Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Even MBAM not working here "Could not initialize database!!!"


  • This topic is locked This topic is locked
65 replies to this topic

#1 kavian

kavian

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 25 December 2012 - 01:37 PM

After not working Regular MBAM , I used Mbar and it is last report of it with Could not initialize database!!!
Also it does not let to download most of Anti virus/malware and I must use another computer to donload and USB flash to transfer.
Also I ran Sfc /scannow too.a
please help me , what can I do with it?
====================================================Mbar Report ====================================
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b895ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff8bcfecb0
Lower Device Driver Name: \Driver\arcsas\
Device already Exists: 0xffffffff89e3c460
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8b897ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xffffffff8bd7ecb0
Lower Device Driver Name: \Driver\arcsas\
Device already Exists: 0xffffffff887550b8
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8bd81ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffff8bd7fcb0
Lower Device Driver Name: \Driver\arcsas\
Device already Exists: 0xffffffff881d78e0
Initializing...
Done!
Could not initialize database
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8bd81ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8bcd6cd8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8bd81910, DeviceName: \Device\VSCSIDISK0\, DriverName: \Driver\dontgo\
DevicePointer: 0xffffffff8bcfbc68, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8bd81ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8bd7fcb0, DeviceName: \Device\0000007d\, DriverName: \Driver\arcsas\
------------ End ----------
Upper DeviceData: 0xffffffffe3f27478, 0xffffffff8bd81ab8, 0xffffffff8836e5d8
Lower DeviceData: 0xffffffffe4106b78, 0xffffffff8bd7fcb0, 0xffffffff881d78e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5E338CBB

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 143107020
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Cannot scan MBR because MBAM is not initialized!
Disk Size: 73295462400 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b897ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8bcd5cd8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8bcfabb8, DeviceName: \Device\VSCSIDISK1\, DriverName: \Driver\dontgo\
DevicePointer: 0xffffffff8b897880, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b897ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8bd7ecb0, DeviceName: \Device\0000007e\, DriverName: \Driver\arcsas\
------------ End ----------
Upper DeviceData: 0xffffffffe4d33e98, 0xffffffff8b897ab8, 0xffffffff88194ab8
Lower DeviceData: 0xffffffffe5c28660, 0xffffffff8bd7ecb0, 0xffffffff887550b8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 36D67C9A

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition


**************************
====================================================End of Mbar Report ====================================



Then I removed Acronis True server then restart and it is my last OTL report:
====================================================OTL Report ====================================
OTL logfile created on: 12/25/2012 9:54:27 AM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): c:\pagefile.sys 1000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.24 Gb Total Space | 24.64 Gb Free Space | 36.11% Space Free | Partition Type: NTFS
Drive D: | 68.55 Gb Total Space | 37.30 Gb Free Space | 54.41% Space Free | Partition Type: NTFS
Drive E: | 79.09 Gb Total Space | 9.88 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive G: | 29.30 Gb Total Space | 20.80 Gb Free Space | 71.00% Space Free | Partition Type: NTFS
Drive H: | 85.94 Gb Total Space | 4.65 Gb Free Space | 5.41% Space Free | Partition Type: NTFS
Drive I: | 135.77 Gb Total Space | 36.95 Gb Free Space | 27.22% Space Free | Partition Type: NTFS
Drive J: | 68.36 Gb Total Space | 23.99 Gb Free Space | 35.09% Space Free | Partition Type: NTFS

Computer Name: SERVER90 | User Name: myusers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 20:12:58 | 009,162,752 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2011/05/02 12:20:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/03/15 01:05:52 | 000,094,208 | ---- | M] (Adaptec Incorporated) -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
PRC - [2010/04/13 11:07:20 | 000,167,936 | ---- | M] () -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe
PRC - [2009/05/10 20:48:34 | 001,261,984 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\wspsrv.exe
PRC - [2009/05/10 20:48:34 | 000,385,440 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\mspadmin.exe
PRC - [2008/07/21 16:01:12 | 000,098,304 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Java\Tomcat 6.0\bin\tomcat6w.exe
PRC - [2008/07/17 00:14:24 | 000,546,816 | ---- | M] (JH Software ApS) -- C:\Program Files\Simple DNS Plus\sdnsmain.exe
PRC - [2008/07/10 01:49:38 | 040,999,448 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/10 01:49:34 | 000,369,688 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE
PRC - [2008/07/10 00:22:40 | 021,945,368 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe
PRC - [2008/07/10 00:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
PRC - [2008/07/10 00:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdlauncher.exe
PRC - [2008/06/25 21:04:14 | 000,176,752 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\W3Prefch.exe
PRC - [2008/06/25 21:04:04 | 000,113,264 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\isastg.exe
PRC - [2007/02/18 04:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 04:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rqs.exe
PRC - [2007/02/18 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ADAM\dsamain.exe
PRC - [2007/02/18 04:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2006/09/27 11:56:22 | 000,622,592 | ---- | M] () -- C:\hc-603561\exes\HostingController.exe
PRC - [2005/11/22 15:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) -- D:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005/08/30 14:28:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\bmss.exe
PRC - [2005/08/30 14:28:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft ADS\bin\saagent.exe
PRC - [2005/05/13 13:15:22 | 000,233,472 | ---- | M] (Advanced Communications) -- C:\hc-603561\exes\HCSchedulerService.exe
PRC - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe
PRC - [2005/03/03 13:49:24 | 000,438,272 | ---- | M] (SmarterTools Inc.) -- D:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 12:20:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/09/07 04:08:31 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
SRV - [2012/12/22 11:51:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/22 05:17:51 | 000,170,408 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/11 20:12:58 | 009,162,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/03/15 01:05:52 | 000,094,208 | ---- | M] (Adaptec Incorporated) [Auto | Running] -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe -- (AdaptecStorageManagerAgent)
SRV - [2011/03/14 22:23:00 | 000,210,944 | ---- | M] (Adaptec Inc.) [On_Demand | Stopped] -- C:\Program Files\Adaptec\Adaptec Storage Manager\archwprv.exe -- (ArcHwPrv)
SRV - [2011/02/28 13:19:34 | 000,109,728 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2010/07/19 14:17:50 | 000,398,768 | ---- | M] (Array Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Array Networks\Common\8,4,0,353\arr_isrv.exe -- (Array_Utility_Service8.4.0.353)
SRV - [2010/07/19 14:17:38 | 000,259,504 | ---- | M] (Array Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Array Networks\Array SSL VPN\8,4,0,353\arr_srvs.exe -- (ArraySSL_VPN_Service8.4.0.353)
SRV - [2010/04/13 11:07:20 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe -- (SuperMicro Health Assistant)
SRV - [2009/05/10 20:48:34 | 001,261,984 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\wspsrv.exe -- (fwsrv)
SRV - [2009/05/10 20:48:34 | 000,385,440 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\mspadmin.exe -- (isactrl)
SRV - [2008/07/29 12:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/07/21 16:01:12 | 000,057,344 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\java\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2008/07/17 00:14:24 | 000,546,816 | ---- | M] (JH Software ApS) [Auto | Running] -- C:\Program Files\Simple DNS Plus\sdnsmain.exe -- (sdnsplus)
SRV - [2008/07/10 01:49:38 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSQLSERVER2008) SQL Server (MSSQLSERVER2008)
SRV - [2008/07/10 01:49:34 | 000,369,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSQLSERVER2008) SQL Server Agent (MSSQLSERVER2008)
SRV - [2008/07/10 01:22:18 | 001,106,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer$MSSQLSERVER2008) SQL Server Reporting Services (MSSQLSERVER2008)
SRV - [2008/07/10 00:22:40 | 021,945,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe -- (MSOLAP$MSSQLSERVER2008) SQL Server Analysis Services (MSSQLSERVER2008)
SRV - [2008/07/10 00:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer100)
SRV - [2008/07/10 00:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$MSSQLSERVER2008) SQL Full-text Filter Daemon Launcher (MSSQLSERVER2008)
SRV - [2008/06/25 21:04:14 | 000,176,752 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\W3Prefch.exe -- (isasched)
SRV - [2008/06/25 21:04:04 | 000,113,264 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\isastg.exe -- (ISASTG)
SRV - [2007/02/18 04:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 04:00:00 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/18 04:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 04:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 04:00:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 04:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 04:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 04:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 04:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rqs.exe -- (rqs)
SRV - [2007/02/18 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ADAM\dsamain.exe -- (ADAM_ISASTGCTRL)
SRV - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\ADAM\dsamain.exe -- (ADAM_instance1)
SRV - [2006/09/27 11:56:22 | 000,622,592 | ---- | M] () [Auto | Running] -- C:\hc-603561\exes\HostingController.exe -- (HostingController)
SRV - [2006/09/25 12:53:52 | 000,344,064 | ---- | M] (Advanced Communications) [Disabled | Stopped] -- C:\hc-603561\exes\HCDiskQuota.exe -- (HCDiskQuotaService)
SRV - [2006/04/18 15:05:52 | 000,319,488 | ---- | M] (Advanced Communications) [Disabled | Stopped] -- C:\hc-603561\exes\HCSMTPService.exe -- (HCSMTP Service)
SRV - [2006/04/18 15:04:24 | 000,155,648 | ---- | M] (PJ Naughter) [Disabled | Stopped] -- C:\hc-603561\exes\HCPaymentService.exe -- (HCPaymentService)
SRV - [2005/11/22 15:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- D:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2005/08/30 14:28:32 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft ADS\bin\saagent.exe -- (ADSAdminAgent)
SRV - [2005/07/16 03:54:28 | 000,094,208 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Shatter It\NC_Net\OUTPUT\NC_Net.exe -- (NC_Net)
SRV - [2005/05/13 13:15:22 | 000,233,472 | ---- | M] (Advanced Communications) [Auto | Running] -- C:\hc-603561\exes\HCSchedulerService.exe -- (HCSchedulerService)
SRV - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -- (SQLSERVERAGENT)
SRV - [2005/03/03 13:49:24 | 000,438,272 | ---- | M] (SmarterTools Inc.) [Auto | Running] -- D:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe -- (SSCollect)
SRV - [2004/10/12 21:10:54 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2002/08/13 10:46:10 | 000,081,920 | ---- | M] (Persits Software, Inc.) [Disabled | Stopped] -- C:\Program Files\IIS_Extensions\AspEmail45\EmailAgent\BIN\EmailAgent.exe -- (EmailAgent)


