Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroaccess infestation


  • This topic is locked This topic is locked
19 replies to this topic

#1 happyharrysco1

happyharrysco1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 05 November 2012 - 07:18 PM

hi guys, i recently loaned my laptop to a freind while i repaired his one, unfortunately when i got it back it had been infected with zeroaccess, i thought i had managed to get rid of it but during the process it buggered the windows install, so i did a repair install to get it working properly again. unfortunately for me combofix still tell's me zeroaccess is still present and has installed itself in the tcpip stack. anyway enough babbling from me, laptop has windows xp sp3 installed and is up to date with updates, here is the dds log requested in the first post guide, and the other logs are attached. thanks in advance for any help you can offer

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by phil at 20:22:26 on 2012-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1024 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqste08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRunOnce: [KB2492386] rundll32.exe apphelp.dll,ShimFlushCache
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352143099031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347651814656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{3CE5D457-5C28-4A15-8139-1973724DE102} : DHCPNameServer = 205.234.170.215 205.234.170.217
TCP: Interfaces\{41D182E5-105D-4B22-9808-1AF605F8655D} : NameServer = 194.168.4.100,194.168.8.100
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\phil\application data\mozilla\firefox\profiles\dq2b7mxp.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.mg40.mail.yahoo.com/neo/launch?.rand=2vtjjfe4vrfq6
FF - prefs.js: network.proxy.type - 4
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-23 36000]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2012-1-7 686360]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-23 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-23 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-23 83392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-3-2 227896]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-12-26 103040]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2010-1-28 9472]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\vcdrom.sys --> c:\windows\system32\VCdRom.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-17 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250808]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-3-19 113664]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-9 80184]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-4-30 20032]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\fsusbexdisk.sys --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-9-16 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-17 136176]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-8-2 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-8-2 11104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-9 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-9 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-9 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-9 181432]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\fsusbexservice.exe --> c:\windows\system32\FsUsbExService.Exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-05 19:39:25 -------- d-----w- c:\windows\system32\URTTEMP
2012-11-05 19:36:18 726528 ------w- c:\windows\system32\SET6EA.tmp
2012-11-05 19:28:59 265728 -c----w- c:\windows\system32\dllcache\http.sys
2012-11-05 19:28:59 25088 ----a-w- c:\windows\system32\SET37E.tmp
2012-11-05 19:26:58 -------- d-----w- C:\AMD
2012-11-05 17:19:01 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-05 17:18:23 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-05 17:17:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-05 17:17:48 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-11-05 17:17:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-11-05 17:17:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-05 17:17:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-11-05 17:17:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-05 17:17:48 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-11-05 17:16:14 -------- dc-h--w- c:\windows\ie8
2012-11-05 04:28:30 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2012-11-05 04:25:56 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-11-05 03:51:14 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2012-11-05 03:51:13 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2012-11-05 03:49:37 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-05 03:04:02 -------- d-sha-r- C:\cmdcons
2012-11-05 03:00:23 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-11-05 03:00:23 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-05 03:00:19 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-11-05 03:00:18 256000 ----a-w- c:\windows\PEV.exe
2012-11-05 03:00:18 2069632 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-11-05 03:00:16 98816 ----a-w- c:\windows\sed.exe
2012-11-05 01:03:03 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-11-05 01:03:03 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-11-05 01:03:01 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-11-05 01:03:01 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-11-05 01:03:01 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-11-05 01:03:01 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-11-05 01:03:01 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2012-11-05 01:03:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2012-11-05 01:03:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-11-05 01:03:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2012-11-05 01:01:59 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-05 01:00:55 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2012-11-05 00:59:59 184435 -c--a-w- c:\windows\system32\dllcache\fp4amsft.dll
2012-11-05 00:59:58 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2012-11-05 00:59:58 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2012-11-05 00:59:57 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2012-11-05 00:59:57 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2012-11-05 00:59:56 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2012-11-05 00:59:56 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2012-11-05 00:59:55 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2012-11-05 00:59:54 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2012-11-05 00:53:18 8192 ----a-w- c:\windows\system32\wshirda.dll
2012-11-05 00:53:18 28160 ----a-w- c:\windows\system32\irmon.dll
2012-11-05 00:53:18 151552 ----a-w- c:\windows\system32\irftp.exe
2012-11-05 00:39:17 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-11-05 00:39:17 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-11-05 00:39:17 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-11-05 00:39:17 13312 ----a-w- c:\windows\system32\irclass.dll
2012-11-05 00:38:54 16535 ----a-r- c:\windows\SETD7.tmp
2012-11-05 00:38:52 1088840 ----a-r- c:\windows\SETCB.tmp
2012-11-05 00:38:49 1296669 ----a-r- c:\windows\SETC8.tmp
2012-11-04 21:18:01 -------- d---a-w- C:\.Trash-1000
2012-11-03 11:48:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-03 10:12:52 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-11-03 10:12:52 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-11-03 09:43:08 16535 ----a-r- c:\windows\SET25C.tmp
2012-11-03 09:43:06 1088840 ----a-r- c:\windows\SET250.tmp
2012-11-03 09:43:03 1296669 ----a-r- c:\windows\SET24D.tmp
2012-11-02 22:00:44 -------- d-----w- c:\documents and settings\phil\application data\Malwarebytes
2012-11-02 22:00:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-02 20:14:48 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-02 20:14:33 -------- d-----w- c:\program files\Tweaking.com
2012-11-02 18:35:30 104465 ----a-w- c:\windows\system32\tcpip6.sys
2012-11-02 02:21:40 -------- d-----w- c:\windows\system32\xircom
2012-11-02 02:21:40 -------- d-----w- c:\windows\system32\wbem\snmp
2012-11-02 01:27:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-02 00:52:45 208896 ----a-w- c:\windows\MBR.exe
2012-10-20 23:13:17 -------- d-----w- c:\program files\Nistune
2012-10-09 18:01:32 -------- dc----w- c:\documents and settings\all users\application data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
2012-10-09 18:01:31 -------- d-----w- c:\program files\Viewer
.
==================== Find3M ====================
.
2012-10-31 15:31:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-10-09 17:05:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:05:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-16 12:34:16 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-09-16 12:34:16 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-09-11 12:11:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-11 12:11:49 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-11 12:11:49 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 12:11:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-06 21:58:45 127620 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:28:08 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 20:23:42.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 06 November 2012 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#3 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 06 November 2012 - 10:14 AM

hi nasdaq, and thanks for taking the time to help me, the machine in question is a windows xp sp3 laptop and doesn't have those boot options? how will i proceed

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 06 November 2012 - 01:50 PM

Try this one.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#5 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 06 November 2012 - 04:19 PM

managed to get it done so here is the output

otl.txt

OTL logfile created on: 06/11/2012 22:03:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\phil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.44% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.01 Gb Total Space | 20.89 Gb Free Space | 20.89% Space Free | Partition Type: NTFS
Drive D: | 118.08 Gb Total Space | 117.99 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 79.99 Gb Total Space | 55.17 Gb Free Space | 68.97% Space Free | Partition Type: NTFS

Computer Name: DV2-1030EA | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\phil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()


========== Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll File not found
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll File not found
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (StyleXPService) -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()
SRV - (EPSON_PM_RPCV4_01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (vcdrom) -- C:\WINDOWS\system32\VCdRom.sys File not found
DRV - (SCDEmu) -- File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PQNTDrv) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.SYS File not found
DRV - (Changer) -- File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Ext2Fsd) -- C:\WINDOWS\System32\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (hpdskflt) -- C:\WINDOWS\system32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.)
DRV - (DumpDrv) -- C:\WINDOWS\System32\drivers\dumpdrv.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (StyleXPHelper) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (Windows ® 2000 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.mg40.mail.yahoo.com/neo/launch?.rand=2vtjjfe4vrfq6"
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7rc5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 10:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/05 18:39:01 | 000,000,000 | ---D | M]

