffin.inf
[2009/12/09 12:48:21 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/12/09 12:48:21 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/08 10:59:38 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\fusioncache.dat
[2009/12/07 22:01:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/04 17:57:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/04 17:42:26 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 16:53:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bsonnet\Local Settings\Application Data\WavXMapDrive.bat
[2009/12/04 16:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/11/25 16:32:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/11/25 16:30:02 | 000,001,157 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/25 15:03:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/25 14:49:53 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/10/27 19:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/27 19:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/27 19:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/27 19:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/27 18:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/16 19:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/16 19:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/16 19:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/16 19:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/16 19:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/16 19:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/16 19:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/16 16:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/16 16:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/16 15:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/16 15:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/07/22 20:03:06 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/06/05 17:41:18 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/06/05 17:41:18 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/06/05 17:41:16 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/06/05 17:41:14 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/06/05 17:41:14 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/06/05 17:41:12 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/06/05 17:41:10 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/06/05 17:41:10 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/06/05 17:41:10 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/06/05 17:41:08 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/06/05 17:41:08 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/06/05 17:41:08 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/06/05 17:41:06 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/06/05 17:41:06 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/06/05 17:41:04 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/06/05 17:41:04 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/06/05 17:41:04 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/06/05 17:41:04 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/06/05 17:41:02 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/06/05 17:41:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/06/05 17:31:18 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/06/03 15:08:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/06/03 15:08:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/06/03 15:08:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/06/03 15:08:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/06/03 15:08:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/06/03 15:08:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/06/03 15:08:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/06/03 15:08:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/06/03 15:08:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/06/03 15:08:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/06/03 15:08:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/06/03 15:08:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/06/03 15:08:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/06/03 15:08:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/06/03 14:07:50 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2009/05/18 10:34:04 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/05/05 12:34:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,541,642 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,102,964 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,153,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 001,650,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/09 17:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/09 13:49:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/13 12:16:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2008/01/19 02:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/25 16:32:45 | 000,025,532 | R--- | M] () -- C:\dell.sdr
[2010/05/27 00:37:09 | 000,003,264 | ---- | M] () -- C:\drmHeader.bin
[2010/07/16 16:23:02 | 000,001,375 | ---- | M] () -- C:\HelpAsst.log
[2012/04/19 11:05:05 | 3755,507,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 15:20:42 | 000,017,374 | ---- | M] () -- C:\install.log
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2010/06/29 17:56:46 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/19 11:05:03 | 1071,644,672 | -HS- | M] () -- C:\pagefile.sys
[2012/04/18 13:36:56 | 000,000,775 | ---- | M] () -- C:\rkill.log
[2010/10/22 15:20:37 | 000,016,938 | ---- | M] () -- C:\uninstall.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/25 17:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 14:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/10 14:39:00 | 000,350,720 | ---- | M] () -- C:\Program Files\hjsplit.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/25 17:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/04 16:53:16 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/04/25 17:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\bsonnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/09 11:34:34 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\0u58gnc8.exe
[2010/02/15 12:22:58 | 003,857,112 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\1234.scr.exe
[2010/07/16 15:27:59 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\HelpAsst_mebroot_fix.exe
[2012/04/13 18:52:48 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\iExplore.exe
[2012/04/16 12:41:40 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\bsonnet\Desktop\iExplore3.exe
[2010/07/16 15:17:56 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\bsonnet\Desktop\jre-6u21-windows-i586.exe
[2010/11/19 11:31:04 | 094,595,800 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\R214973.exe
[2010/11/19 11:34:00 | 061,831,048 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\R214974.exe
[2010/06/29 18:14:04 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\RKUnhookerLE.EXE
[2012/01/06 19:03:27 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\SecurityCheck.exe
[2012/01/16 12:56:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bsonnet\Desktop\TFC.exe
[2012/04/16 13:06:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\bsonnet\Desktop\yj427j3h.exe

< %PROGRAMFILES%\Common Files\*.* >
[2011/06/03 16:25:52 | 000,625,984 | ---- | M] (How Inc.) -- C:\Program Files\Common Files\ZugoInstaller.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 07:06:49

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB61435$] -> Error: Cannot create file handle -> Unknown point type