========== Driver Services (SafeList) ==========

DRV - [2012/12/24 00:16:12 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- D:\v\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)
DRV - [2011/03/11 12:25:10 | 000,056,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvhdbus.sys -- (cvhdbus)
DRV - [2011/03/11 12:24:58 | 000,017,024 | ---- | M] (Citrix Systems, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CFsDep.sys -- (CFsDep)
DRV - [2010/12/18 03:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | System | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/08 13:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/18 10:21:26 | 000,025,088 | ---- | M] (SoftLayer, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SMMdrv.sys -- (SMMdrv) SoftLayer Mainboard Management Bus Driver (V)
DRV - [2010/01/18 22:22:22 | 000,010,496 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\smbus.sys -- (SMBus)
DRV - [2009/11/16 06:27:58 | 000,036,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\ioatdma.sys -- (ioatdma) Intel®
DRV - [2009/11/03 20:32:18 | 000,004,736 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\IsaIoNt.sys -- (ISAIONT)
DRV - [2009/05/10 20:48:32 | 000,419,744 | ---- | M] (Microsoft ® Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fweng.sys -- (Fweng)
DRV - [2008/07/10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/07/26 16:25:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/03/14 18:36:00 | 000,082,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\3wareDrv.sys -- (3wareDrv)
DRV - [2007/02/18 04:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 04:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 04:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 04:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/02/16 18:18:04 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2006/12/15 12:25:00 | 000,019,456 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\msas2k3.sys -- (msas2k3)
DRV - [2006/03/17 01:17:00 | 000,053,248 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bchtsw32.sys -- (bchtsw32)
DRV - [2006/01/13 20:28:00 | 000,267,264 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aar81xx.sys -- (aar81xx)
DRV - [2004/06/29 12:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)
DRV - [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)
DRV - [2003/10/24 15:57:04 | 000,104,968 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (RapDrv)
DRV - [2003/03/24 21:16:00 | 000,140,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/25 18:26:44 | 000,024,344 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet)
DRV - [2003/02/25 18:26:28 | 000,036,644 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile)
DRV - [2000/11/12 07:14:18 | 000,003,908 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\memmapnt.sys -- (MemMapNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2150476757-1934398832-522589061-1017\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 00:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/06 22:17:05 | 000,000,000 | ---D | M]

[2009/04/16 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/12/24 16:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gz1bm06.default\extensions
[2010/05/10 08:08:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gz1bm06.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/22 05:05:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gz1bm06.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012/12/24 16:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 01:29:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 04:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 01:08:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 22:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/21 20:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/12 15:53:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/08/19 03:22:30 | 000,264,358 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 9163 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\java\Tomcat 6.0\bin\tomcat6w.exe (Apache Software Foundation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2150476757-1934398832-522589061-1017..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\New Folder [2011/03/23 02:18:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLockedUserId = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49b2-880A-1F7738E5A384} - D:\Program Files\Microsoft ISA Server\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007/04/19 02:23:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | R-SD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/04/19 02:23:27 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:I *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files - Modified Within 30 Days ==========