[2010/01/28 22:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Extensions
[2012/10/24 23:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions
[2012/10/09 16:12:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/16 23:12:59 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/10/24 23:23:37 | 000,529,447 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/04 20:15:38 | 000,199,396 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/10/09 16:12:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/24 23:29:56 | 000,844,878 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
[2011/05/14 22:54:08 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\searchplugins\aol-web-search.xml
[2012/01/31 10:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 10:16:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/22 18:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/01/31 10:16:17 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/31 10:16:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/31 10:16:17 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/31 10:16:17 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/31 10:16:17 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://uk.mg40.mail.yahoo.com/neo/launch?.rand=23e8t57sgrghr
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://uk.mg40.mail.yahoo.com/neo/launch?.rand=23e8t57sgrghr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/05 04:16:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352143099031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347651814656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE5D457-5C28-4A15-8139-1973724DE102}: DhcpNameServer = 205.234.170.215 205.234.170.217
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D182E5-105D-4B22-9808-1AF605F8655D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ic32pp - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 21:52:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/11/06 21:57:42 | 000,688,779 | ---- | C] (Swearware) -- C:\Documents and Settings\phil\Desktop\dds.com
[2012/11/06 21:02:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/06 19:28:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\phil\Desktop\OTL.exe
[2012/11/06 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Local Settings\Application Data\NeoSmart_Technologies
[2012/11/06 15:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2012/11/06 15:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2012/11/06 01:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/11/05 19:42:52 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/11/05 19:39:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/11/05 19:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/11/05 19:29:08 | 000,938,368 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2012/11/05 19:29:08 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2012/11/05 19:28:59 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2012/11/05 19:26:58 | 000,000,000 | ---D | C] -- C:\AMD
[2012/11/05 17:19:01 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/11/05 17:17:48 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/11/05 17:17:48 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/11/05 17:17:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/11/05 17:17:48 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/11/05 17:17:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/11/05 17:16:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/11/05 16:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/05 04:28:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2012/11/05 04:25:56 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/11/05 03:51:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2012/11/05 03:51:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2012/11/05 03:49:37 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/11/05 03:04:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/05 03:00:23 | 002,192,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/11/05 03:00:23 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/11/05 03:00:19 | 002,027,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/11/05 03:00:18 | 002,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/11/05 01:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/11/05 01:03:03 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/11/05 01:03:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/11/05 01:03:01 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2012/11/05 01:03:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2012/11/05 01:03:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2012/11/05 01:03:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012/11/05 01:03:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012/11/05 01:03:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012/11/05 01:03:00 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/11/05 01:03:00 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012/11/05 01:02:54 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2012/11/05 01:02:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/11/05 01:02:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012/11/05 01:02:50 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/11/05 01:02:50 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/11/05 01:02:50 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/11/05 01:02:50 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/11/05 01:02:46 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2012/11/05 01:02:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012/11/05 01:02:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2012/11/05 01:02:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2012/11/05 01:02:44 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/11/05 01:02:41 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012/11/05 01:02:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012/11/05 01:02:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/11/05 01:02:41 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012/11/05 01:02:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/11/05 01:02:40 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012/11/05 01:02:40 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012/11/05 01:02:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012/11/05 01:02:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012/11/05 01:02:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012/11/05 01:02:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/11/05 01:02:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2012/11/05 01:02:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/11/05 01:02:38 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/11/05 01:02:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/11/05 01:02:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/11/05 01:02:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/11/05 01:02:38 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/11/05 01:02:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/11/05 01:02:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/11/05 01:02:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/11/05 01:02:37 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/11/05 01:02:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/11/05 01:02:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/11/05 01:02:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/11/05 01:02:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/11/05 01:02:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/11/05 01:02:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/11/05 01:02:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/11/05 01:02:32 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2012/11/05 01:02:32 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/11/05 01:02:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/11/05 01:02:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/11/05 01:02:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/11/05 01:02:29 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/11/05 01:02:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2012/11/05 01:02:28 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/11/05 01:02:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2012/11/05 01:02:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/11/05 01:02:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/11/05 01:02:22 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012/11/05 01:02:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/11/05 01:02:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/11/05 01:02:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2012/11/05 01:02:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/11/05 01:02:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/11/05 01:02:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/11/05 01:02:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012/11/05 01:02:15 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012/11/05 01:02:09 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/11/05 01:02:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2012/11/05 01:02:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012/11/05 01:02:03 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/11/05 01:01:59 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/11/05 01:01:59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/11/05 01:01:50 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/11/05 01:01:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012/11/05 01:01:49 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/11/05 01:01:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2012/11/05 01:01:49 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2012/11/05 01:01:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012/11/05 01:01:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/11/05 01:01:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012/11/05 01:01:46 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012/11/05 01:01:46 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012/11/05 01:01:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2012/11/05 01:01:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/11/05 01:01:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/11/05 01:01:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/11/05 01:01:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/11/05 01:01:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/11/05 01:01:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/11/05 01:01:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/11/05 01:01:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/11/05 01:01:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/11/05 01:01:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/11/05 01:01:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/11/05 01:01:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/11/05 01:01:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/11/05 01:01:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/11/05 01:01:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/11/05 01:01:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/11/05 01:01:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/11/05 01:01:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/11/05 01:01:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/11/05 01:01:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/11/05 01:01:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/11/05 01:01:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/11/05 01:01:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/11/05 01:01:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/11/05 01:01:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/11/05 01:01:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/11/05 01:01:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/11/05 01:01:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/11/05 01:01:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/11/05 01:01:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2012/11/05 01:01:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/11/05 01:01:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012/11/05 01:01:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012/11/05 01:01:31 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012/11/05 01:01:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2012/11/05 01:01:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2012/11/05 01:01:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012/11/05 01:01:28 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/11/05 01:01:24 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/11/05 01:01:24 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/11/05 01:01:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012/11/05 01:01:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012/11/05 01:01:22 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2012/11/05 01:01:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2012/11/05 01:01:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012/11/05 01:01:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2012/11/05 01:01:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012/11/05 01:01:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2012/11/05 01:01:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2012/11/05 01:01:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2012/11/05 01:01:18 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2012/11/05 01:01:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/11/05 01:01:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2012/11/05 01:01:14 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012/11/05 01:01:14 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012/11/05 01:01:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012/11/05 01:01:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012/11/05 01:01:14 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012/11/05 01:01:14 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012/11/05 01:01:13 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012/11/05 01:01:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012/11/05 01:01:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/11/05 01:01:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012/11/05 01:01:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012/11/05 01:01:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/11/05 01:01:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012/11/05 01:01:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012/11/05 01:01:12 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012/11/05 01:01:12 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012/11/05 01:01:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012/11/05 01:01:12 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/11/05 01:01:12 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/11/05 01:01:12 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012/11/05 01:01:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012/11/05 01:01:11 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012/11/05 01:01:11 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2012/11/05 01:01:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/11/05 01:01:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2012/11/05 01:01:09 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012/11/05 01:01:09 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012/11/05 01:01:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/11/05 01:01:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/11/05 01:01:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2012/11/05 01:01:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/11/05 01:01:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/11/05 01:01:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/11/05 01:01:05 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/11/05 01:01:05 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/11/05 01:01:05 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/11/05 01:01:05 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/11/05 01:00:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2012/11/05 01:00:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/11/05 01:00:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012/11/05 01:00:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012/11/05 01:00:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012/11/05 01:00:51 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2012/11/05 01:00:47 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/11/05 01:00:46 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/11/05 01:00:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/11/05 01:00:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/11/05 01:00:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/11/05 01:00:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/11/05 01:00:44 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/11/05 01:00:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012/11/05 01:00:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012/11/05 01:00:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012/11/05 01:00:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012/11/05 01:00:24 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2012/11/05 01:00:24 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012/11/05 01:00:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/11/05 01:00:23 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2012/11/05 01:00:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012/11/05 01:00:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012/11/05 01:00:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/11/05 01:00:18 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2012/11/05 01:00:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012/11/05 01:00:12 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012/11/05 01:00:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012/11/05 01:00:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2012/11/05 01:00:11 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2012/11/05 01:00:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2012/11/05 01:00:11 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012/11/05 01:00:10 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012/11/05 01:00:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2012/11/05 01:00:05 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2012/11/05 01:00:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012/11/05 01:00:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2012/11/05 01:00:04 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2012/11/05 01:00:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012/11/05 01:00:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2012/11/05 01:00:04 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2012/11/05 01:00:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012/11/05 01:00:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012/11/05 01:00:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012/11/05 01:00:03 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/11/05 01:00:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012/11/05 01:00:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012/11/05 01:00:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012/11/05 01:00:02 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/11/05 01:00:02 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/11/05 01:00:02 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/11/05 01:00:01 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/11/05 01:00:01 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/11/05 01:00:01 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/11/05 01:00:01 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/11/05 01:00:01 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/11/05 01:00:00 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/11/05 01:00:00 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/11/05 01:00:00 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/11/05 01:00:00 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/11/05 01:00:00 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/11/05 01:00:00 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/11/05 00:59:59 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/11/05 00:59:58 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012/11/05 00:59:58 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/11/05 00:59:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012/11/05 00:59:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012/11/05 00:59:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012/11/05 00:59:57 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/11/05 00:59:57 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/11/05 00:59:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012/11/05 00:59:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012/11/05 00:59:55 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/11/05 00:59:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/11/05 00:53:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2012/11/05 00:53:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2012/11/05 00:39:17 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/11/05 00:39:17 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/11/05 00:39:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/11/05 00:39:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/11/04 21:18:01 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2012/11/03 11:48:49 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/03 10:12:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/11/02 22:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Application Data\Malwarebytes
[2012/11/02 22:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/02 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Desktop\fix
[2012/11/02 20:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/11/02 02:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/11/02 02:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/11/02 02:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/11/01 23:50:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/01 23:45:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\phil\Start Menu\Programs\Administrative Tools
[2012/11/01 19:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/11/01 19:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/31 15:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Start Menu\Programs\Nissan DataScan I ver 1.62
[2012/10/31 15:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/10/31 15:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/10/24 23:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Desktop\TunerCode
[2012/10/20 23:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nistune
[2012/10/20 23:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Nistune
[2012/10/09 18:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
[2012/10/09 18:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Viewer
[2012/10/09 18:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Viewer
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/06 21:56:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\Defogger.exe
[2012/11/06 21:56:37 | 000,688,779 | ---- | M] (Swearware) -- C:\Documents and Settings\phil\Desktop\dds.com
[2012/11/06 21:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phil\Desktop\OTL.exe
[2012/11/06 16:39:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/06 16:38:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/11/06 16:38:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/06 16:37:54 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/06 16:31:48 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\phil\NTUSER.DAT
[2012/11/06 16:31:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\phil\ntuser.ini
[2012/11/06 15:45:07 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7AA637DC-C497-47A3-8D28-0E688FFFA2DF}.job
[2012/11/06 15:45:03 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\phil\My Documents\EasyBCD Backup (2012-11-06).bcd
[2012/11/06 01:39:06 | 000,498,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/06 01:39:05 | 000,592,862 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012/11/06 01:39:05 | 000,085,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/05 20:10:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/05 20:05:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\it7h5yi8.exe
[2012/11/05 20:03:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\phil\defogger_reenable
[2012/11/05 19:42:47 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/05 19:42:45 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/11/05 19:42:45 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/11/05 19:41:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/11/05 16:52:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2012/11/05 16:02:04 | 001,431,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/05 04:49:31 | 002,004,211 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2012/11/05 04:16:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/05 03:04:12 | 000,000,606 | RHS- | M] () -- C:\boot.ini
[2012/11/05 02:49:12 | 000,023,760 | ---- | M] () -- C:\Documents and Settings\phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2012/11/05 02:01:11 | 003,699,740 | -H-- | M] () -- C:\Documents and Settings\phil\Local Settings\Application Data\IconCache.db
[2012/11/05 02:01:08 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2012/11/05 02:01:08 | 000,000,491 | ---- | M] () -- C:\Boot.bak
[2012/11/05 01:53:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/05 01:10:24 | 000,060,496 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/11/05 00:59:23 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/05 00:58:02 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2012/11/05 00:58:02 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2012/11/05 00:56:24 | 000,023,360 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/11/05 00:39:36 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/11/03 12:50:58 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/11/03 11:52:27 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/03 11:48:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/31 15:31:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2012/10/20 23:13:20 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Nistune.lnk
[2012/10/10 17:44:57 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 17:44:56 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\Google Chrome.lnk
[2012/10/09 21:23:17 | 000,034,799 | ---- | M] () -- C:\Documents and Settings\phil\My Documents\SpringsPostage.pdf
[2012/10/09 17:05:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 17:05:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/06 21:57:42 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\Defogger.exe
[2012/11/06 15:45:02 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\phil\My Documents\EasyBCD Backup (2012-11-06).bcd
[2012/11/05 20:05:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\it7h5yi8.exe
[2012/11/05 20:03:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\phil\defogger_reenable
[2012/11/05 19:42:40 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/05 19:29:09 | 000,246,000 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2012/11/05 19:18:10 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7AA637DC-C497-47A3-8D28-0E688FFFA2DF}.job
[2012/11/05 03:04:12 | 000,000,491 | ---- | C] () -- C:\Boot.bak
[2012/11/05 02:54:10 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/05 01:27:16 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/11/05 01:03:15 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2012/11/05 01:02:19 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2012/11/05 01:02:19 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2012/11/05 01:01:44 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2012/11/05 01:01:43 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/11/05 01:01:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/11/05 01:00:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2012/11/05 01:00:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2012/11/05 01:00:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2012/11/05 01:00:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2012/11/05 01:00:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2012/11/05 01:00:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2012/11/05 01:00:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2012/11/05 01:00:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2012/11/05 01:00:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2012/11/05 01:00:40 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2012/11/05 01:00:40 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2012/11/05 01:00:40 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2012/11/05 01:00:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2012/11/05 01:00:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2012/11/05 01:00:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2012/11/05 01:00:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2012/11/05 01:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2012/11/05 01:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2012/11/05 01:00:37 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2012/11/05 01:00:37 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2012/11/05 01:00:37 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2012/11/05 01:00:37 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2012/11/05 01:00:37 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2012/11/05 01:00:37 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2012/11/05 01:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2012/11/05 01:00:36 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2012/11/05 01:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2012/11/05 01:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2012/11/05 01:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2012/11/05 01:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2012/11/05 01:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2012/11/05 01:00:34 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2012/11/05 01:00:34 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2012/11/05 01:00:34 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2012/11/05 01:00:34 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2012/11/05 01:00:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2012/11/05 01:00:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2012/11/05 01:00:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2012/11/05 01:00:32 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2012/11/05 01:00:31 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2012/11/05 00:58:02 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2012/11/05 00:57:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2012/11/05 00:39:03 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/11/05 00:39:03 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/11/05 00:39:03 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/11/05 00:39:03 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/11/05 00:39:03 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/11/05 00:39:03 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/11/05 00:39:03 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/11/05 00:39:03 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/11/05 00:39:03 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/11/05 00:39:03 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/11/05 00:39:03 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/11/05 00:39:03 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/11/05 00:39:03 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/11/05 00:39:03 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/11/05 00:39:03 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/11/05 00:39:02 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/11/05 00:39:02 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/11/05 00:39:02 | 001,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2012/11/05 00:39:02 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/11/04 21:39:20 | 000,000,606 | RHS- | C] () -- C:\boot.ini
[2012/11/03 10:10:57 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2012/11/03 09:43:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/11/02 23:11:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/02 18:35:30 | 000,104,465 | ---- | C] () -- C:\WINDOWS\System32\tcpip6.sys
[2012/11/01 23:55:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/20 23:13:20 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Nistune.lnk
[2012/10/09 21:23:17 | 000,034,799 | ---- | C] () -- C:\Documents and Settings\phil\My Documents\SpringsPostage.pdf
[2012/10/05 10:53:34 | 000,001,119 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2012/10/05 10:45:55 | 000,000,186 | ---- | C] () -- C:\WINDOWS\rar_crck.ini
[2012/09/06 21:58:44 | 000,127,620 | ---- | C] () -- C:\WINDOWS\LogWorks3 Uninstaller.exe
[2012/06/07 17:04:35 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2012/05/11 21:45:05 | 001,155,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/04 13:32:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\phil\Ÿ9Ÿ9
[2012/04/03 20:09:09 | 000,157,304 | ---- | C] () -- C:\WINDOWS\hpoins27.dat.temp
[2012/04/03 20:09:09 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat.temp
[2012/04/03 17:30:04 | 000,157,304 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2012/04/03 17:30:04 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2012/04/01 16:51:16 | 000,575,223 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1417001333-920026266-1177238915-1004-0.dat
[2012/04/01 16:51:16 | 000,207,126 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/13 03:04:07 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/03/13 03:04:07 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/15 22:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 12:16:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/02 23:49:24 | 000,747,592 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/08/02 23:49:23 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/08/02 23:49:22 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2011/08/02 23:25:33 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\winscp.rnd
[2011/06/14 21:08:50 | 000,000,031 | ---- | C] () -- C:\WINDOWS\NFINST.INI
[2011/06/14 21:08:24 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\Oe60as.dll
[2011/06/14 21:08:19 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2011/06/14 21:08:19 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\CTDAO.DLL
[2011/06/14 21:08:19 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2011/06/14 21:08:18 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2011/06/14 21:08:18 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2011/05/31 23:55:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\housecall.guid.cache
[2011/05/18 14:35:08 | 003,699,740 | -H-- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\IconCache.db
[2011/05/17 23:06:55 | 000,001,652 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/05/17 01:48:33 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/17 01:48:33 | 000,000,590 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2011/05/04 19:19:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\fusioncache.dat
[2011/05/04 19:08:42 | 000,068,999 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/05/04 19:08:42 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/05/04 18:16:45 | 000,019,496 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/05/04 18:10:17 | 000,105,619 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/05/04 18:10:17 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/03/08 13:41:06 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/03/08 13:41:04 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/08 13:41:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/08 13:41:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/08 13:41:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/11/07 23:38:37 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\phil\scanxlelm.cfg
[2010/11/07 23:37:08 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ppe_fleetdb.vdb
[2010/03/22 21:35:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\$_hpcst$.hpc
[2010/02/28 16:52:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 22:12:23 | 000,023,760 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/28 21:56:21 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\phil\ntuser.ini
[2010/01/28 21:56:19 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\phil\NTUSER.DAT