< End of report >


Now the RKUnhook report:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB60D9000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12840960 bytes (NVIDIA Corporation, NVIDIA Windows XP Miniport Driver, Version 276.52 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4206592 bytes (NVIDIA Corporation, NVIDIA Windows XP Display driver, Version 276.52 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1871872 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1871872 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA662B000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110502.002\navex15.sys 1388544 bytes (Symantec Corporation, AV Engine)
0xA634C000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 897024 bytes
0xB7E48000 iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7D5C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA677E000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA6427000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5F5A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA658B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA3A7F000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAFF2E000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 356352 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xAA36F000 C:\Program Files\Symantec AntiVirus\savrt.sys 323584 bytes (Symantec Corporation, AutoProtect)
0xBD415000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA15CB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA654B000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xB6047000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 204800 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA4662000 C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 204800 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0xB5FB8000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA3DA7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D2F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA64B0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6079000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA64FD000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes
0xA6525000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAFF0A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB60A1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6010000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA64DB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134528 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7E28000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D15000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
!!!!!!!!!!!Hidden driver: 0xA6497000 00001679 102400 bytes
0xA464A000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xA461D000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB7DE9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5FF9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA4634000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xB7E00000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA2727000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA6617000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110502.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xB6033000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB60C5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA65E4000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xAA35C000 C:\Program Files\Symantec\SYMEVENT.SYS 77824 bytes (Symantec Corporation, Symantec Event Library)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E16000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5FE8000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA953000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAB162000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 65536 bytes (Symantec Corporation, SAVRTPEL)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB2588000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA2944000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB4F5F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB8318000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA785B000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xAADEE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8118000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xB8308000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB8108000 sfaudio.sys 45056 bytes (Sonic Focus, Inc, Sonic Focus DSP driver for ADI)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB25A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB80F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB8148000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9FBF0000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAB152000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB4F3F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4F4F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB4A2D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA7958000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8430000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA7950000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xA7948000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xAB29D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB37A6000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xAB295000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB4A45000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xB8438000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8458000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8460000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8330000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xB8428000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB4A3D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB4759000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xB4A35000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8448000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8450000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAB285000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB3BAD000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB6D3C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7CA8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7CE1000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB7C98000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xADB23000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xADB2B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB3BB1000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7CF1000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA28F8000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0xAA3C6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85A4000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB6D38000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB85A8000 00000046 8192 bytes
0xAB95F000 C:\Program Files\Broadcom\BACS\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xB8650000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB860C000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xAB953000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB864E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8652000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8654000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB860E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8616000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB86E5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8706000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xA7965000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87AB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
!!!!!!!!!!!Hidden driver: 0x8A6B9053 00000179 4013 bytes
0x89112880 unknown_irp_handler 1920 bytes
==============================================
>Stealth
==============================================
0x8A6BB58F Unknown page with executable code, 2673 bytes
0x8A6BD44C Unknown page with executable code, 2996 bytes
0x8A6B9053 Unknown page with executable code, 4013 bytes
WARNING: Virus alike driver modification [mrxsmb.sys]
0x8A6BB2CB Unknown thread object [ ETHREAD 0x8A10C020 ] TID: 156, 600 bytes
0x8A6BC8C3 Unknown thread object [ ETHREAD 0x8A10C8B8 ] TID: 168, 600 bytes


Now the Check-Up report:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Symantec AntiVirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Secunia PSI (2.0.0.3003)
HijackThis 2.0.2
Java™ 7 Update 2
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 19 April 2012 - 08:30 PM

Did unhide manage to restore your files?

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 20 April 2012 - 02:19 PM

Running combofix and it told me it needed to reboot and not to manually shut- down. That was about 2 hours ago and I've got just a blank desktop. Should I manually reboot?

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 20 April 2012 - 10:14 PM

Yes go ahead.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 23 April 2012 - 01:04 PM

I manually rebooted and it ran and rebooted itself again. Now it is stuck with a box that says: preparing Log Report. do not run any programs until ComboFix has finished

It has been like this for almost 2 hours. Sorry to keep bugging you with these issues.

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 24 April 2012 - 03:28 AM

Not your fault, so no need to be sorry. :)

Restart manually again. See if you can get into Windows and look for CF report.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 24 April 2012 - 10:37 AM

I rebooted and the only log I could find in the ComboFix folder on my C: drive is as follows:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380815 rev.4.AD -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
error: Read The request could not be performed because of an I/O device error.

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 25 April 2012 - 10:08 PM

Hi sorry for late reply.

Delete the existing copy of CF and download a fresh copy from the link given and try again.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 30 April 2012 - 02:15 PM

I reinstalled and re-ran ComboFix, even letting it run overnight but when I came back, the blue box was still on the screen so I manually rebooted and again, all I could find was this:

ComboFix 12-04-31.02 - bsonnet 04/30/2012 13:34:14.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3581.2816 [GMT -4:00]
Running from: C:\Documents and Settings\bsonnet\Desktop\ComboFix.exe
* Created a new restore point

The following files were disabled during the run:
C:\Documents and Settings\bsonnet\Application Data\dplayx.dll



Also, when I did a search of files created/modified within the last 24 hours, there are some files that are time-stamped up to the minute I rebooted. Is it possible that ComboFix was still working (over 15 hours) and I stopped it prematurely?

Thanks again.

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 30 April 2012 - 10:50 PM

Hmm.. let's use another tool instead.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 fudgie'sdad

fudgie'sdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 01 May 2012 - 10:07 AM

When I try to open the TDSSKiller file, nothing happens. Also, in doing so, I got a pop-up saying my Symantec Auto-Detect was disabled.
(and now my internet/outlook connectivity, recently fine, has gone out again)...

Thanks for hanging in there with me

Edited by fudgie'sdad, 01 May 2012 - 01:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users