[2012/12/25 09:59:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6308B427-5D34-4D0B-AC39-41DFBE332ADA}.job
[2012/12/25 09:51:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/25 09:50:01 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Correct Mail Dns.job
[2012/12/25 09:46:46 | 000,010,193 | ---- | M] () -- C:\WINDOWS\System32\SuperD.ini
[2012/12/25 09:46:08 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\SetNetworkIPsattStartup.job
[2012/12/25 09:46:05 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\BlockMostActiveIPS.job
[2012/12/25 09:46:05 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\IIS-keep-Up.job
[2012/12/25 09:46:01 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/25 09:40:58 | 000,018,439 | ---- | M] () -- C:\WINDOWS\uedit32.INI
[2012/12/25 07:47:34 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mbar.exe.lnk
[2012/12/25 05:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{9f7af425-0876-11dd-a13a-0030487d4759}.job
[2012/12/24 22:48:06 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Information Services (IIS) Manager.lnk
[2012/12/24 22:10:43 | 000,879,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/24 22:10:43 | 000,233,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/24 21:31:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/24 21:05:43 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/12/24 21:05:43 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/24 17:18:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012/12/24 17:15:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Mov-Win-Log.job
[2012/12/24 17:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{9f7af421-0876-11dd-a13a-0030487d4759}.job
[2012/12/24 16:24:37 | 000,000,716 | RHS- | M] () -- C:\boot.ini
[2012/12/24 16:15:19 | 000,000,716 | RHS- | M] () -- C:\BOOT.BAK
[2012/12/24 16:13:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Mov-Win-Log-MihanHost.job
[2012/12/24 15:55:15 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\FixFtpPerMitons.job
[2012/12/24 15:42:55 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ISA Server Management.lnk
[2012/12/24 15:31:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\DelTemporaryFiles.job
[2012/12/24 15:00:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{a83038cc-0838-11dd-a667-806e6f6e6963}.job
[2012/12/24 13:01:39 | 000,000,468 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/12/24 12:57:42 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\zipMihanhostlogz.job
[2012/12/24 11:48:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/12/24 11:47:48 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/24 11:36:14 | 000,001,373 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2012/12/24 06:22:59 | 000,003,470 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/24 05:36:17 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/12/23 22:33:25 | 000,008,858 | ---- | M] () -- C:\WINDOWS\System32\SuperD.bak
[2012/12/23 15:35:20 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\SystemStateBackup.job
[2012/12/23 14:43:55 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Supero Doctor III Client.lnk
[2012/12/23 14:43:52 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Supero Doctor III for Local.url
[2012/12/23 14:43:51 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Supero Doctor III Client.lnk
[2012/12/23 13:41:23 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2012/12/23 13:31:15 | 014,373,078 | ---- | M] () -- C:\Program Files\Microsoft Security Client.rar
[2012/12/23 13:00:22 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/22 17:07:40 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2012/12/22 14:05:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/12/22 11:51:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/22 11:51:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/22 11:51:15 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/12/22 07:32:46 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Driver Genius Professional Edition.lnk
[2012/12/22 05:20:36 | 000,000,768 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/12/22 05:17:51 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/12/22 05:17:51 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/12/22 05:17:51 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/22 05:17:51 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/22 05:17:51 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/22 05:17:51 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/22 05:17:51 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/22 02:16:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/22 02:16:29 | 000,001,704 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/12/22 02:16:29 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2012/12/21 13:50:08 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Administrator\BlueScreenView.cfg
[2012/12/21 09:10:12 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to msconfig.exe.lnk
[2012/12/19 10:28:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/16 04:24:37 | 000,287,232 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 04:24:37 | 000,287,232 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/14 20:15:48 | 000,000,000 | ---- | M] () -- C:\t2hk.1
[2012/12/14 20:15:45 | 000,000,000 | ---- | M] () -- C:\t2hk
[2012/12/12 00:01:12 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/25 15:49:56 | 000,000,000 | ---- | M] () -- C:\t2ho.3
[2012/11/25 15:49:54 | 000,000,000 | ---- | M] () -- C:\t2ho.2
[993 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/25 07:47:23 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mbar.exe.lnk
[2012/12/24 21:05:43 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/12/24 21:05:43 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/24 11:36:14 | 000,001,373 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk
[2012/12/24 11:34:01 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2012/12/24 11:34:01 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/12/24 07:13:26 | 000,000,716 | RHS- | C] () -- C:\BOOT.BAK
[2012/12/24 05:36:17 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/12/24 05:36:17 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/12/23 22:33:25 | 000,008,858 | ---- | C] () -- C:\WINDOWS\System32\SuperD.bak
[2012/12/23 15:00:04 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2012/12/23 15:00:03 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2012/12/23 15:00:03 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2012/12/23 14:57:02 | 000,006,331 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rsess.vbs
[2012/12/23 14:56:58 | 000,026,417 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rfeed.vbs
[2012/12/23 14:56:58 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rgroup.vbs
[2012/12/23 14:56:58 | 000,010,571 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rexpire.vbs
[2012/12/23 14:56:57 | 000,011,781 | ---- | C] () -- C:\WINDOWS\System32\dllcache\regfilt.vbs
[2012/12/23 14:56:55 | 000,003,912 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rcancel.vbs
[2012/12/23 14:56:30 | 000,135,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/12/23 14:56:29 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/12/23 14:56:16 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2012/12/23 14:56:14 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2012/12/23 14:56:14 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2012/12/23 14:56:13 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2012/12/23 14:56:13 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2012/12/23 14:56:12 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2012/12/23 14:56:12 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2012/12/23 14:56:12 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2012/12/23 14:56:11 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2012/12/23 14:56:11 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2012/12/23 14:56:11 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/12/23 14:53:48 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/12/23 14:53:03 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/12/23 14:52:31 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/12/23 14:52:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/12/23 14:51:16 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/12/23 14:48:56 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2012/12/23 14:48:56 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2012/12/23 14:48:56 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2012/12/23 14:48:55 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2012/12/23 14:48:55 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2012/12/23 14:48:55 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2012/12/23 14:48:55 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2012/12/23 14:48:55 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2012/12/23 14:48:54 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/12/23 14:48:53 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2012/12/23 14:48:08 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/12/23 14:48:08 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/12/23 14:48:08 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/12/23 14:48:07 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/12/23 14:48:07 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/12/23 14:48:06 | 000,050,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/12/23 14:48:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/12/23 14:48:06 | 000,017,536 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/12/23 14:48:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/12/23 14:48:00 | 000,046,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/12/23 14:43:55 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Supero Doctor III Client.lnk
[2012/12/23 14:43:52 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Supero Doctor III for Local.url
[2012/12/23 14:43:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES_ru.dll
[2012/12/23 14:43:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES.dll
[2012/12/23 14:43:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhtw.dll
[2012/12/23 14:43:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhcn.dll
[2012/12/23 14:43:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\sndmail.exe
[2012/12/23 14:43:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2012/12/23 14:43:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\omnithread_rt.dll
[2012/12/23 14:43:51 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2012/12/23 14:43:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SD3Service.exe
[2012/12/23 14:43:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\supermon.dll
[2012/12/23 14:43:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SMBiosInfo.exe
[2012/12/23 14:43:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\StartCtl.exe
[2012/12/23 14:43:51 | 000,014,169 | ---- | C] () -- C:\WINDOWS\System32\drivers\SUPERBMC.SYS
[2012/12/23 14:43:51 | 000,012,063 | ---- | C] () -- C:\WINDOWS\System32\SuperDOpt.ini
[2012/12/23 14:43:51 | 000,003,238 | ---- | C] () -- C:\WINDOWS\System32\WinIo.sys
[2012/12/23 14:43:51 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Supero Doctor III Client.lnk
[2012/12/23 14:43:49 | 000,010,193 | ---- | C] () -- C:\WINDOWS\System32\SuperD.ini
[2012/12/23 14:43:49 | 000,004,761 | ---- | C] () -- C:\WINDOWS\System32\MEMDIMM.ini
[2012/12/23 14:34:43 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/12/23 14:34:43 | 000,006,005 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/12/23 13:41:23 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2012/12/23 13:31:10 | 014,373,078 | ---- | C] () -- C:\Program Files\Microsoft Security Client.rar
[2012/12/22 17:07:39 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/12/22 11:18:17 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/22 07:32:46 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Driver Genius Professional Edition.lnk
[2012/12/21 13:50:08 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Administrator\BlueScreenView.cfg
[2012/12/21 09:10:12 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to msconfig.exe.lnk
[2012/12/21 07:23:34 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2012/12/20 06:09:29 | 000,291,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/20 06:09:29 | 000,130,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/14 20:15:48 | 000,000,000 | ---- | C] () -- C:\t2hk.1
[2012/12/14 20:15:45 | 000,000,000 | ---- | C] () -- C:\t2hk
[2012/11/25 15:49:56 | 000,000,000 | ---- | C] () -- C:\t2ho.3
[2012/11/25 15:49:54 | 000,000,000 | ---- | C] () -- C:\t2ho.2
[2011/06/20 10:48:11 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\tccom.exe
[2011/05/03 20:02:16 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2011/01/23 13:40:11 | 000,000,466 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/09/04 04:32:06 | 000,001,910 | ---- | C] () -- C:\Program Files\setup.inf
[2010/09/04 04:32:06 | 000,000,283 | ---- | C] () -- C:\Program Files\setup.rpt
[2010/04/15 09:07:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009/11/13 12:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tirf44.dat
[2009/04/13 06:00:46 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 02:59:08 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/16 22:40:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/06 04:27:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2008/08/21 16:05:30 | 000,004,100 | ---- | C] () -- C:\WINDOWS\System32\hdvirffo.dll
[2008/07/13 16:53:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmbi.sys
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/20 02:38:46 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/05/16 08:24:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SUPERDLL.DLL
[2008/05/03 16:38:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/04/30 19:57:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\aspSmartUploadUtil.dll
[2008/04/27 12:02:24 | 002,035,712 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2008/04/22 13:29:52 | 000,305,888 | ---- | C] () -- C:\WINDOWS\NICCfg.dat
[2008/04/22 13:29:26 | 000,305,896 | ---- | C] () -- C:\WINDOWS\dhcpcfg.dat
[2008/04/21 21:58:13 | 000,018,439 | ---- | C] () -- C:\WINDOWS\uedit32.INI
[2008/04/17 13:03:51 | 000,249,856 | ---- | C] () -- C:\WINDOWS\libmySQL.dll
[2008/04/17 05:46:23 | 000,003,182 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/16 04:07:24 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2008/04/14 03:22:25 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/04/13 16:43:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\my.ini
[2008/04/13 10:56:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\hapi32.dll
[2008/04/13 10:55:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\mimepp_core.dll
[2008/04/13 10:55:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vbpasswd.dll
[2008/04/13 10:55:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PASSWD.DLL
[2008/04/13 10:54:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\BINDCmd.exe
[2008/04/13 07:01:33 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/13 07:01:30 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/13 07:01:29 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/12 02:31:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/11 20:49:53 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/11 20:44:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/04/11 20:39:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\icfutil.exe
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/06 16:58:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80.dll
[2007/04/19 05:38:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/19 03:43:09 | 000,082,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\3wareDrv.sys
[2007/04/19 02:28:35 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/19 02:19:54 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/18 20:58:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/18 20:57:41 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/18 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/02/18 04:00:00 | 000,879,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/02/18 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/02/18 04:00:00 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/02/18 04:00:00 | 000,233,336 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/02/18 04:00:00 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/02/18 04:00:00 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 04:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/02/18 04:00:00 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/02/18 04:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 04:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 04:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 04:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 04:00:00 | 000,005,644 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/02/18 04:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/02/18 04:00:00 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/02/18 04:00:00 | 000,004,459 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/02/18 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/02/18 04:00:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >
====================================================End Of OTL Report ====================================