========== ZeroAccess Check ==========

[2012/11/01 23:59:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB60647$\992991176\L
[2012/11/01 23:59:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB60647$\992991176\U
[2010/01/28 21:48:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 20:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/28 22:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/11/05 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/04/19 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/06/01 00:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/06/01 00:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/01/29 10:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2011/05/14 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/06/02 01:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/03 12:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2012/01/01 00:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/01 16:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/09 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
[2012/03/13 02:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\avidemux
[2011/05/14 23:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Broad Intelligence
[2012/11/05 18:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Canon
[2010/02/02 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\GlobalSCAPE
[2010/01/31 16:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\JGsoft
[2010/02/22 14:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Nokia
[2011/04/10 22:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Notepad++
[2011/05/14 23:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\OpenCandy
[2012/06/01 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Oracle
[2010/02/22 13:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\PC Suite
[2012/08/22 12:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\RawShellExtender
[2010/03/03 11:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Research In Motion
[2012/01/01 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Samsung
[2010/11/08 16:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\ScanMaster-ELM
[2011/11/29 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Temp
[2012/10/05 18:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\uTorrent
[2012/09/18 19:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Virtual Dyno
[2010/01/28 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/16 12:34:16 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys
[2012/09/16 12:34:16 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys
[2012/11/03 11:48:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/01/28 21:50:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2010/01/28 21:54:51 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/11/05 19:18:10 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7AA637DC-C497-47A3-8D28-0E688FFFA2DF}.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-11-06 15:05:20

< MD5 for: AGP440.SYS >
[2008/04/14 12:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:51:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008/04/14 04:51:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 12:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 12:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 12:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 04:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\AUTOCHK.EXE
[2008/04/14 12:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/14 12:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
[2002/08/29 12:00:00 | 000,565,760 | ---- | M] (Microsoft Corporation) MD5=C29EA308913FEC2AF4F977EF718A3574 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\AUTOCHK.EXE

< MD5 for: BEEP.SYS >
[2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\DRIVERS\BEEP.SYS
[2002/08/29 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\DRIVERS\BEEP.SYS
[2004/08/04 11:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2008/04/14 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008/04/14 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\EVENTLOG.DLL
[2008/04/14 03:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 12:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\EVENTLOG.DLL

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\UBCD4Win\UBCD1\I386\EXPLORER.EXE
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2002/08/29 12:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\UBCD4Win\UBCD2\I386\EXPLORER.EXE

< MD5 for: KERNEL32.DLL >
[2009/03/21 13:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP2QFE\kernel32.dll
[2002/08/29 12:00:00 | 000,930,304 | ---- | M] (Microsoft Corporation) MD5=8F162DC91D67D87C1A481BF602A9DAC8 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\KERNEL32.DLL
[2009/03/21 14:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP2GDR\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\erdnt\cache\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP3GDR\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 04:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\KERNEL32.DLL
[2008/04/14 12:00:00 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2009/03/21 19:29:24 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[2009/03/21 19:29:24 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2002/08/29 12:00:00 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=18A8BE5A66B93F9C9615F7D4C148EDE2 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\MSWSOCK.DLL
[2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\SP3GDR\mswsock.dll
[2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 04:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\MSWSOCK.DLL
[2008/04/14 12:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 17:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 17:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\DRIVERS\NDIS.SYS
[2008/04/14 12:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008/04/14 12:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 12:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002/08/29 12:00:00 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\DRIVERS\NDIS.SYS

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\NETLOGON.DLL
[2008/04/14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2002/08/29 12:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\NETLOGON.DLL
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/13 23:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\DRIVERS\NTFS.SYS
[2008/04/14 12:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\erdnt\cache\ntfs.sys
[2008/04/14 12:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/14 12:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2002/08/29 12:00:00 | 000,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD62BC55 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\DRIVERS\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/14 04:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\NTMSSVC.DLL
[2008/04/14 03:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\erdnt\cache\ntmssvc.dll
[2008/04/14 12:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/14 12:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2002/08/29 12:00:00 | 000,392,704 | ---- | M] (Microsoft Corporation) MD5=AAC49EF5C84A2EBD7409A51A1B65C542 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\NTMSSVC.DLL

< MD5 for: NVATABUS.SYS >
[2008/05/11 22:14:34 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\DRIVERS\NVATABUS.SYS

< MD5 for: PROQUOTA.EXE >
[2008/04/14 12:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 12:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\erdnt\cache\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2002/08/29 12:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\SCECLI.DLL
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\SCECLI.DLL
[2008/04/14 03:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/14 12:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/05/11 22:14:44 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=0CDE394F7FB69CB8548CFCA61F1B3855 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\SFCFILES.DLL
[2002/08/29 12:00:00 | 001,157,632 | ---- | M] (Microsoft Corporation) MD5=2564949DBE5F643F50913BBE45D346E2 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\SFCFILES.DLL
[2008/04/14 03:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\erdnt\cache\sfcfiles.dll
[2008/04/14 12:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll
[2008/04/14 12:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 13:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 13:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\SP3QFE\spoolsv.exe
[2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\erdnt\cache\spoolsv.exe
[2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\SP3GDR\spoolsv.exe
[2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2002/08/29 12:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=9B4155BA58192D4073082B8FC5D42612 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\SPOOLSV.EXE
[2008/04/14 04:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\SPOOLSV.EXE
[2008/04/14 12:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 03:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\erdnt\cache\srsvc.dll
[2008/04/14 03:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2008/04/14 03:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2002/08/29 12:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\SVCHOST.EXE
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\SVCHOST.EXE
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2002/08/29 12:00:00 | 000,200,192 | ---- | M] (Microsoft Corporation) MD5=FE84E045A09A4ABC4DEEF7270448B64E -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\TERMSRV.DLL
[2008/04/14 04:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\TERMSRV.DLL
[2008/04/14 04:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\erdnt\cache\termsrv.dll
[2008/04/14 04:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\dllcache\termsrv.dll
[2008/04/14 04:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\USERINIT.EXE
[2008/04/14 03:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 12:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2002/08/29 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\UBCD4Win\UBCD2\I386\SYSTEM32\USERINIT.EXE

< MD5 for: XMLPROV.DLL >
[2008/04/14 04:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\UBCD4Win\UBCD1\I386\SYSTEM32\XMLPROV.DLL
[2008/04/14 03:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\erdnt\cache\xmlprov.dll
[2008/04/14 12:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll
[2008/04/14 12:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

< End of report >


extras.txt

OTL Extras logfile created on: 06/11/2012 22:03:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\phil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.44% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.01 Gb Total Space | 20.89 Gb Free Space | 20.89% Space Free | Partition Type: NTFS
Drive D: | 118.08 Gb Total Space | 117.99 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 79.99 Gb Total Space | 55.17 Gb Free Space | 68.97% Space Free | Partition Type: NTFS

Computer Name: DV2-1030EA | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- "C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe" "%1"
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe" "%1"
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185AEB6C-54E1-40E6-D2AC-46342FA6DBD3}" = HydraVision
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D3EA935-8A29-9F68-2935-8174864FAB0A}" = ATI Problem Report Wizard
"{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish
"{28107FBC-832A-4E18-9C9D-4E771B441F69}" = eJuice Me Up
"{29415C2D-5C8D-4208-B238-0A5734EC6A1D}" = FiatECUScan
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{4320a7f3-c456-483d-90ef-4e5f1c783542}" = Nero 9 Trial
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{479826D5-FE36-711F-8BE3-AB7B44440F66}" = ccc-utility
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & Officejet 5.3.B Corporate Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{569975C3-C149-4618-986C-6280B53FDC55}" = RAW Shell Extender 0.4.0.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French
"{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese
"{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch
"{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek
"{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A778A787-08A4-4089-CB68-02A9737DE532}" = Catalyst Control Center InstallProxy
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C549017A-FFAB-4679-9112-26E83DD82DB5}" = Enterprise
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D26C39A1-8EB2-40B1-9549-4451710AA84C}" = CalumSult
"{D6346B4B-FDD6-C406-06FE-0CF77F561E78}" = AMD Catalyst Install Manager
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EA2101A0-E116-426A-8F69-DE3D397D627B}" = Viewer
"{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFC66551-0083-425F-964E-277BD512E56C}" = Microsoft ACPI Source Language Compiler v4.0.0
"076A5638850BB660C9206283848DD0A114C03B7F" = Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
"5507FF32494DD730B2071399DCCE242CBB04ED6D" = Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14)
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Android SDK Tools" = Android SDK Tools
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Brakeworld Electronic Catalogue" = Brakeworld Electronic Catalogue
"Conzult Freeware version_is1" = Conzult Freeware version
"EasyBCD" = EasyBCD 2.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Ext2Fsd_is1" = Ext2Fsd 0.51
"F533865EC0BCC4B117B00EA2CE592684CC421D5D" = Windows Driver Package - Broadcom Bluetooth (06/19/2007 6.2.6000.1)
"FBCDBE2C04A3B5B72E087FB276F24AC5439D23D6" = Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/18/2011 2.08.14)
"ffdshow_is1" = ffdshow v1.1.3851 [2011-05-12]
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LiveUSB Creator" = LiveUSB Creator (remove only)
"LogWorks3" = LogWorks3
"MediaCoder" = MediaCoder 2011
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"MobilityDotNET" = DH Mobility Modder.NET
"Moleskinsoft Directory Size 2.3_is1" = Moleskinsoft Directory Size 2.3
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nissan FAST For Windows" = Nissan FAST For Windows
"NIStune ROM Pack_is1" = NIStune ROM Pack 2.3.1
"Nistune_is1" = Nistune 0.10.21
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Orb" = Winamp Remote
"Phoenix BIOS Editor" = Phoenix BIOS Editor
"PowerISO" = PowerISO
"RW-Everything_is1" = RW-Everything v1.4
"ScanMaster-ELM_is1" = ScanMaster-ELM 2.1.104.771
"ScanTool.net for Windows" = ScanTool.net for Windows v1.13
"ST6UNST #2" = Nissan DataScan I ver 1.62
"StyleXP" = StyleXP (remove only)
"TunerPro_is1" = TunerPro v5.00
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.60
"UltraISO_is1" = UltraISO Premium V9.35
"uTorrent" = µTorrent
"Viewer" = Viewer
"Virtual Dyno" = Virtual Dyno
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinImage" = WinImage
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-920026266-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/11/2012 00:31:47 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:31:56 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:32:03 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:32:16 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:32:28 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:32:35 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:32:39 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:33:16 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:33:21 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

Error - 05/11/2012 00:33:25 | Computer Name = DV2-1030EA | Source = MsiInstaller | ID = 11706
Description = Product: Status -- Error 1706. An installation package for the product
Status cannot be found. Try the installation again using a valid copy of the installation
package 'status.msi'.

[ System Events ]
Error - 05/11/2012 00:43:30 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 05/11/2012 00:43:58 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 05/11/2012 00:44:09 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 05/11/2012 12:02:35 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SCDEmu

Error - 05/11/2012 12:03:05 | Computer Name = DV2-1030EA | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 05/11/2012 12:03:06 | Computer Name = DV2-1030EA | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service hpqwmiex with
arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

Error - 05/11/2012 12:03:06 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect.

Error - 05/11/2012 12:03:06 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7000
Description = The hpqwmiex service failed to start due to the following error: %%1053

Error - 05/11/2012 12:39:12 | Computer Name = DV2-1030EA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SCDEmu

Error - 05/11/2012 13:07:12 | Computer Name = DV2-1030EA | Source = Windows Update Agent | ID = 20
Description =


< End of report >

Edited by happyharrysco1, 06 November 2012 - 05:20 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 07 November 2012 - 09:14 AM

Nothing is this fix is related to Zeroaccess.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll File not found
    SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll File not found
    DRV - (WDICA) -- File not found
    DRV - (SCDEmu) -- File not found
    DRV - (PQNTDrv) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O18 - Protocol\Handler\ic32pp - No CLSID value found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

===

http://www.spywareinfoforum.com/index.php?/topic/131575-roguekiller/page__pid__757504__st__0&#entry757504

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

#7 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 07 November 2012 - 10:27 AM

here are the outputs requested, just to note that every time i start roguekiller it states that me version is out of date and directs me to download a newer version, i did so a couple of times but the version it kept downloading is the same as the first.

OTL Log

OTL logfile created on: 07/11/2012 15:13:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\phil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.74% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.01 Gb Total Space | 20.88 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
Drive D: | 118.08 Gb Total Space | 117.84 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive E: | 79.99 Gb Total Space | 54.45 Gb Free Space | 68.07% Space Free | Partition Type: NTFS

Computer Name: DV2-1030EA | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\phil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()


========== Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (StyleXPService) -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()
SRV - (EPSON_PM_RPCV4_01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (vcdrom) -- C:\WINDOWS\system32\VCdRom.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.SYS File not found
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Ext2Fsd) -- C:\WINDOWS\System32\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (hpdskflt) -- C:\WINDOWS\system32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.)
DRV - (DumpDrv) -- C:\WINDOWS\System32\drivers\dumpdrv.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (StyleXPHelper) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (Windows ® 2000 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.mg40.mail.yahoo.com/neo/launch?.rand=2vtjjfe4vrfq6"
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7rc5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 10:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/05 18:39:01 | 000,000,000 | ---D | M]

[2010/01/28 22:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Extensions
[2012/10/24 23:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions
[2012/10/09 16:12:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/16 23:12:59 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/10/24 23:23:37 | 000,529,447 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/04 20:15:38 | 000,199,396 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/10/09 16:12:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/24 23:29:56 | 000,844,878 | ---- | M] () (No name found) -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
[2011/05/14 22:54:08 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\searchplugins\aol-web-search.xml
[2012/01/31 10:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 10:16:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/22 18:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/01/31 10:16:17 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/31 10:16:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/31 10:16:17 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/31 10:16:17 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/31 10:16:17 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://uk.mg40.mail.yahoo.com/neo/launch?.rand=23e8t57sgrghr
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://uk.mg40.mail.yahoo.com/neo/launch?.rand=23e8t57sgrghr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/05 04:16:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352143099031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347651814656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE5D457-5C28-4A15-8139-1973724DE102}: DhcpNameServer = 205.234.170.215 205.234.170.217
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D182E5-105D-4B22-9808-1AF605F8655D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\phil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 21:52:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 15:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Desktop\RK_Quarantine
[2012/11/07 14:59:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/07 14:58:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\phil\Desktop\OTL.exe
[2012/11/07 10:33:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/06 21:57:42 | 000,688,779 | ---- | C] (Swearware) -- C:\Documents and Settings\phil\Desktop\dds.com
[2012/11/06 21:02:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/06 15:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Local Settings\Application Data\NeoSmart_Technologies
[2012/11/06 15:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2012/11/06 15:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2012/11/06 01:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/11/05 19:39:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/11/05 19:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/11/05 19:26:58 | 000,000,000 | ---D | C] -- C:\AMD
[2012/11/05 17:16:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/11/05 16:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/05 03:04:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/05 01:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/11/05 01:02:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/11/05 01:02:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/11/05 01:02:29 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/11/05 01:00:44 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/11/04 21:18:01 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2012/11/03 11:48:49 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/02 22:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Application Data\Malwarebytes
[2012/11/02 22:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/02 21:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Desktop\fix
[2012/11/02 20:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/11/02 02:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/11/02 02:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/11/02 02:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/11/01 23:50:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/01 23:45:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\phil\Start Menu\Programs\Administrative Tools
[2012/11/01 19:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/11/01 19:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/31 15:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Start Menu\Programs\Nissan DataScan I ver 1.62
[2012/10/31 15:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/10/31 15:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/10/24 23:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\phil\Desktop\TunerCode
[2012/10/20 23:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nistune
[2012/10/20 23:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Nistune
[2012/10/09 18:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
[2012/10/09 18:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Viewer
[2012/10/09 18:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Viewer
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/07 15:10:23 | 000,662,016 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\RogueKiller (2).exe
[2012/11/07 15:03:32 | 000,662,016 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\RogueKiller (1).exe
[2012/11/07 15:01:11 | 000,662,016 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\RogueKiller.exe
[2012/11/07 14:57:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\phil\Desktop\OTL.exe
[2012/11/07 14:38:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/07 14:37:57 | 001,431,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/07 14:37:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/07 14:37:42 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/06 21:56:43 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\Defogger.exe
[2012/11/06 21:56:37 | 000,688,779 | ---- | M] (Swearware) -- C:\Documents and Settings\phil\Desktop\dds.com
[2012/11/06 15:45:07 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7AA637DC-C497-47A3-8D28-0E688FFFA2DF}.job
[2012/11/06 15:45:03 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\phil\My Documents\EasyBCD Backup (2012-11-06).bcd
[2012/11/06 01:39:06 | 000,498,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/06 01:39:05 | 000,085,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/05 20:10:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/05 20:05:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\it7h5yi8.exe
[2012/11/05 20:03:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\phil\defogger_reenable
[2012/11/05 19:42:47 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/05 19:42:45 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/11/05 19:42:45 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/11/05 19:41:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/11/05 04:49:31 | 002,004,211 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2012/11/05 04:16:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/05 03:04:12 | 000,000,606 | RHS- | M] () -- C:\boot.ini
[2012/11/05 02:01:08 | 000,000,491 | ---- | M] () -- C:\Boot.bak
[2012/11/05 01:53:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/05 01:10:24 | 000,060,496 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/11/05 00:59:23 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/05 00:56:24 | 000,023,360 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/11/05 00:39:36 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/11/03 12:50:58 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/11/03 11:52:27 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/03 11:48:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/20 23:13:20 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Nistune.lnk
[2012/10/10 17:44:57 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 17:44:56 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\phil\Desktop\Google Chrome.lnk
[2012/10/09 21:23:17 | 000,034,799 | ---- | M] () -- C:\Documents and Settings\phil\My Documents\SpringsPostage.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/07 15:10:38 | 000,662,016 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\RogueKiller (2).exe
[2012/11/07 15:03:12 | 000,662,016 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\RogueKiller (1).exe
[2012/11/07 15:01:44 | 000,662,016 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\RogueKiller.exe
[2012/11/06 21:57:42 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\Defogger.exe
[2012/11/06 15:45:02 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\phil\My Documents\EasyBCD Backup (2012-11-06).bcd
[2012/11/05 20:05:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\phil\Desktop\it7h5yi8.exe
[2012/11/05 20:03:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\phil\defogger_reenable
[2012/11/05 19:42:40 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/05 19:29:09 | 000,246,000 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2012/11/05 19:18:10 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7AA637DC-C497-47A3-8D28-0E688FFFA2DF}.job
[2012/11/05 03:04:12 | 000,000,491 | ---- | C] () -- C:\Boot.bak
[2012/11/05 02:54:10 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/05 01:27:16 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/11/05 01:01:43 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/11/05 01:01:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/11/05 00:39:03 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/11/05 00:39:03 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/11/05 00:39:03 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/11/05 00:39:03 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/11/05 00:39:03 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/11/05 00:39:03 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/11/05 00:39:03 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/11/05 00:39:03 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/11/05 00:39:03 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/11/05 00:39:03 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/11/05 00:39:03 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/11/05 00:39:03 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/11/05 00:39:03 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/11/05 00:39:03 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/11/05 00:39:03 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/11/05 00:39:02 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/11/05 00:39:02 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/11/05 00:39:02 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/11/04 21:39:20 | 000,000,606 | RHS- | C] () -- C:\boot.ini
[2012/11/03 09:43:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/11/02 23:11:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/02 18:35:30 | 000,104,465 | ---- | C] () -- C:\WINDOWS\System32\tcpip6.sys
[2012/11/01 23:55:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/20 23:13:20 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Nistune.lnk
[2012/10/09 21:23:17 | 000,034,799 | ---- | C] () -- C:\Documents and Settings\phil\My Documents\SpringsPostage.pdf
[2012/10/05 10:53:34 | 000,001,119 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2012/10/05 10:45:55 | 000,000,186 | ---- | C] () -- C:\WINDOWS\rar_crck.ini
[2012/09/06 21:58:44 | 000,127,620 | ---- | C] () -- C:\WINDOWS\LogWorks3 Uninstaller.exe
[2012/06/07 17:04:35 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2012/05/11 21:45:05 | 001,155,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/04 13:32:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\phil\ź9ź9
[2012/04/03 20:09:09 | 000,157,304 | ---- | C] () -- C:\WINDOWS\hpoins27.dat.temp
[2012/04/03 20:09:09 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat.temp
[2012/04/03 17:30:04 | 000,157,304 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2012/04/03 17:30:04 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2012/04/01 16:51:16 | 000,575,223 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1417001333-920026266-1177238915-1004-0.dat
[2012/04/01 16:51:16 | 000,207,126 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/13 03:04:07 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/03/13 03:04:07 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/02/15 22:35:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 12:16:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/02 23:49:24 | 000,747,592 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/08/02 23:49:23 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/08/02 23:49:22 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2011/08/02 23:25:33 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\winscp.rnd
[2011/06/14 21:08:50 | 000,000,031 | ---- | C] () -- C:\WINDOWS\NFINST.INI
[2011/06/14 21:08:24 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\Oe60as.dll
[2011/06/14 21:08:19 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2011/06/14 21:08:19 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\CTDAO.DLL
[2011/06/14 21:08:19 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2011/06/14 21:08:18 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2011/06/14 21:08:18 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2011/05/31 23:55:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\housecall.guid.cache
[2011/05/17 23:06:55 | 000,001,652 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/05/17 01:48:33 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/04 19:19:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\fusioncache.dat
[2011/05/04 19:08:42 | 000,068,999 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011/05/04 19:08:42 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2011/05/04 18:16:45 | 000,019,496 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/05/04 18:10:17 | 000,105,619 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/05/04 18:10:17 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/03/08 13:41:06 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/03/08 13:41:04 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/03/08 13:41:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/03/08 13:41:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/03/08 13:41:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/11/07 23:38:37 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\phil\scanxlelm.cfg
[2010/11/07 23:37:08 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ppe_fleetdb.vdb
[2010/03/22 21:35:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\phil\Application Data\$_hpcst$.hpc
[2010/02/28 16:52:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\phil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/11/01 23:59:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB60647$\992991176\L
[2012/11/01 23:59:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB60647$\992991176\U
[2010/01/28 21:48:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 20:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/28 22:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/11/05 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/04/19 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/06/01 00:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/06/01 00:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/01/29 10:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2011/05/14 22:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/06/02 01:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/03 12:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2012/01/01 00:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/05/01 16:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/09 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
[2012/03/13 02:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\avidemux
[2011/05/14 23:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Broad Intelligence
[2012/11/05 18:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Canon
[2010/02/02 20:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\GlobalSCAPE
[2010/01/31 16:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\JGsoft
[2010/02/22 14:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Nokia
[2011/04/10 22:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Notepad++
[2011/05/14 23:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\OpenCandy
[2012/06/01 18:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Oracle
[2010/02/22 13:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\PC Suite
[2012/08/22 12:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\RawShellExtender
[2010/03/03 11:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Research In Motion
[2012/01/01 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Samsung
[2010/11/08 16:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\ScanMaster-ELM
[2011/11/29 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Temp
[2012/10/05 18:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\uTorrent
[2012/09/18 19:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Virtual Dyno
[2010/01/28 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\phil\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\phil\Desktop\RogueKiller (1).exe:SummaryInformation