Edited by bloopie, 25 December 2012 - 06:54 PM.
Topic moved due to OTL log posted. Original topic started in AII. ~bloopie


BC AdBot (Login to Remove)

 


#2 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 25 December 2012 - 01:52 PM

Update:
Using "mbam-clean-1.60.2.0003.exe" and restart and re-install MBAM did NOT solve anything.
MBAM hangs and did not work again.

#3 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 25 December 2012 - 07:55 PM

hello & Thank you
because if you did not answer a least Removed it to some where ELSE!!!

-I read that topic
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

-I think I did all those hints EXCEPT number 6 (DDS Running) Because Simply the system is Win2003 and DDS does not working there.

-If there is another missing please tell me to Do that.

-Also If you can tell me how can I bring this topic on top of Que to be answered faster.

#4 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 26 December 2012 - 01:23 PM

It is the first day.
I am still waiting...

#5 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 December 2012 - 02:27 AM

An Update:

When I wanted to restore yesterday's backup of drive C:, Acronis in windows told me:
Unable to read track 63
And rebooted and before loading Windows , restored Drive C:
But after that , All thin is like before Still Virus is resident.
I Also Scanned whole of c: & D: by Kaspersky Live Cd and AVG live CD. But both of them did not find anything.
Hope it graves you an Idea to help me faster.
I am still waiting....

#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 30 December 2012 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/479625 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 30 December 2012 - 08:11 PM

Hello Mr.Bot!!!!!
Yes I want help.
As I told before:
the system is Win2003 and DDS does not working there.
I sent OTL report.
-update :
= SUPER anti Spyware found C:\WINDOWS\system32\drivers\Ndisprot.sys and removed it and its registery
= I used Rkill and immediately mbam but not solved.
Also I tried Rkill + Mbar and Rkill+mbam_chamelon but no-one could run.

#8 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 30 December 2012 - 11:46 PM