< End of report >

RogueKiller output
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Scan -- Date : 11/07/2012 15:11:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[RUN][SUSP PATH] [ON_E:phil]HKCU[...]\Run : Google Update ("C:\Users\phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805B1DF8 -> HOOKED (Unknown @ 0xBA6BB7AC)
SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (Unknown @ 0xBA6BB7B6)
SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (Unknown @ 0xBA6BB75C)
SSDT[68] : NtDuplicateObject @ 0x805B3A0C -> HOOKED (Unknown @ 0xBA6BB7A7)
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (Unknown @ 0xBA6BB748)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (Unknown @ 0xBA6BB74D)
SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (Unknown @ 0xBA6BB7CF)
SSDT[200] : NtRequestWaitReplyPort @ 0x80598224 -> HOOKED (Unknown @ 0xBA6BB7C0)
SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (Unknown @ 0xBA6BB7BB)
SSDT[237] : NtSetSecurityObject @ 0x805B617E -> HOOKED (Unknown @ 0xBA6BB7C5)
SSDT[255] : NtSystemDebugControl @ 0x8060ECD0 -> HOOKED (Unknown @ 0xBA6BB7CA)
SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (Unknown @ 0xBA6BB757)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA6BB7DE)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA6BB7E3)

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\phil\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 +++++
--- User ---
[MBR] 5fb25ee96c0d9f2e473aa5f168e17568
[BSP] 5b42735d77c58361c76ef677d48a1a87 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102414 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209744640 | Size: 81909 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 377495370 | Size: 120911 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11072012_02d1511.txt >>
RKreport[1]_S_11072012_02d1511.txt

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 07 November 2012 - 11:32 AM

Please execute theses instructions in the order listed.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[RUN][SUSP PATH] [ON_E:phil]HKCU[...]\Run : Google Update ("C:\Users\phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND


Now click Delete on the right hand column under Options
===

Save the log and post it with the TDSSKiller log.

#9 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 07 November 2012 - 02:21 PM

TDSSkiller output


19:15:22.0312 2116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:15:22.0546 2116 ============================================================
19:15:22.0546 2116 Current date / time: 2012/11/07 19:15:22.0546
19:15:22.0546 2116 SystemInfo:
19:15:22.0546 2116
19:15:22.0546 2116 OS Version: 5.1.2600 ServicePack: 3.0
19:15:22.0546 2116 Product type: Workstation
19:15:22.0546 2116 ComputerName: DV2-1030EA
19:15:22.0546 2116 UserName: phil
19:15:22.0546 2116 Windows directory: C:\WINDOWS
19:15:22.0546 2116 System windows directory: C:\WINDOWS
19:15:22.0546 2116 Processor architecture: Intel x86
19:15:22.0546 2116 Number of processors: 1
19:15:22.0546 2116 Page size: 0x1000
19:15:22.0546 2116 Boot type: Normal boot
19:15:22.0546 2116 ============================================================
19:15:24.0187 2116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:15:24.0203 2116 ============================================================
19:15:24.0203 2116 \Device\Harddisk0\DR0:
19:15:24.0203 2116 MBR partitions:
19:15:24.0203 2116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC8072C0
19:15:24.0203 2116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC807300, BlocksNum 0x9FFAC49
19:15:24.0218 2116 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16801F89, BlocksNum 0xEC27877
19:15:24.0218 2116 ============================================================
19:15:24.0250 2116 C: <-> \Device\Harddisk0\DR0\Partition1
19:15:24.0296 2116 D: <-> \Device\Harddisk0\DR0\Partition3
19:15:24.0343 2116 E: <-> \Device\Harddisk0\DR0\Partition2
19:15:24.0343 2116 ============================================================
19:15:24.0343 2116 Initialize success
19:15:24.0343 2116 ============================================================
19:15:28.0093 2224 ============================================================
19:15:28.0093 2224 Scan started
19:15:28.0093 2224 Mode: Manual;
19:15:28.0093 2224 ============================================================
19:15:29.0687 2224 ================ Scan system memory ========================
19:15:29.0687 2224 System memory - ok
19:15:29.0687 2224 ================ Scan services =============================
19:15:29.0828 2224 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
19:15:29.0843 2224 6to4 - ok
19:15:29.0859 2224 Abiosdsk - ok
19:15:29.0875 2224 abp480n5 - ok
19:15:29.0921 2224 [ 8356DD18DA15D9C42A8584E1841844FE ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
19:15:29.0921 2224 Accelerometer - ok
19:15:29.0953 2224 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:15:29.0968 2224 ACPI - ok
19:15:29.0968 2224 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:15:29.0984 2224 ACPIEC - ok
19:15:30.0046 2224 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:15:30.0078 2224 AdobeFlashPlayerUpdateSvc - ok
19:15:30.0078 2224 adpu160m - ok
19:15:30.0109 2224 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:15:30.0140 2224 aec - ok
19:15:30.0187 2224 [ F0F8212D86EF2BFDD5AD01F6AB7B017C ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
19:15:30.0187 2224 AESTAud - ok
19:15:30.0234 2224 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:15:30.0234 2224 AFD - ok
19:15:30.0250 2224 Aha154x - ok
19:15:30.0250 2224 aic78u2 - ok
19:15:30.0265 2224 aic78xx - ok
19:15:30.0296 2224 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:15:30.0296 2224 Alerter - ok
19:15:30.0328 2224 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:15:30.0328 2224 ALG - ok
19:15:30.0328 2224 AliIde - ok
19:15:30.0359 2224 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:15:30.0359 2224 AmdPPM - ok
19:15:30.0375 2224 amsint - ok
19:15:30.0453 2224 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:15:30.0468 2224 AntiVirSchedulerService - ok
19:15:30.0484 2224 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:15:30.0500 2224 AntiVirService - ok
19:15:30.0531 2224 [ 91B05BBB609C79D73E2332B6E5F99AEA ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:15:30.0546 2224 ApfiltrService - ok
19:15:30.0609 2224 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:15:30.0625 2224 Apple Mobile Device - ok
19:15:30.0656 2224 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:15:30.0687 2224 AppMgmt - ok
19:15:30.0750 2224 [ 74AD200C4E5454A884D7C711B6A906CF ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
19:15:30.0796 2224 AR5416 - ok
19:15:30.0812 2224 asc - ok
19:15:30.0843 2224 asc3350p - ok
19:15:30.0843 2224 asc3550 - ok
19:15:30.0921 2224 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:15:30.0953 2224 aspnet_state - ok
19:15:30.0984 2224 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:15:30.0984 2224 AsyncMac - ok
19:15:31.0015 2224 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:15:31.0015 2224 atapi - ok
19:15:31.0031 2224 Atdisk - ok
19:15:31.0078 2224 [ 8FDB05AFF463CB36BE0FD3BC779121CD ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:15:31.0093 2224 Ati HotKey Poller - ok
19:15:31.0328 2224 [ 175DDF9AE328CB0D8696094FA1346361 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:15:31.0437 2224 ati2mtag - ok
19:15:31.0500 2224 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
19:15:31.0500 2224 AtiHDAudioService - ok
19:15:31.0531 2224 [ 0E4BB35C5305099AC82053AC992E3E0E ] ATITool C:\WINDOWS\system32\DRIVERS\ATITool.sys
19:15:31.0546 2224 ATITool - ok
19:15:31.0578 2224 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:15:31.0593 2224 Atmarpc - ok
19:15:31.0609 2224 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:15:31.0625 2224 AudioSrv - ok
19:15:31.0656 2224 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:15:31.0656 2224 audstub - ok
19:15:31.0687 2224 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:15:31.0703 2224 avgntflt - ok
19:15:31.0734 2224 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:15:31.0734 2224 avipbb - ok
19:15:31.0765 2224 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:15:31.0765 2224 avkmgr - ok
19:15:31.0843 2224 [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:15:31.0921 2224 BCM43XX - ok
19:15:31.0968 2224 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:15:31.0968 2224 Beep - ok
19:15:32.0015 2224 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:15:32.0125 2224 BITS - ok
19:15:32.0171 2224 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:15:32.0187 2224 Bonjour Service - ok
19:15:32.0234 2224 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:15:32.0234 2224 Browser - ok
19:15:32.0265 2224 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:15:32.0265 2224 BthEnum - ok
19:15:32.0296 2224 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:15:32.0296 2224 BTHMODEM - ok
19:15:32.0343 2224 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:15:32.0343 2224 BthPan - ok
19:15:32.0390 2224 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
19:15:32.0390 2224 BTHPORT - ok
19:15:32.0421 2224 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
19:15:32.0437 2224 BthServ - ok
19:15:32.0453 2224 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:15:32.0468 2224 BTHUSB - ok
19:15:32.0500 2224 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:15:32.0515 2224 cbidf2k - ok
19:15:32.0546 2224 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:15:32.0546 2224 CCDECODE - ok
19:15:32.0562 2224 cd20xrnt - ok
19:15:32.0593 2224 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:15:32.0609 2224 Cdaudio - ok
19:15:32.0625 2224 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:15:32.0625 2224 Cdfs - ok
19:15:32.0656 2224 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:15:32.0656 2224 Cdrom - ok
19:15:32.0671 2224 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:15:32.0687 2224 CiSvc - ok
19:15:32.0703 2224 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:15:32.0718 2224 ClipSrv - ok
19:15:32.0734 2224 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:32.0796 2224 clr_optimization_v2.0.50727_32 - ok
19:15:32.0875 2224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:32.0890 2224 clr_optimization_v4.0.30319_32 - ok
19:15:32.0906 2224 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:15:32.0921 2224 CmBatt - ok
19:15:32.0921 2224 CmdIde - ok
19:15:32.0968 2224 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:15:32.0984 2224 Com4QLBEx - ok
19:15:33.0015 2224 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:15:33.0015 2224 Compbatt - ok
19:15:33.0031 2224 COMSysApp - ok
19:15:33.0046 2224 Cpqarray - ok
19:15:33.0093 2224 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:15:33.0109 2224 CryptSvc - ok
19:15:33.0156 2224 [ F054744F67576A01139885173392502B ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
19:15:33.0171 2224 CrystalSysInfo - ok
19:15:33.0171 2224 dac2w2k - ok
19:15:33.0187 2224 dac960nt - ok
19:15:33.0218 2224 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:15:33.0265 2224 DcomLaunch - ok
19:15:33.0296 2224 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
19:15:33.0312 2224 dgderdrv - ok
19:15:33.0343 2224 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
19:15:33.0359 2224 dg_ssudbus - ok
19:15:33.0390 2224 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:15:33.0406 2224 Dhcp - ok
19:15:33.0406 2224 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:15:33.0406 2224 Disk - ok
19:15:33.0437 2224 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
19:15:33.0453 2224 DKbFltr - ok
19:15:33.0453 2224 dmadmin - ok
19:15:33.0515 2224 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:15:33.0546 2224 dmboot - ok
19:15:33.0546 2224 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
19:15:33.0562 2224 dmio - ok
19:15:33.0593 2224 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:15:33.0593 2224 dmload - ok
19:15:33.0640 2224 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:15:33.0640 2224 dmserver - ok
19:15:33.0656 2224 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:15:33.0671 2224 DMusic - ok
19:15:33.0703 2224 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:15:33.0703 2224 Dnscache - ok
19:15:33.0718 2224 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:15:33.0734 2224 Dot3svc - ok
19:15:33.0750 2224 dpti2o - ok
19:15:33.0765 2224 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:15:33.0781 2224 drmkaud - ok
19:15:33.0796 2224 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys
19:15:33.0796 2224 DumpDrv - ok
19:15:33.0828 2224 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:15:33.0828 2224 EapHost - ok
19:15:33.0937 2224 [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
19:15:33.0953 2224 EPSON_PM_RPCV4_01 - ok
19:15:33.0968 2224 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:15:33.0984 2224 ERSvc - ok
19:15:34.0015 2224 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:15:34.0031 2224 Eventlog - ok
19:15:34.0078 2224 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:15:34.0078 2224 EventSystem - ok
19:15:34.0125 2224 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
19:15:34.0156 2224 exFat - ok
19:15:34.0203 2224 [ 81A65244D3FFBEDA568576BB72B510F2 ] Ext2Fsd C:\WINDOWS\system32\drivers\Ext2Fsd.sys
19:15:34.0218 2224 Ext2Fsd - ok
19:15:34.0250 2224 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:15:34.0265 2224 Fastfat - ok
19:15:34.0296 2224 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:15:34.0312 2224 FastUserSwitchingCompatibility - ok
19:15:34.0343 2224 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:15:34.0343 2224 Fdc - ok
19:15:34.0359 2224 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:15:34.0375 2224 Fips - ok
19:15:34.0406 2224 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:15:34.0453 2224 FLEXnet Licensing Service - ok
19:15:34.0484 2224 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:15:34.0500 2224 Flpydisk - ok
19:15:34.0531 2224 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:15:34.0546 2224 FltMgr - ok
19:15:34.0593 2224 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:15:34.0609 2224 FontCache3.0.0.0 - ok
19:15:34.0609 2224 FsUsbExDisk - ok
19:15:34.0625 2224 FsUsbExService - ok
19:15:34.0640 2224 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:15:34.0640 2224 Fs_Rec - ok
19:15:34.0671 2224 [ D6E3667F5E2BC6AFC50308B480DE2999 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
19:15:34.0687 2224 FTDIBUS - ok
19:15:34.0703 2224 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:15:34.0718 2224 Ftdisk - ok
19:15:34.0750 2224 [ E4CF4C1F9E3D57A66850F484C08E9ECF ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
19:15:34.0765 2224 FTSER2K - ok
19:15:34.0812 2224 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:15:34.0812 2224 GEARAspiWDM - ok
19:15:34.0875 2224 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
19:15:34.0875 2224 ggflt - ok
19:15:34.0921 2224 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
19:15:34.0937 2224 ggsemc - ok
19:15:34.0984 2224 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:15:34.0984 2224 Gpc - ok
19:15:35.0062 2224 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:15:35.0062 2224 gupdate - ok
19:15:35.0078 2224 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:15:35.0078 2224 gupdatem - ok
19:15:35.0125 2224 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:15:35.0125 2224 HDAudBus - ok
19:15:35.0171 2224 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:15:35.0187 2224 helpsvc - ok
19:15:35.0203 2224 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:15:35.0218 2224 HidServ - ok
19:15:35.0234 2224 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:15:35.0250 2224 HidUsb - ok
19:15:35.0265 2224 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:15:35.0281 2224 hkmsvc - ok
19:15:35.0296 2224 [ C1AE4BC866AAF10D8BBB182B35C14986 ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
19:15:35.0312 2224 hpdskflt - ok
19:15:35.0312 2224 hpn - ok
19:15:35.0390 2224 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:15:35.0437 2224 hpqcxs08 - ok
19:15:35.0453 2224 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:15:35.0453 2224 hpqddsvc - ok
19:15:35.0484 2224 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
19:15:35.0500 2224 HpqKbFiltr - ok
19:15:35.0562 2224 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:15:35.0562 2224 hpqwmiex - ok
19:15:35.0593 2224 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:15:35.0609 2224 HPZid412 - ok
19:15:35.0625 2224 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:15:35.0640 2224 HPZipr12 - ok
19:15:35.0671 2224 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:15:35.0671 2224 HPZius12 - ok
19:15:35.0718 2224 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:15:35.0718 2224 HTTP - ok
19:15:35.0750 2224 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:15:35.0750 2224 HTTPFilter - ok
19:15:35.0796 2224 [ D24C509BCE360AF120431D44D100605B ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
19:15:35.0796 2224 hwdatacard - ok
19:15:35.0828 2224 i2omp - ok
19:15:35.0843 2224 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:15:35.0859 2224 i8042prt - ok
19:15:35.0937 2224 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:15:36.0015 2224 idsvc - ok
19:15:36.0031 2224 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:15:36.0046 2224 Imapi - ok
19:15:36.0062 2224 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:15:36.0093 2224 ImapiService - ok
19:15:36.0093 2224 ini910u - ok
19:15:36.0109 2224 IntelIde - ok
19:15:36.0125 2224 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:15:36.0125 2224 Ip6Fw - ok
19:15:36.0171 2224 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:15:36.0171 2224 IpFilterDriver - ok
19:15:36.0187 2224 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:15:36.0203 2224 IpInIp - ok
19:15:36.0218 2224 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:15:36.0218 2224 IpNat - ok
19:15:36.0281 2224 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:15:36.0312 2224 iPod Service - ok
19:15:36.0343 2224 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:15:36.0343 2224 IPSec - ok
19:15:36.0375 2224 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:15:36.0375 2224 IRENUM - ok
19:15:36.0406 2224 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:15:36.0421 2224 isapnp - ok
19:15:36.0468 2224 [ 0AE61463ADDA697A6291155CE6B08AAF ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
19:15:36.0484 2224 ISODrive - ok
19:15:36.0625 2224 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:15:36.0640 2224 JavaQuickStarterService - ok
19:15:36.0656 2224 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:15:36.0671 2224 Kbdclass - ok
19:15:36.0687 2224 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:15:36.0703 2224 kbdhid - ok
19:15:36.0734 2224 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:15:36.0765 2224 kmixer - ok
19:15:36.0812 2224 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:15:36.0812 2224 KSecDD - ok
19:15:36.0843 2224 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:15:36.0859 2224 LanmanServer - ok
19:15:36.0906 2224 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:15:36.0906 2224 lanmanworkstation - ok
19:15:36.0953 2224 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:15:36.0968 2224 LmHosts - ok
19:15:36.0968 2224 mcdbus - ok
19:15:37.0015 2224 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:15:37.0015 2224 Messenger - ok
19:15:37.0046 2224 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:15:37.0046 2224 mnmdd - ok
19:15:37.0078 2224 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:15:37.0093 2224 mnmsrvc - ok
19:15:37.0093 2224 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:15:37.0109 2224 Modem - ok
19:15:37.0140 2224 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:15:37.0156 2224 Mouclass - ok
19:15:37.0187 2224 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:15:37.0187 2224 mouhid - ok
19:15:37.0218 2224 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:15:37.0234 2224 MountMgr - ok
19:15:37.0250 2224 mraid35x - ok
19:15:37.0250 2224 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:15:37.0281 2224 MRxDAV - ok
19:15:37.0328 2224 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:15:37.0343 2224 MRxSmb - ok
19:15:37.0375 2224 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:15:37.0375 2224 MSDTC - ok
19:15:37.0390 2224 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:15:37.0406 2224 Msfs - ok
19:15:37.0406 2224 MSIServer - ok
19:15:37.0437 2224 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:15:37.0453 2224 MSKSSRV - ok
19:15:37.0468 2224 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:15:37.0468 2224 MSPCLOCK - ok
19:15:37.0484 2224 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:15:37.0484 2224 MSPQM - ok