OTL logfile created on: 12/30/2012 8:35:36 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = D:\v\OTL
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 11.00% Memory free
6.00 Gb Paging File | 2.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): c:\pagefile.sys 2500 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.24 Gb Total Space | 21.85 Gb Free Space | 32.02% Space Free | Partition Type: NTFS
Drive D: | 68.55 Gb Total Space | 35.70 Gb Free Space | 52.07% Space Free | Partition Type: NTFS
Drive E: | 79.09 Gb Total Space | 22.87 Gb Free Space | 28.91% Space Free | Partition Type: NTFS
Drive G: | 29.30 Gb Total Space | 20.92 Gb Free Space | 71.39% Space Free | Partition Type: NTFS
Drive H: | 85.94 Gb Total Space | 4.65 Gb Free Space | 5.41% Space Free | Partition Type: NTFS
Drive I: | 135.77 Gb Total Space | 34.86 Gb Free Space | 25.67% Space Free | Partition Type: NTFS
Drive J: | 68.36 Gb Total Space | 7.73 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive K: | 1.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SERVER90 | User Name: myusers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 07:01:22 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/02 06:03:36 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\sysinternals\procexp.exe
PRC - [2012/09/06 01:52:22 | 000,112,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/11 20:12:58 | 009,162,752 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2011/05/02 12:20:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\v\OTL\OTL.exe
PRC - [2011/02/12 06:43:02 | 000,660,576 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/02/12 06:40:50 | 000,365,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/07/19 14:17:50 | 000,398,768 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Common\8,4,0,353\arr_isrv.exe
PRC - [2010/07/19 14:17:38 | 000,259,504 | ---- | M] (Array Networks, Inc.) -- C:\Program Files\Array Networks\Array SSL VPN\8,4,0,353\arr_srvs.exe
PRC - [2009/05/10 20:48:34 | 001,261,984 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\wspsrv.exe
PRC - [2009/05/10 20:48:34 | 000,385,440 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\mspadmin.exe
PRC - [2008/07/21 16:01:12 | 000,098,304 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Java\Tomcat 6.0\bin\tomcat6w.exe
PRC - [2008/07/17 00:14:24 | 000,546,816 | ---- | M] (JH Software ApS) -- C:\Program Files\Simple DNS Plus\sdnsmain.exe
PRC - [2008/07/10 01:49:38 | 040,999,448 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/10 01:49:34 | 000,369,688 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE
PRC - [2008/07/10 00:22:40 | 021,945,368 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe
PRC - [2008/07/10 00:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
PRC - [2008/07/10 00:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdlauncher.exe
PRC - [2008/06/25 21:04:14 | 000,176,752 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\W3Prefch.exe
PRC - [2008/06/25 21:04:04 | 000,113,264 | ---- | M] (Microsoft ® Corporation) -- D:\Program Files\Microsoft ISA Server\isastg.exe
PRC - [2008/01/29 21:48:28 | 000,884,696 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
PRC - [2008/01/29 21:45:54 | 001,274,632 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
PRC - [2007/02/18 04:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 04:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/02/18 04:00:00 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/18 04:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rqs.exe
PRC - [2007/02/18 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sacsess.exe
PRC - [2007/02/18 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ADAM\dsamain.exe
PRC - [2007/02/18 04:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe
PRC - [2007/02/06 14:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe
PRC - [2006/09/27 11:56:22 | 000,622,592 | ---- | M] () -- C:\hc-603561\exes\HostingController.exe
PRC - [2005/11/22 15:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) -- D:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2005/08/30 14:28:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\bmss.exe
PRC - [2005/08/30 14:28:32 | 000,067,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft ADS\bin\saagent.exe
PRC - [2005/05/13 13:15:22 | 000,233,472 | ---- | M] (Advanced Communications) -- C:\hc-603561\exes\HCSchedulerService.exe
PRC - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe
PRC - [2005/03/03 13:49:24 | 000,438,272 | ---- | M] (SmarterTools Inc.) -- D:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe
PRC - [2004/05/29 06:05:26 | 002,179,072 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 12:20:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\v\OTL\OTL.exe
MOD - [2010/09/07 04:08:31 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll
MOD - [2007/02/18 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
SRV - [2012/12/30 07:01:22 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/29 00:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/06 01:52:22 | 000,112,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/05/11 20:12:58 | 009,162,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/02/12 06:43:02 | 000,660,576 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/07/19 14:17:50 | 000,398,768 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Common\8,4,0,353\arr_isrv.exe -- (Array_Utility_Service8.4.0.353)
SRV - [2010/07/19 14:17:38 | 000,259,504 | ---- | M] (Array Networks, Inc.) [Auto | Running] -- C:\Program Files\Array Networks\Array SSL VPN\8,4,0,353\arr_srvs.exe -- (ArraySSL_VPN_Service8.4.0.353)
SRV - [2009/05/10 20:48:34 | 001,261,984 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\wspsrv.exe -- (fwsrv)
SRV - [2009/05/10 20:48:34 | 000,385,440 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\mspadmin.exe -- (isactrl)
SRV - [2008/08/07 15:12:42 | 000,172,032 | ---- | M] (Sophos Plc) [On_Demand | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2008/07/29 12:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/07/21 16:01:12 | 000,057,344 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\java\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2008/07/17 00:14:24 | 000,546,816 | ---- | M] (JH Software ApS) [Auto | Running] -- C:\Program Files\Simple DNS Plus\sdnsmain.exe -- (sdnsplus)
SRV - [2008/07/10 01:49:38 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSQLSERVER2008) SQL Server (MSSQLSERVER2008)
SRV - [2008/07/10 01:49:34 | 000,369,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$MSSQLSERVER2008) SQL Server Agent (MSSQLSERVER2008)
SRV - [2008/07/10 01:22:18 | 001,106,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer$MSSQLSERVER2008) SQL Server Reporting Services (MSSQLSERVER2008)
SRV - [2008/07/10 00:22:40 | 021,945,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER2008\OLAP\bin\msmdsrv.exe -- (MSOLAP$MSSQLSERVER2008) SQL Server Analysis Services (MSSQLSERVER2008)
SRV - [2008/07/10 00:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer100)
SRV - [2008/07/10 00:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER2008\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher$MSSQLSERVER2008) SQL Full-text Filter Daemon Launcher (MSSQLSERVER2008)
SRV - [2008/06/25 21:04:14 | 000,176,752 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\W3Prefch.exe -- (isasched)
SRV - [2008/06/25 21:04:04 | 000,113,264 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- D:\Program Files\Microsoft ISA Server\isastg.exe -- (ISASTG)
SRV - [2007/09/21 01:03:38 | 000,094,208 | ---- | M] (Adaptec Incorporated) [Auto | Stopped] -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe -- (AdaptecStorageManagerAgent)
SRV - [2007/02/18 04:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 04:00:00 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/18 04:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 04:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 04:00:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 04:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 04:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 04:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 04:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rqs.exe -- (rqs)
SRV - [2007/02/18 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2007/02/18 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ADAM\dsamain.exe -- (ADAM_ISASTGCTRL)
SRV - [2007/02/18 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\ADAM\dsamain.exe -- (ADAM_instance1)
SRV - [2007/02/06 14:28:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\SUPERMICRO\SDIII\NTService.exe -- (SuperMicro Health Assistant)
SRV - [2006/09/27 11:56:22 | 000,622,592 | ---- | M] () [Auto | Running] -- C:\hc-603561\exes\HostingController.exe -- (HostingController)
SRV - [2006/09/25 12:53:52 | 000,344,064 | ---- | M] (Advanced Communications) [Disabled | Stopped] -- C:\hc-603561\exes\HCDiskQuota.exe -- (HCDiskQuotaService)
SRV - [2006/04/18 15:05:52 | 000,319,488 | ---- | M] (Advanced Communications) [Disabled | Stopped] -- C:\hc-603561\exes\HCSMTPService.exe -- (HCSMTP Service)
SRV - [2006/04/18 15:04:24 | 000,155,648 | ---- | M] (PJ Naughter) [Disabled | Stopped] -- C:\hc-603561\exes\HCPaymentService.exe -- (HCPaymentService)
SRV - [2005/11/22 15:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- D:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2005/08/30 14:28:32 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft ADS\bin\saagent.exe -- (ADSAdminAgent)
SRV - [2005/07/16 03:54:28 | 000,094,208 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Shatter It\NC_Net\OUTPUT\NC_Net.exe -- (NC_Net)
SRV - [2005/05/13 13:15:22 | 000,233,472 | ---- | M] (Advanced Communications) [Auto | Running] -- C:\hc-603561\exes\HCSchedulerService.exe -- (HCSchedulerService)
SRV - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -- (SQLSERVERAGENT)
SRV - [2005/03/03 13:49:24 | 000,438,272 | ---- | M] (SmarterTools Inc.) [Auto | Running] -- D:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe -- (SSCollect)
SRV - [2004/10/21 23:53:26 | 000,131,072 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Pointdev\IMSrv.exe -- (IMSrvP)
SRV - [2004/10/12 21:10:54 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH)
SRV - [2004/05/29 06:05:26 | 002,179,072 | ---- | M] () [Auto | Running] -- C:/mysql/bin/mysqld-nt.exe -- (MySQL)
SRV - [2002/08/13 10:46:10 | 000,081,920 | ---- | M] (Persits Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\IIS_Extensions\AspEmail45\EmailAgent\BIN\EmailAgent.exe -- (EmailAgent)


========== Driver Services (SafeList) ==========

DRV - [2012/12/30 04:03:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/30 00:21:52 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/05/25 12:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/12 21:16:17 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/03/11 12:25:10 | 000,056,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvhdbus.sys -- (cvhdbus)
DRV - [2011/03/11 12:24:58 | 000,017,024 | ---- | M] (Citrix Systems, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CFsDep.sys -- (CFsDep)
DRV - [2010/12/18 03:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | System | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/08 13:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/18 10:21:26 | 000,025,088 | ---- | M] (SoftLayer, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SMMdrv.sys -- (SMMdrv) SoftLayer Mainboard Management Bus Driver (V)
DRV - [2009/11/16 06:27:56 | 000,036,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\ioatdma.sys -- (ioatdma) Intel®
DRV - [2009/05/10 20:48:32 | 000,419,744 | ---- | M] (Microsoft ® Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fweng.sys -- (Fweng)
DRV - [2008/07/24 10:48:04 | 000,043,008 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/07/24 10:48:03 | 000,454,688 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/07/10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/07/26 16:25:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/03/14 18:36:00 | 000,082,184 | ---- | M] () [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\3wareDrv.sys -- (3wareDrv)
DRV - [2007/02/18 04:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 04:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 04:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/02/18 04:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/02/16 18:18:04 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2007/01/30 07:49:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/15 12:25:00 | 000,019,456 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\msas2k3.sys -- (msas2k3)
DRV - [2006/05/16 10:56:58 | 000,010,112 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\smbus.sys -- (SMBus)
DRV - [2006/04/05 23:03:52 | 001,431,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/17 01:17:00 | 000,053,248 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bchtsw32.sys -- (bchtsw32)
DRV - [2006/01/13 20:28:00 | 000,267,264 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aar81xx.sys -- (aar81xx)
DRV - [2004/06/29 12:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)
DRV - [2003/10/24 15:57:04 | 000,104,968 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (RapDrv)
DRV - [2003/02/25 18:26:44 | 000,024,344 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet)
DRV - [2003/02/25 18:26:28 | 000,036,644 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile)
DRV - [2001/06/20 04:05:54 | 000,003,853 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\IsaIoNt.sys -- (ISAIONT)
DRV - [2000/11/12 06:14:18 | 000,003,908 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\memmapnt.sys -- (MemMapNt)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/hardAdmin.htm
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2150476757-1934398832-522589061-1017\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5283\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5283\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5283\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-2150476757-1934398832-522589061-5283\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/30 07:31:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/30 07:31:45 | 000,000,000 | ---D | M]