19:15:37.0515 2224 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:15:37.0515 2224 mssmbios - ok
19:15:37.0546 2224 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:15:37.0546 2224 MSTEE - ok
19:15:37.0593 2224 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:15:37.0593 2224 Mup - ok
19:15:37.0625 2224 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:15:37.0640 2224 NABTSFEC - ok
19:15:37.0671 2224 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:15:37.0718 2224 napagent - ok
19:15:37.0765 2224 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:15:37.0781 2224 NDIS - ok
19:15:37.0812 2224 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:15:37.0828 2224 NdisIP - ok
19:15:37.0875 2224 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:15:37.0875 2224 NdisTapi - ok
19:15:37.0906 2224 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:15:37.0906 2224 Ndisuio - ok
19:15:37.0953 2224 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:15:37.0968 2224 NdisWan - ok
19:15:38.0015 2224 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:15:38.0015 2224 NDProxy - ok
19:15:38.0125 2224 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:15:38.0187 2224 Nero BackItUp Scheduler 4.0 - ok
19:15:38.0234 2224 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:15:38.0234 2224 NetBIOS - ok
19:15:38.0281 2224 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:15:38.0296 2224 NetBT - ok
19:15:38.0328 2224 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:15:38.0343 2224 NetDDE - ok
19:15:38.0359 2224 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:15:38.0359 2224 NetDDEdsdm - ok
19:15:38.0375 2224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:15:38.0375 2224 Netlogon - ok
19:15:38.0390 2224 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:15:38.0421 2224 Netman - ok
19:15:38.0453 2224 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:38.0468 2224 NetTcpPortSharing - ok
19:15:38.0500 2224 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:15:38.0500 2224 Nla - ok
19:15:38.0515 2224 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:15:38.0515 2224 Npfs - ok
19:15:38.0546 2224 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:15:38.0593 2224 Ntfs - ok
19:15:38.0593 2224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:15:38.0609 2224 NtLmSsp - ok
19:15:38.0625 2224 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:15:38.0656 2224 NtmsSvc - ok
19:15:38.0687 2224 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:15:38.0687 2224 Null - ok
19:15:38.0718 2224 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:15:38.0734 2224 NwlnkFlt - ok
19:15:38.0750 2224 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:38.0765 2224 NwlnkFwd - ok
19:15:38.0890 2224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:15:38.0921 2224 odserv - ok
19:15:38.0953 2224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:15:38.0968 2224 ose - ok
19:15:39.0000 2224 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:15:39.0015 2224 Parport - ok
19:15:39.0046 2224 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:39.0062 2224 PartMgr - ok
19:15:39.0093 2224 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:39.0093 2224 ParVdm - ok
19:15:39.0125 2224 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:15:39.0140 2224 pccsmcfd - ok
19:15:39.0171 2224 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:39.0187 2224 PCI - ok
19:15:39.0218 2224 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:39.0218 2224 PCIIde - ok
19:15:39.0265 2224 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:39.0281 2224 Pcmcia - ok
19:15:39.0281 2224 perc2 - ok
19:15:39.0296 2224 perc2hib - ok
19:15:39.0328 2224 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:15:39.0328 2224 PlugPlay - ok
19:15:39.0343 2224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:15:39.0343 2224 PolicyAgent - ok
19:15:39.0359 2224 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:39.0375 2224 PptpMiniport - ok
19:15:39.0406 2224 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:15:39.0406 2224 Processor - ok
19:15:39.0421 2224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:15:39.0421 2224 ProtectedStorage - ok
19:15:39.0437 2224 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:15:39.0437 2224 PSched - ok
19:15:39.0468 2224 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:39.0468 2224 Ptilink - ok
19:15:39.0500 2224 [ 31C396331F61990CE235B046A03BE0A1 ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
19:15:39.0500 2224 pwdrvio - ok
19:15:39.0546 2224 [ CEE974EF297015B9600DCD16A82821B4 ] pwdspio C:\WINDOWS\system32\pwdspio.sys
19:15:39.0546 2224 pwdspio - ok
19:15:39.0578 2224 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:15:39.0593 2224 PxHelp20 - ok
19:15:39.0609 2224 ql1080 - ok
19:15:39.0625 2224 Ql10wnt - ok
19:15:39.0625 2224 ql12160 - ok
19:15:39.0640 2224 ql1240 - ok
19:15:39.0640 2224 ql1280 - ok
19:15:39.0671 2224 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:39.0671 2224 RasAcd - ok
19:15:39.0703 2224 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:15:39.0718 2224 RasAuto - ok
19:15:39.0734 2224 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:39.0750 2224 Rasl2tp - ok
19:15:39.0765 2224 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:15:39.0796 2224 RasMan - ok
19:15:39.0859 2224 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:39.0859 2224 RasPppoe - ok
19:15:39.0890 2224 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:39.0906 2224 Raspti - ok
19:15:39.0921 2224 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:15:39.0937 2224 Rdbss - ok
19:15:39.0968 2224 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:39.0968 2224 RDPCDD - ok
19:15:40.0000 2224 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:15:40.0031 2224 rdpdr - ok
19:15:40.0078 2224 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:40.0078 2224 RDPWD - ok
19:15:40.0109 2224 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:15:40.0125 2224 RDSessMgr - ok
19:15:40.0156 2224 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:40.0171 2224 redbook - ok
19:15:40.0187 2224 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:15:40.0203 2224 RemoteAccess - ok
19:15:40.0234 2224 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:15:40.0234 2224 RemoteRegistry - ok
19:15:40.0265 2224 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:15:40.0281 2224 RFCOMM - ok
19:15:40.0296 2224 RimUsb - ok
19:15:40.0328 2224 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
19:15:40.0343 2224 RimVSerPort - ok
19:15:40.0375 2224 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
19:15:40.0375 2224 ROOTMODEM - ok
19:15:40.0406 2224 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:15:40.0421 2224 RpcLocator - ok
19:15:40.0453 2224 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:15:40.0453 2224 RpcSs - ok
19:15:40.0468 2224 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:15:40.0484 2224 rspndr - ok
19:15:40.0500 2224 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:15:40.0515 2224 RSVP - ok
19:15:40.0656 2224 [ 3F81FFEC906D8353C77FA7EAA4171750 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
19:15:40.0812 2224 RTHDMIAzAudService - ok
19:15:40.0859 2224 [ 6FC7DDF3B8D94FBA7AC664452D6478D4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:15:40.0875 2224 RTLE8023xp - ok
19:15:40.0906 2224 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:15:40.0906 2224 SamSs - ok
19:15:40.0921 2224 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:15:40.0937 2224 SCardSvr - ok
19:15:41.0000 2224 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:15:41.0015 2224 Schedule - ok
19:15:41.0046 2224 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:41.0062 2224 Secdrv - ok
19:15:41.0078 2224 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:15:41.0093 2224 seclogon - ok
19:15:41.0125 2224 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:15:41.0125 2224 SENS - ok
19:15:41.0156 2224 [ CAFD913CDBA37C52915F56B0369905E8 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
19:15:41.0171 2224 Ser2pl - ok
19:15:41.0187 2224 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:41.0203 2224 Serenum - ok
19:15:41.0218 2224 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:15:41.0234 2224 Serial - ok
19:15:41.0265 2224 ServiceLayer - ok
19:15:41.0296 2224 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:15:41.0312 2224 Sfloppy - ok
19:15:41.0328 2224 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:15:41.0343 2224 SharedAccess - ok
19:15:41.0359 2224 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:15:41.0359 2224 ShellHWDetection - ok
19:15:41.0359 2224 Simbad - ok
19:15:41.0390 2224 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe
19:15:41.0406 2224 SimpTcp - ok
19:15:41.0437 2224 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:15:41.0515 2224 SkypeUpdate - ok
19:15:41.0531 2224 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:15:41.0546 2224 SLIP - ok
19:15:41.0562 2224 Sparrow - ok
19:15:41.0578 2224 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:15:41.0578 2224 splitter - ok
19:15:41.0625 2224 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:15:41.0625 2224 Spooler - ok
19:15:41.0656 2224 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] SR C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:41.0671 2224 SR - ok
19:15:41.0687 2224 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:15:41.0718 2224 srservice - ok
19:15:41.0765 2224 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:15:41.0765 2224 Srv - ok
19:15:41.0796 2224 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
19:15:41.0812 2224 ssadbus - ok
19:15:41.0875 2224 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
19:15:41.0875 2224 ssadmdfl - ok
19:15:41.0937 2224 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
19:15:41.0953 2224 ssadmdm - ok
19:15:41.0984 2224 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
19:15:42.0000 2224 sscdbus - ok
19:15:42.0015 2224 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
19:15:42.0031 2224 sscdmdfl - ok
19:15:42.0046 2224 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
19:15:42.0062 2224 sscdmdm - ok
19:15:42.0093 2224 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:15:42.0109 2224 SSDPSRV - ok
19:15:42.0156 2224 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:15:42.0156 2224 ssmdrv - ok
19:15:42.0203 2224 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
19:15:42.0234 2224 ssudmdm - ok
19:15:42.0296 2224 [ B9F114EDD564F2C0795DF14CCB8FBDA7 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:15:42.0328 2224 STHDA - ok
19:15:42.0359 2224 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:15:42.0390 2224 stisvc - ok
19:15:42.0406 2224 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:15:42.0421 2224 streamip - ok
19:15:42.0468 2224 [ 7E40B43922B2896F40A5930AF7489C60 ] StyleXPHelper C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
19:15:42.0468 2224 StyleXPHelper - ok
19:15:42.0500 2224 [ 564286A42AF81FB2B61EED32FCDE020C ] StyleXPService C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
19:15:42.0515 2224 StyleXPService - ok
19:15:42.0546 2224 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:42.0546 2224 swenum - ok
19:15:42.0562 2224 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:15:42.0578 2224 swmidi - ok
19:15:42.0578 2224 SwPrv - ok
19:15:42.0593 2224 symc810 - ok
19:15:42.0609 2224 symc8xx - ok
19:15:42.0609 2224 sym_hi - ok
19:15:42.0625 2224 sym_u3 - ok
19:15:42.0640 2224 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:42.0656 2224 sysaudio - ok
19:15:42.0671 2224 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:15:42.0687 2224 SysmonLog - ok
19:15:42.0703 2224 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:15:42.0734 2224 TapiSrv - ok
19:15:42.0765 2224 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:42.0781 2224 Tcpip - ok
19:15:42.0812 2224 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:15:42.0828 2224 Tcpip6 - ok
19:15:42.0859 2224 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:42.0859 2224 TDPIPE - ok
19:15:42.0921 2224 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:42.0921 2224 TDTCP - ok
19:15:42.0968 2224 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:42.0968 2224 TermDD - ok
19:15:43.0000 2224 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:15:43.0031 2224 TermService - ok
19:15:43.0046 2224 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:15:43.0062 2224 Themes - ok
19:15:43.0078 2224 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:15:43.0093 2224 TlntSvr - ok
19:15:43.0109 2224 TosIde - ok
19:15:43.0140 2224 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:15:43.0156 2224 TrkWks - ok
19:15:43.0171 2224 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:15:43.0187 2224 tunmp - ok
19:15:43.0203 2224 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:15:43.0203 2224 Udfs - ok
19:15:43.0218 2224 ultra - ok
19:15:43.0265 2224 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:15:43.0296 2224 Update - ok
19:15:43.0328 2224 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:15:43.0343 2224 upnphost - ok
19:15:43.0359 2224 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:15:43.0375 2224 UPS - ok
19:15:43.0406 2224 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:15:43.0421 2224 USBAAPL - ok
19:15:43.0453 2224 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:15:43.0468 2224 usbccgp - ok
19:15:43.0484 2224 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:43.0484 2224 usbehci - ok
19:15:43.0500 2224 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:43.0515 2224 usbhub - ok
19:15:43.0531 2224 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:15:43.0531 2224 usbohci - ok
19:15:43.0578 2224 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:15:43.0578 2224 usbprint - ok
19:15:43.0625 2224 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:15:43.0625 2224 usbscan - ok
19:15:43.0656 2224 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:15:43.0656 2224 usbstor - ok
19:15:43.0703 2224 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:15:43.0703 2224 usbvideo - ok
19:15:43.0718 2224 vcdrom - ok
19:15:43.0750 2224 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:15:43.0750 2224 VgaSave - ok
19:15:43.0765 2224 ViaIde - ok
19:15:43.0765 2224 VMnetAdapter - ok
19:15:43.0781 2224 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:43.0796 2224 VolSnap - ok
19:15:43.0828 2224 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:15:43.0875 2224 VSS - ok
19:15:43.0890 2224 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:15:43.0906 2224 W32Time - ok
19:15:43.0937 2224 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:43.0937 2224 Wanarp - ok
19:15:43.0984 2224 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:15:44.0000 2224 Wdf01000 - ok
19:15:44.0031 2224 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:44.0046 2224 wdmaud - ok
19:15:44.0078 2224 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:15:44.0093 2224 WebClient - ok
19:15:44.0156 2224 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:15:44.0187 2224 winmgmt - ok
19:15:44.0250 2224 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:15:44.0312 2224 WinRM - ok
19:15:44.0359 2224 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:15:44.0375 2224 WinUSB - ok
19:15:44.0406 2224 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:15:44.0421 2224 WmdmPmSN - ok
19:15:44.0453 2224 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:15:44.0484 2224 Wmi - ok
19:15:44.0515 2224 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:15:44.0515 2224 WmiAcpi - ok
19:15:44.0531 2224 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:15:44.0546 2224 WmiApSrv - ok
19:15:44.0625 2224 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:15:44.0718 2224 WMPNetworkSvc - ok
19:15:44.0765 2224 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:15:44.0765 2224 WpdUsb - ok
19:15:44.0890 2224 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:15:44.0921 2224 WPFFontCache_v0400 - ok
19:15:44.0953 2224 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:15:44.0953 2224 WS2IFSL - ok
19:15:45.0000 2224 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:15:45.0015 2224 wscsvc - ok
19:15:45.0062 2224 [ 0091D78C5F8FDE0CDF2B214823DE6E48 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
19:15:45.0078 2224 WSIMD - ok
19:15:45.0109 2224 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:15:45.0125 2224 WSTCODEC - ok
19:15:45.0156 2224 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:15:45.0156 2224 wuauserv - ok
19:15:45.0187 2224 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:15:45.0203 2224 WudfPf - ok
19:15:45.0218 2224 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:15:45.0234 2224 WudfRd - ok
19:15:45.0250 2224 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:15:45.0265 2224 WudfSvc - ok
19:15:45.0296 2224 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:15:45.0343 2224 WZCSVC - ok
19:15:45.0375 2224 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:15:45.0390 2224 xmlprov - ok
19:15:45.0406 2224 ================ Scan global ===============================
19:15:45.0437 2224 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:15:45.0484 2224 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:15:45.0500 2224 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:15:45.0531 2224 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:15:45.0531 2224 [Global] - ok
19:15:45.0531 2224 ================ Scan MBR ==================================
19:15:45.0546 2224 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:15:45.0796 2224 \Device\Harddisk0\DR0 - ok
19:15:45.0796 2224 ================ Scan VBR ==================================
19:15:45.0812 2224 [ A3A176A748EF943FEB0635F2357D35D8 ] \Device\Harddisk0\DR0\Partition1
19:15:45.0812 2224 \Device\Harddisk0\DR0\Partition1 - ok
19:15:45.0828 2224 [ D8BAD9EED623A27012691DDD22E72B1E ] \Device\Harddisk0\DR0\Partition2
19:15:45.0843 2224 \Device\Harddisk0\DR0\Partition2 - ok
19:15:45.0859 2224 [ 19EED26E68153E3DEF14D24184975A94 ] \Device\Harddisk0\DR0\Partition3
19:15:45.0859 2224 \Device\Harddisk0\DR0\Partition3 - ok
19:15:45.0859 2224 ============================================================
19:15:45.0859 2224 Scan finished
19:15:45.0859 2224 ============================================================
19:15:45.0875 2464 Detected object count: 0
19:15:45.0875 2464 Actual detected object count: 0
19:16:46.0375 3028 Deinitialize success


roguekiller output


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : phil [Admin rights]
Mode : Remove -- Date : 11/07/2012 19:18:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[RUN][SUSP PATH] [ON_E:phil]HKCU[...]\Run : Google Update ("C:\Users\phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805B1DF8 -> HOOKED (Unknown @ 0xBA7FA18C)
SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (Unknown @ 0xBA7FA196)
SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (Unknown @ 0xBA7FA13C)
SSDT[68] : NtDuplicateObject @ 0x805B3A0C -> HOOKED (Unknown @ 0xBA7FA187)
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (Unknown @ 0xBA7FA128)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (Unknown @ 0xBA7FA12D)
SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (Unknown @ 0xBA7FA1AF)
SSDT[200] : NtRequestWaitReplyPort @ 0x80598224 -> HOOKED (Unknown @ 0xBA7FA1A0)
SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (Unknown @ 0xBA7FA19B)
SSDT[237] : NtSetSecurityObject @ 0x805B617E -> HOOKED (Unknown @ 0xBA7FA1A5)
SSDT[255] : NtSystemDebugControl @ 0x8060ECD0 -> HOOKED (Unknown @ 0xBA7FA1AA)
SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (Unknown @ 0xBA7FA137)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA7FA1BE)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA7FA1C3)

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\phil\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 +++++
--- User ---
[MBR] 5fb25ee96c0d9f2e473aa5f168e17568
[BSP] 5b42735d77c58361c76ef677d48a1a87 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 102414 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209744640 | Size: 81909 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 377495370 | Size: 120911 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_11072012_02d1918.txt >>
RKreport[1]_S_11072012_02d1511.txt ; RKreport[2]_S_11072012_02d1917.txt ; RKreport[3]_D_11072012_02d1918.txt

#10 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 08 November 2012 - 03:11 PM

has that done the trick?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 09 November 2012 - 10:00 AM

To find out we need to run the ComboFix again.
Let me know if you get the error about the ZeroAccess.

Let me know if you have any other issues with this computer.

#12 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 09 November 2012 - 01:58 PM

i'm afraid not, combofix still tells me i'm infected with zeroaccess, and still states it's in the tcpip stack.

combofix output

ComboFix 12-11-09.02 - phil 09/11/2012 15:26:13.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1519 [GMT 0:00]
Running from: c:\documents and settings\phil\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-08 12:26 . 2012-11-08 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-11-07 14:59 . 2012-11-07 14:59 -------- d-----w- C:\_OTL
2012-11-06 15:47 . 2012-11-06 15:47 -------- d-----w- c:\documents and settings\phil\Local Settings\Application Data\NeoSmart_Technologies
2012-11-06 15:44 . 2012-11-06 15:44 -------- d-----w- c:\program files\NeoSmart Technologies
2012-11-06 01:25 . 2012-11-06 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-11-05 19:29 . 2012-07-04 04:22 938368 ----a-w- c:\windows\system32\ativvamv.dll
2012-11-05 19:29 . 2012-07-04 04:05 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-05 19:28 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2012-11-05 19:26 . 2012-11-05 19:26 -------- d-----w- C:\AMD
2012-11-05 17:19 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-05 17:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-05 17:17 . 2012-08-28 20:44 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-11-05 17:17 . 2012-08-28 15:14 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-11-05 17:17 . 2012-08-28 15:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-11-05 17:17 . 2012-08-28 15:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-05 17:17 . 2012-08-28 15:14 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-05 17:17 . 2012-08-28 15:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-05 17:17 . 2012-08-28 15:14 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-11-05 17:16 . 2012-11-05 17:17 -------- dc-h--w- c:\windows\ie8
2012-11-05 04:28 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2012-11-05 04:25 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-11-05 03:51 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2012-11-05 03:51 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2012-11-05 03:49 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-05 03:00 . 2012-08-21 13:33 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-05 03:00 . 2012-08-21 13:29 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-11-05 03:00 . 2012-08-21 12:58 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-11-05 03:00 . 2012-08-21 18:28 2069632 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-11-05 01:03 . 2004-08-04 11:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-11-05 01:03 . 2004-08-04 11:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-11-05 01:03 . 2008-04-14 03:42 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2012-11-05 01:03 . 2008-04-14 03:42 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2012-11-05 01:03 . 2008-04-14 03:42 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2012-11-05 01:03 . 2004-08-04 11:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2012-11-05 01:03 . 2004-08-04 11:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2012-11-05 01:03 . 2004-08-04 11:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2012-11-05 01:03 . 2004-08-04 11:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-11-05 01:03 . 2004-08-04 11:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2012-11-05 01:01 . 2004-08-04 11:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-05 01:00 . 2008-04-14 03:42 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2012-11-05 00:59 . 2004-05-13 00:39 184435 -c--a-w- c:\windows\system32\dllcache\fp4amsft.dll
2012-11-05 00:59 . 2008-04-14 03:41 46592 -c--a-w- c:\windows\system32\dllcache\coadmin.dll
2012-11-05 00:59 . 2003-03-24 16:52 188480 -c--a-w- c:\windows\system32\dllcache\cfgwiz.exe
2012-11-05 00:59 . 2003-03-24 16:52 20540 -c--a-w- c:\windows\system32\dllcache\author.dll
2012-11-05 00:59 . 2003-03-24 16:52 16439 -c--a-w- c:\windows\system32\dllcache\author.exe
2012-11-05 00:59 . 2008-04-14 03:41 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2012-11-05 00:59 . 2008-04-14 03:41 290816 -c--a-w- c:\windows\system32\dllcache\adsiis51.dll
2012-11-05 00:59 . 2003-03-24 16:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2012-11-05 00:59 . 2003-03-24 16:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2012-11-05 00:53 . 2008-04-14 05:42 151552 ----a-w- c:\windows\system32\irftp.exe
2012-11-05 00:53 . 2008-04-14 05:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2012-11-05 00:53 . 2008-04-14 05:41 28160 ----a-w- c:\windows\system32\irmon.dll
2012-11-05 00:39 . 2004-08-04 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-11-05 00:39 . 2004-08-04 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-11-05 00:39 . 2004-08-04 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-11-05 00:39 . 2004-08-04 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-11-05 00:38 . 2008-04-14 05:34 16535 ----a-r- c:\windows\SETD7.tmp
2012-11-05 00:38 . 2008-04-14 05:34 1088840 ----a-r- c:\windows\SETCB.tmp
2012-11-05 00:38 . 2008-04-14 05:40 1296669 ----a-r- c:\windows\SETC8.tmp
2012-11-04 21:18 . 2012-11-06 20:09 -------- d---a-w- C:\.Trash-1000
2012-11-03 11:48 . 2012-11-03 11:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-03 10:12 . 2004-08-04 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-11-03 10:12 . 2004-08-04 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-11-03 09:43 . 2008-04-14 06:34 16535 ----a-r- c:\windows\SET25C.tmp
2012-11-03 09:43 . 2008-04-14 06:34 1088840 ----a-r- c:\windows\SET250.tmp
2012-11-03 09:43 . 2008-04-14 06:40 1296669 ----a-r- c:\windows\SET24D.tmp
2012-11-02 22:00 . 2012-11-02 22:00 -------- d-----w- c:\documents and settings\phil\Application Data\Malwarebytes
2012-11-02 22:00 . 2012-11-02 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-02 20:14 . 2012-11-02 20:14 -------- d-----w- c:\program files\Tweaking.com
2012-11-02 18:35 . 2008-04-13 22:30 104465 ----a-w- c:\windows\system32\tcpip6.sys
2012-11-02 02:21 . 2012-11-02 02:21 -------- d-----w- c:\windows\system32\xircom
2012-11-02 02:21 . 2012-11-02 02:21 -------- d-----w- c:\windows\system32\wbem\snmp
2012-11-02 02:21 . 2012-11-02 02:21 -------- d-----w- c:\program files\microsoft frontpage
2012-10-20 23:13 . 2012-10-20 23:13 -------- d-----w- c:\program files\Nistune
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 15:31 . 2010-10-27 21:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-10-09 17:05 . 2012-04-20 16:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:05 . 2011-05-20 19:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 12:34 . 2012-09-16 12:34 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-09-16 12:34 . 2012-09-16 12:34 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-09-11 12:11 . 2012-09-11 12:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-11 12:11 . 2012-01-01 02:20 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-11 12:11 . 2011-10-05 22:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 12:11 . 2010-02-05 10:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-06 21:58 . 2012-09-06 21:58 127620 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:28 . 2008-04-14 00:01 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 13:29 . 2008-04-14 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-31 10:16 . 2011-05-06 01:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-01-28 204800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23/03/2012 00:42 36000]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [07/01/2012 23:27 686360]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/03/2012 00:42 86224]
R2 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/03/2012 03:33 227896]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [26/12/2011 00:01 103040]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28/01/2010 20:50 9472]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\VCdRom.sys --> c:\windows\system32\VCdRom.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [19/03/2009 15:55 113664]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [09/02/2012 08:44 80184]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [30/04/2011 19:04 20032]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16/09/2012 12:34 12400]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [02/08/2011 23:49 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [02/08/2011 23:49 11104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [09/02/2012 08:41 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [09/02/2012 08:41 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [09/02/2012 08:41 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [09/02/2012 08:44 181432]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe --> c:\windows\system32\FsUsbExService.Exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-08 c:\windows\Tasks\User_Feed_Synchronization-{7AA637DC-C497-47A3-8D28-0E688FFFA2DF}.job
- c:\windows\system32\msfeedssync.exe [2010-01-28 02:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\dq2b7mxp.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.mg40.mail.yahoo.com/neo/launch?.rand=2vtjjfe4vrfq6
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
.
------- File Associations -------
.
txtfile="c:\program files\JGsoft\EditPadPro6\EditPadPro.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 15:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-11-09 15:40:32
ComboFix-quarantined-files.txt 2012-11-09 15:40
.
Pre-Run: 22,050,603,008 bytes free
Post-Run: 22,636,904,448 bytes free
.
- - End Of File - - E9C8F7CB8E7239786DCE4F75F694933E

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 10 November 2012 - 09:46 AM

Before running this tool
Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.


  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    Posted Image
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    Posted Image
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.
NOTE! Please remove any e-mail address in the RootRepeal report (if present).

#14 happyharrysco1

happyharrysco1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 10 November 2012 - 02:18 PM

rootrepeal output

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2012/11/10 18:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAC543000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA644000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8A0B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\$NtUninstallKB60647$\1640652247
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "<unknown>" at address 0xba7b4174

#: 050 Function Name: NtCreateSection
Status: Hooked by "<unknown>" at address 0xba7b417e

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba7b4124

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0xba7b416f

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba7b4110

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba7b4115

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0xba7b4197

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "<unknown>" at address 0xba7b4188

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0xba7b4183

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "<unknown>" at address 0xba7b418d

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "<unknown>" at address 0xba7b4192

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xba7b411f

Shadow SSDT
-------------------
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0xba7b41a6

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0xba7b41ab

==EOF==

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:34 PM

Posted 11 November 2012 - 09:56 AM

Hidden/Locked Files
Path: C:\WINDOWS\$NtUninstallKB60647$\1640652247

This seems to the the bad guy.


Tool - Unlocker

Download and run this tool.
http://www.filehippo.com/download_unlocker/

When installed, simply right-click the locked folder or file and select Unlocker. If the folder or file is locked, a window listing of lockers will appear. Simply click Unlock All and you are done!
===

Restart the computer normally.

Open notepad and copy/paste the text in the quote box below into it:


Folder::
C:\WINDOWS\$NtUninstallKB60647$


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users