[2009/04/16 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/12/30 14:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gz1bm06.default\extensions
[2010/05/10 08:08:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gz1bm06.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/30 07:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/28 15:58:30 | 000,000,784 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\New Folder [2012/12/29 11:10:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to On-ScreenKeyboardPortable.exe.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLockedUserId = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_AATESTMAIL.COM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ADMIN\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ANASEVI\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ANGELSAYAN\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ARVINROSE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_AVIZHEH-PALAYESH\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_AZAD1446\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_BABASANI-FACTORY\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_BONABROBOTICS\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_BORNAIP8\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_BOURSETIMES\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_DREAM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_DSPCORE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ELITEMEDIA\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_EMDAD-KHODKAFAEI\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_FARAZCOM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_FARAZCOMC\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_FARZGU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_GEFPIR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_GOLSPORT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_HOMAATC\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_HPSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ICIORG\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_IKFARS\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_IKFARSIR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_IPRONET1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_IRANEXHIBITION\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_IRANIPTEC\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_IRANRAM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ISARGARANEKHUZESTAN\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ITCENTER7\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ITCONSULTING\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_KASHANCENTER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_KFG-CO\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_KOUSHACO\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_LUMIERE-CO\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_MASKANEMEHR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_MATINSYSTEM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_MAZIAR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_MEHRPORTAL\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_MIHANTUBE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_MOBILEHOUSE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_NANKO-CATERING\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_NOVINSAKHT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_NPTMC\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_PAMDAIR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_PARSELCO\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_PASARGAD-ET\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_PEZHVAKMUSIC\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_QUTIN-BAND\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_RAHACOMPUTER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_RESIN-WOOD\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SABT-SB\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SAMAN\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SG-ARVIN\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SHENASRAYANEH\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SHIRAZREFORMER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SHOAPRINTING\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SIRWE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SMA-EDU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_SOORILAND\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TAKJF\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TECLICO\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TISOUTDOOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TOORANY\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_TOURESINA\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ZARCOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ZEPCO\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ZIHESAB\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ZISTDDP\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ZORRIEH\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1017\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1040\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1048\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1312\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1363\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1367\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1390\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1440\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1443\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1517\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1519\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1553\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1586\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1629\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1648\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1714\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1718\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1840\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1888\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-1957\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2102\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2156\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2201\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2258\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2310\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2333\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2396\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2447\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2451\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2452\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2459\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2467\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2470\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2504\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2505\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2550\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2555\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2609\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2617\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2629\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2648\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2686\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2752\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2792\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2798\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2917\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2919\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2932\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2983\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-2999\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3067\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3120\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3161\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3178\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3254\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3265\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3271\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3272\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3276\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3284\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3365\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-3370\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5283\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5304\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5320\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5328\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5333\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5350\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5365\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5379\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5396\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5398\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5414\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5434\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5437\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5450\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5465\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5480\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5484\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5522\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5524\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5526\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5613\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5617\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5621\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5623\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5627\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5656\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5658\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5661\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5691\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5712\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5726\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5743\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5761\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5817\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5825\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5827\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5845\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5869\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5877\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5888\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5899\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5901\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5924\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5926\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5932\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5946\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5960\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-5991\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6030\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6059\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6103\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6104\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6130\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6158\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6164\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6168\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6173\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6185\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6202\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6206\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6218\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6228\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6234\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6272\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6287\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6310\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6387\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6402\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6404\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6408\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6426\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6438\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6487\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6495\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6510\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6536\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6553\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6581\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6592\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6609\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6644\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6701\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6713\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6755\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6776\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6855\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6877\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-6986\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7029\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7102\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7117\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7133\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7156\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7209\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7233\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7242\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7267\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7281\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7297\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7329\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7343\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7347\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7356\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7370\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7467\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7481\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7495\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7535\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7558\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7562\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7598\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7629\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7779\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7801\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7827\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7867\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7934\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7938\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-7979\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8054\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8145\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8182\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8189\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8211\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8213\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8215\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8265\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8304\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8340\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8379\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8381\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8389\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8391\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8395\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8403\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8417\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8458\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8480\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8509\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8513\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8591\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8597\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8599\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8619\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8634\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8638\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8767\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8804\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8871\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8879\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8909\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8948\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8956\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2150476757-1934398832-522589061-8971\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\..Trusted Domains: softlayer.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\..Trusted Domains: softlayer.com ([manage] https in Trusted sites)
O15 - HKU\S-1-5-21-2150476757-1934398832-522589061-500\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260933314730 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258172594671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} https://vpn.sea01.softlayer.com/prx/000/http/localhost/arr_x.cab (ArrVPNAX Control)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49b2-880A-1F7738E5A384} - D:\Program Files\Microsoft ISA Server\OWC11.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007/04/19 02:23:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/04/19 02:23:27 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/12/22 17:12:19 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/01/19 12:00:00 | 000,000,043 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{a945f0df-521c-11e2-83b4-e5c21e2f00b7}\Shell - "" = AutoRun
O33 - MountPoints2\{a945f0df-521c-11e2-83b4-e5c21e2f00b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a945f0df-521c-11e2-83b4-e5c21e2f00b7}\Shell\AutoRun\command - "" = K:\setup.exe -- [2008/01/19 12:00:00 | 000,111,672 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk /k:I *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/30 20:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NeoSmart_Technologies
[2012/12/30 19:38:38 | 000,000,000 | ---D | C] -- C:\NST
[2012/12/30 19:36:42 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/12/30 19:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2012/12/30 19:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2012/12/30 07:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/12/30 07:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/30 07:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/30 07:01:52 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/30 07:01:52 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/30 07:01:37 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/30 07:01:37 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/30 07:01:37 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/30 00:18:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/30 00:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/12/30 00:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/30 00:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/30 00:18:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/30 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/30 00:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/12/29 20:11:41 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/12/29 18:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2012/12/29 18:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player
[2012/12/29 11:09:16 | 000,000,000 | ---D | C] -- C:\On-ScreenKeyboardPortable
[2012/12/29 07:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2012/12/29 07:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2012/12/28 21:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Repair
[2012/12/28 15:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ProcAlyzer Dumps
[2012/12/28 04:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/12/27 20:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FixItCenter
[2012/12/27 20:31:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/12/27 20:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/12/27 19:53:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/27 19:32:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/27 18:28:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/12/27 09:57:48 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hal.dll
[2012/12/27 08:45:57 | 002,491,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012/12/27 08:45:57 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2012/12/27 08:45:57 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdsp.dll
[2012/12/27 08:45:57 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpsrcwp.dll
[2012/12/27 08:45:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2012/12/27 08:45:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Repair1
[2012/12/27 08:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/12/27 08:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/12/27 06:16:01 | 000,000,000 | ---D | C] -- C:\I386
[2012/12/27 05:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/12/27 05:12:59 | 000,101,112 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/12/27 05:12:59 | 000,042,864 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/12/27 05:12:46 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/12/27 03:36:48 | 000,297,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\PROUnstl.exe
[2012/12/23 14:35:12 | 000,121,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2012/12/23 14:35:12 | 000,082,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2012/12/23 14:35:12 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll

========== Files - Modified Within 30 Days ==========

[2012/12/30 20:39:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6308B427-5D34-4D0B-AC39-41DFBE332ADA}.job
[2012/12/30 20:34:38 | 000,018,065 | ---- | M] () -- C:\WINDOWS\uedit32.INI
[2012/12/30 20:30:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\IIS-keep-Up.job
[2012/12/30 20:30:20 | 000,235,555 | ---- | M] () -- C:\ANG7
[2012/12/30 20:29:50 | 000,235,555 | ---- | M] () -- C:\ANG6
[2012/12/30 20:20:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Correct Mail Dns.job
[2012/12/30 20:16:39 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ISA Server Management.lnk
[2012/12/30 20:13:29 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\EasyBCD Backup (12-30-2012).bcd
[2012/12/30 20:12:19 | 000,235,561 | ---- | M] () -- C:\ANG5
[2012/12/30 20:06:08 | 000,235,549 | ---- | M] () -- C:\ANG4
[2012/12/30 20:05:01 | 000,235,561 | ---- | M] () -- C:\ANG3
[2012/12/30 20:04:52 | 000,235,561 | ---- | M] () -- C:\ANG2
[2012/12/30 20:01:12 | 000,000,692 | RHS- | M] () -- C:\boot.ini
[2012/12/30 19:59:38 | 000,000,081 | ---- | M] () -- C:\bootedit.bat
[2012/12/30 19:59:21 | 000,000,070 | ---- | M] () -- C:\bootedit.bat.bak
[2012/12/30 19:40:18 | 000,235,549 | ---- | M] () -- C:\ANG1
[2012/12/30 19:39:59 | 000,235,549 | ---- | M] () -- C:\ANG0
[2012/12/30 19:38:45 | 000,047,772 | RHS- | M] () -- C:\NTDETECT.COM
[2012/12/30 19:35:11 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.0.lnk
[2012/12/30 19:00:55 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Mov-Win-Log.job
[2012/12/30 17:00:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{9f7af421-0876-11dd-a13a-0030487d4759}.job
[2012/12/30 16:06:20 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\FixFtpPerMitons.job
[2012/12/30 15:36:52 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\SystemStateBackup.job
[2012/12/30 15:31:37 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\DelTemporaryFiles.job
[2012/12/30 15:00:28 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{a83038cc-0838-11dd-a667-806e6f6e6963}.job
[2012/12/30 13:16:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\BlockMostActiveIPS.job
[2012/12/30 07:31:51 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/30 07:31:51 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/12/30 07:01:22 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/30 07:01:22 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/30 07:01:22 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/30 07:01:22 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/30 07:01:22 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/30 07:01:21 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/12/30 07:01:21 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/12/30 05:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{9f7af425-0876-11dd-a13a-0030487d4759}.job
[2012/12/30 04:03:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/30 00:21:52 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/30 00:18:06 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/30 00:17:28 | 000,855,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/30 00:17:28 | 000,223,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/30 00:13:25 | 000,010,356 | ---- | M] () -- C:\WINDOWS\System32\SuperD.ini
[2012/12/30 00:13:23 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\SetNetworkIPsattStartup.job
[2012/12/30 00:13:16 | 000,000,000 | ---- | M] () -- C:\t2go.1
[2012/12/30 00:13:14 | 000,000,000 | ---- | M] () -- C:\t2go
[2012/12/30 00:12:45 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/29 23:44:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/29 20:05:29 | 000,000,000 | ---- | M] () -- C:\t2vk.1
[2012/12/29 20:05:26 | 000,000,000 | ---- | M] () -- C:\t2vk
[2012/12/29 18:32:57 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/12/29 18:30:14 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.bak
[2012/12/29 17:14:36 | 000,000,388 | ---- | M] () -- C:\Program Files\Shortcut (2) to Program Files.lnk
[2012/12/29 17:14:26 | 000,000,388 | ---- | M] () -- C:\Program Files\Shortcut to Program Files.lnk
[2012/12/29 17:03:24 | 106,229,760 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/12/29 16:30:49 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\fltmgr.reg
[2012/12/29 16:16:37 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to On-ScreenKeyboardPortable.exe.lnk
[2012/12/29 11:09:30 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to On-ScreenKeyboardPortable.exe.lnk.disabled
[2012/12/29 11:01:32 | 000,007,407 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OSK.ahk
[2012/12/29 07:54:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/29 07:44:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/29 07:26:36 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2012/12/28 19:39:01 | 021,168,275 | ---- | M] () -- C:\Program Files\Java-tomcat bckup.rar
[2012/12/28 15:59:00 | 000,000,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.master
[2012/12/28 15:58:30 | 000,000,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/28 15:50:07 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Acronis True Image Echo Enterprise Server.lnk
[2012/12/28 15:25:41 | 000,000,724 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/12/28 04:49:08 | 000,003,093 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/12/27 20:31:58 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/12/27 20:18:15 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/27 18:37:29 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/27 07:37:10 | 3488,403,456 | -HS- | M] () -- C:\.fuse_hidden0000001300000001
[2012/12/27 06:29:28 | 000,000,709 | RHS- | M] () -- C:\BOOT.BAK
[2012/12/27 05:04:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/12/27 02:31:46 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/27 02:27:06 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/27 02:27:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/12/30 20:30:20 | 000,235,555 | ---- | C] () -- C:\ANG7
[2012/12/30 20:29:50 | 000,235,555 | ---- | C] () -- C:\ANG6
[2012/12/30 20:12:19 | 000,235,561 | ---- | C] () -- C:\ANG5
[2012/12/30 20:06:08 | 000,235,549 | ---- | C] () -- C:\ANG4
[2012/12/30 20:05:00 | 000,235,561 | ---- | C] () -- C:\ANG3
[2012/12/30 20:04:52 | 000,235,561 | ---- | C] () -- C:\ANG2
[2012/12/30 19:59:20 | 000,000,081 | ---- | C] () -- C:\bootedit.bat
[2012/12/30 19:59:20 | 000,000,070 | ---- | C] () -- C:\bootedit.bat.bak
[2012/12/30 19:50:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\EasyBCD Backup (12-30-2012).bcd
[2012/12/30 19:40:18 | 000,235,549 | ---- | C] () -- C:\ANG1
[2012/12/30 19:39:59 | 000,235,549 | ---- | C] () -- C:\ANG0
[2012/12/30 19:35:11 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.0.lnk
[2012/12/30 07:31:50 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/30 00:21:52 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/30 00:18:06 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/30 00:13:16 | 000,000,000 | ---- | C] () -- C:\t2go.1
[2012/12/30 00:13:14 | 000,000,000 | ---- | C] () -- C:\t2go
[2012/12/29 20:05:29 | 000,000,000 | ---- | C] () -- C:\t2vk.1
[2012/12/29 20:05:26 | 000,000,000 | ---- | C] () -- C:\t2vk
[2012/12/29 17:14:36 | 000,000,388 | ---- | C] () -- C:\Program Files\Shortcut (2) to Program Files.lnk
[2012/12/29 17:14:26 | 000,000,388 | ---- | C] () -- C:\Program Files\Shortcut to Program Files.lnk
[2012/12/29 16:30:49 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\fltmgr.reg
[2012/12/29 16:16:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to On-ScreenKeyboardPortable.exe.lnk
[2012/12/29 15:39:00 | 106,229,760 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012/12/29 11:09:30 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to On-ScreenKeyboardPortable.exe.lnk.disabled
[2012/12/29 11:00:03 | 000,007,407 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OSK.ahk
[2012/12/29 07:26:36 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2012/12/28 19:38:07 | 021,168,275 | ---- | C] () -- C:\Program Files\Java-tomcat bckup.rar
[2012/12/28 15:25:38 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/27 20:31:58 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/12/27 20:31:58 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/12/27 19:53:17 | 000,300,144 | RHS- | C] () -- C:\cmldr
[2012/12/27 08:38:35 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/27 08:27:26 | 3488,403,456 | -HS- | C] () -- C:\.fuse_hidden0000001300000001
[2012/12/27 06:29:28 | 000,000,709 | RHS- | C] () -- C:\BOOT.BAK
[2012/12/27 05:04:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/12/27 03:36:53 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2012/12/23 14:35:12 | 000,002,885 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2012/01/19 12:20:41 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/20 10:48:11 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\tccom.exe
[2011/05/03 20:02:16 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2011/01/23 13:40:11 | 000,000,456 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/09/04 04:32:06 | 000,001,910 | ---- | C] () -- C:\Program Files\setup.inf
[2010/09/04 04:32:06 | 000,000,283 | ---- | C] () -- C:\Program Files\setup.rpt
[2010/04/15 09:07:51 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/13 12:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tirf44.dat
[2009/04/13 06:00:46 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 02:59:08 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/16 22:40:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/06 04:27:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2008/08/21 16:05:30 | 000,004,100 | ---- | C] () -- C:\WINDOWS\System32\hdvirffo.dll
[2008/07/13 16:53:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmbi.sys
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/20 02:38:46 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/05/16 08:24:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\superdll.dll
[2008/05/03 16:38:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/04/30 19:57:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\aspSmartUploadUtil.dll
[2008/04/27 12:02:24 | 002,035,712 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2008/04/22 13:29:52 | 000,305,888 | ---- | C] () -- C:\WINDOWS\NICCfg.dat
[2008/04/22 13:29:26 | 000,305,896 | ---- | C] () -- C:\WINDOWS\dhcpcfg.dat
[2008/04/21 21:58:13 | 000,018,065 | ---- | C] () -- C:\WINDOWS\uedit32.INI
[2008/04/17 13:03:51 | 000,249,856 | ---- | C] () -- C:\WINDOWS\libmySQL.dll
[2008/04/17 05:46:23 | 000,003,093 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/16 04:07:24 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2008/04/14 03:22:25 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/04/13 16:43:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\my.ini
[2008/04/13 10:56:33 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\hapi32.dll
[2008/04/13 10:55:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\mimepp_core.dll
[2008/04/13 10:55:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vbpasswd.dll
[2008/04/13 10:55:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PASSWD.DLL
[2008/04/13 10:54:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\BINDCmd.exe
[2008/04/13 07:01:33 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/13 07:01:30 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/13 07:01:29 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/12 02:31:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/11 20:49:53 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/11 20:45:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES_ru.dll
[2008/04/11 20:45:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\SDRES.dll
[2008/04/11 20:45:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhtw.dll
[2008/04/11 20:45:57 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SDRES_zhcn.dll
[2008/04/11 20:45:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\sndmail.exe
[2008/04/11 20:45:57 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/04/11 20:45:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\supermon.dll
[2008/04/11 20:45:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SMBiosInfo.exe
[2008/04/11 20:45:57 | 000,010,688 | ---- | C] () -- C:\WINDOWS\System32\SuperDOpt.ini
[2008/04/11 20:45:57 | 000,003,238 | ---- | C] () -- C:\WINDOWS\System32\WinIo.sys
[2008/04/11 20:45:56 | 000,010,356 | ---- | C] () -- C:\WINDOWS\System32\SuperD.ini
[2008/04/11 20:44:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/04/11 20:39:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\icfutil.exe
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/06 16:58:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80.dll
[2007/04/19 05:38:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/19 03:43:09 | 000,082,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\3wareDrv.sys
[2007/04/19 02:28:35 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/19 02:19:54 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/18 20:58:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/18 20:57:41 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/18 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/02/18 04:00:00 | 000,855,984 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/02/18 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/02/18 04:00:00 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/02/18 04:00:00 | 000,223,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/02/18 04:00:00 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/02/18 04:00:00 | 000,179,440 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/02/18 04:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/02/18 04:00:00 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/02/18 04:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/02/18 04:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/02/18 04:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/02/18 04:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/02/18 04:00:00 | 000,005,644 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/02/18 04:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/02/18 04:00:00 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/02/18 04:00:00 | 000,004,459 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/02/18 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/02/18 04:00:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7

< End of report >

Edited by Oh My, 01 January 2013 - 03:50 PM.
Oh My Compressed Data


#9 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 December 2012 - 04:09 AM

I am waiting for you..., If you can please reply faster.
Do I do some changes by myself?
like delete:
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 01 January 2013 - 03:38 PM

Greetings kavian and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to tell you from the start it is more difficult to address Server 2003 issues for at least a couple of reasons. First, many of the standard tools we use to evaluate and fix systems are not designed for, nor do they fully work as intended, on your Operating System. That creates a stumbling block in trying to accurately determine the condition of your computer. Without that information it is then sometimes difficult to identify what needs to be addressed and at least equally difficult to fix it. The second reason why is because of our limited exposure to Server 2003 issues and as a consequence our relative inexperience in dealing with the unique dynamics of the system.

Having said that, please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:13 PM

Posted 01 January 2013 - 04:28 PM

Hi kavian,

Thank you once again for your patience. We do apologize for the extended delay.

Can you tell me if you recognize this file:

C:\.fuse_hidden0000001300000001


Please do the following for me.


===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

    C:\WINDOWS\System32\drivers\mchInjDrv.sys
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :PROCESSES
    KILLALLPROCESSES
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
    SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
    File not found (No name found) -- 
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
    C:\WINDOWS\tasks\At1.job
    @Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Virustotal link
  • OTL log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 January 2013 - 08:19 PM

Thank you dear Gary,

I was counting seconds for reading your nice message in last 7 days!.
I will do it now and will update you about results soon.
I don't know how much was it correct (For my security) but I made this link too. maybe it helps for your investigations.

http://www.getsysteminfo.com/read.php?file=b211019dbabc8d70c6918110cbc99c46&key=rtAzQ5Ye

regards
kavian

#13 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 January 2013 - 09:01 PM

hello again,
1. about C:\.fuse_hidden0000001300000001 , I have not saw it till now.
now I am making a copy of it to somewhere else to analyze it more.


2.about C:\WINDOWS\System32\drivers\mchInjDrv.sys

https://www.virustotal.com/file/8ce8ba8e726ee8925e6560d86ac35be1097691d1cfac888e6bd20e804ea9eb15/analysis/1357090199/

Also I don't know it too.


3. OTL ran and restarting now.... I will update you after comming back.

#14 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 January 2013 - 09:25 PM

nothing changed in system I will tell you more about it in next post.
Note: yesterday I myself deleted that ADS by ADSSPY.
========== PROCESSES ==========
All processes killed
========== OTL ==========
Service WinHttpAutoProxySvc stopped successfully!
Service WinHttpAutoProxySvc deleted successfully!
Service MsMpSvc stopped successfully!
Service MsMpSvc deleted successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7 .

OTL by OldTimer - Version 3.2.22.3 log created on 01012013_175528

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 kavian

kavian
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 January 2013 - 09:44 PM

my observations on this computer after reboot:
1. same as before in every restart we have new files in c:\windows\temp
01/01/2013 06:01 PM 1,048,576 isastg.exe.7dc.etl
01/01/2013 05:56 PM 1,048,576 isastg.exe.810.etl
01/01/2013 06:04 PM 0 JETC833.tmp
01/01/2013 06:02 PM 1,048,576 mspadmin.exe.e54.etl
12/31/2012 10:19 AM 1,048,576 mspadmin.exe.e90.etl
01/01/2013 06:01 PM 1,048,576 snmp.exe.a2c.etl
01/01/2013 05:56 PM 1,048,576 snmp.exe.a60.etl
01/01/2013 06:03 PM 1,048,576 W3Prefch.exe.084.etl
12/31/2012 10:21 AM 1,048,576 W3Prefch.exe.0b8.etl
I think this files are making by wmiprvse.exe.

2.Somewhere of HDD is unreadable for some programs.
for example:
MBAM could not run and it is Mbar report:
Downloaded database version: v2013.01.01.02
Downloaded database version: v2012.12.27.02
Initializing...
Done!
Could not initialize database
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b4c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b936cd8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8b937bf8, DeviceName: \Device\VSCSIDISK0\, DriverName: \Driver\dontgo\
DevicePointer: 0xffffffff8b4c9880, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b4c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b93dcb0, DeviceName: \Device\00000086\, DriverName: \Driver\arcsas\
------------ End ----------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users