Hi,

About a week ago I noticed things weren't right with my laptop. Desktop icons changing to the default MSDOS icon and won't run. Then I noticed taskmanager won't run, nor will regedit. I am the sole user of this laptop with full administrator rights, yet windows tells me that I don't have permission/rights to run some of my software progs. I dig and dig and dig and find I have no firewall anymore, my antivirus won't run, and windows doesn't alert me that there is a problem. I can't install my firewall again, antivirus won't uninstall, nor install, I'm hung. Through some scanners and such, I find I have Win32/Heur, Tanatos.M, and a trojan downloader. HijackThis won't work, antispyware won't install ... yuk! I finally get some things to sorta work again though. I got some of the problems solved I think. Got rid of Tanatos.M and the trojan downloader. The win32/heur doesn't show up in SAS anymore, MBAM doesn't seem too unhappy, but my registry isn't right concerning security and rights, Windows will not boot in safe mode, and I don't know what else to do at the moment.

I went through the steps in your cleaning guide in order, and back to back, here are the logs you request for them. Thank you very much for your time and effort.

Hello RCguy and and welcome to Geeks To Go.

I am jwang01 and I will be assisting you with your issue.

Sorry for the delay. This forum is quite busy.

Please note that I am still in training here and all my post's need to be checked by an Expert before I can post them. This may cause a slight delay in my respones.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

As it has be been awhile since you last ran those scan's, I would like to get a fresh look at your system.



Please don't start multiple threads about the same issue. We will work from this thread and the other one will be closed.


To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

This post has been edited by jwang01: Sep 4 2009, 01:16 PM

 OTS_9_4_09_4.02.PM.Txt ( 222.36K ) Number of downloads: 51
First of all ... Thank you very much for your time.

I did as you ask, and the report is attached. I did shutdown all programs except taskmanager. I have a terrible time to get taskmanager started when I boot my computer, so I just leave it running after I get it started so I can manually shutdown the programs that this lil mutt of a problem keeps starting anytime I have an internet connection. I am connected to the internet through an ethernet router, which also is the connection back to the printer, so I can't just always do without the connection. Anyway, computer is still about the same as it was, but I don't leave the lil *.exe's running for very long that start on their own .... oh, yet another one just started ... winxyqql.exe ... now stopped. I still do have a desktop icon that has reverted back to the MSDOS icon, and outlook on my quicklaunch icon is the MSDOS icon. I do not attempt to run software that isn't essential to what I'm doing for fear of corruption or ... whatever.

Again, thank you

This post has been edited by RCguy: Sep 4 2009, 02:24 PM

Oh by the way, after OTS ran, I just noticed that there is now text in the 'Paste Fix Here' box, it is as follows:

"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.

Also, I hope I'm attaching the files as you would like, they don't look like other topics I've viewed. Let me know if not, and what I'm doing wrong.... just dunno

This post has been edited by RCguy: Sep 4 2009, 02:28 PM

Hello,


The attachment was posted ok.


Please go to VirusTotal and do the following:

• Click on the Browse button
• Navigate to C:\Windows\explorer.exe
• Then Select Upload
• Please repeat the steps for C:\Windows\System32\svchost.exe
• Please post the contents of both reports in your next reply

Next




Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Next



Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

• Click on the Log tab.
• In the Write to log box select all items.
• Click on the Create Log button on the bottom right.
• After a few seconds a new Window should appear.
• Make sure Scan all drives is selected and click on the Start button.
• When it is complete a new Window will appear to indicate that the scan is finished.
• The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

Next


Please open up OTL and make sure the extra registry section is set to use safe list. Then press Run Scan and post those logs in your next reply



Please post the logs of VirusTotal, OTS, Sysprot, and OTL in your next reply

Hi Jwang01,

Thanks for you help. I can't navigate to many security sites, so ..... I uploaded explorer and svchost to another computer via email, saved the files to the desktop, and using the other computer, sent both files to VirusTotal.com and had the scans done, then emailed the results back to my computer. It worked anyway as far as I know. Here are the reports you requested:



SysProtect Log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 828
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1188
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\S24EvMon.exe
PID: 1288
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1404
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1512
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PID: 1852
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 240
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 820
Hidden: No
Window Visible: No

Name: C:\Program Files\AskBarDis\bar\bin\AskService.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PID: 1076
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PID: 1436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\RegSrvc.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\tcpsvcs.exe
PID: 1836
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\snmp.exe
PID: 1872
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1916
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1484
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 2396
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2472
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2488
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\taskmgr.exe
PID: 3660
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3748
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3916
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Owner\Desktop\sysprot\SysProt\SysProt.exe
PID: 848
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Owner\Desktop\sysprot\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: EC161000
Module End: EC16C000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806ED700
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 80701D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7987000
Module End: F7989000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7897000
Module End: F789A000
Hidden: No

Module Name: spye.sys
Service Name: ---
Module Base: F7366000
Module End: F7466000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7989000
Module End: F798B000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F734E000
Module End: F7366000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7320000
Module End: F734E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F730F000
Module End: F7320000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7487000
Module End: F7497000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7497000
Module End: F74A5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F74A7000
Module End: F74B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F789B000
Module End: F789E000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F789F000
Module End: F78A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A4F000
Module End: F7A50000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7707000
Module End: F770E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F798B000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F72F1000
Module End: F730F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74B7000
Module End: F74C2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F72D2000
Module End: F72F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F78A3000
Module End: F78A6000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7A50000
Module End: F7A51000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F770F000
Module End: F7714000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74C7000
Module End: F74D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F72BA000
Module End: F72D2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74D7000
Module End: F74E0000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74E7000
Module End: F74F4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F729A000
Module End: F72BA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7288000
Module End: F729A000
Hidden: No

Module Name: nwfilter.sys
Service Name: NWFILTER
Module Base: F78A7000
Module End: F78AB000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7717000
Module End: F771C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7271000
Module End: F7288000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F71E4000
Module End: F7271000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F71B7000
Module End: F71E4000
Hidden: No

Module Name: srescan.sys
Service Name: srescan
Module Base: F71A3000
Module End: F71B7000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: F771F000
Module End: F7727000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: F7192000
Module End: F71A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\rmedia.sys
Service Name: rmedia
Module Base: F7181000
Module End: F7192000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nicm.sys
Service Name: NICM
Module Base: F74F7000
Module End: F7500000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7167000
Module End: F7181000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: F797F000
Module End: F7982000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F76B7000
Module End: F76C0000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7983000
Module End: F7987000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F6911000
Module End: F6A67000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F68FD000
Module End: F6911000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F77F7000
Module End: F77FD000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F68D9000
Module End: F68FD000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F77FF000
Module End: F7807000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F76C7000
Module End: F76D7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
Service Name: RTL8023
Module Base: F76D7000
Module End: F76E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\w29n51.sys
Service Name: w29n51
Module Base: F66BB000
Module End: F68D9000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F76E7000
Module End: F76F4000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7807000
Module End: F780D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F668F000
Module End: F66BB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79C7000
Module End: F79C9000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F780F000
Module End: F7815000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F76F7000
Module End: F7702000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7517000
Module End: F7527000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7527000
Module End: F7536000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ks.sys
Service Name: ---
Module Base: F666C000
Module End: F668F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\smwdm.sys
Service Name: smwdm
Module Base: F65D6000
Module End: F666C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F65B2000
Module End: F65D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7537000
Module End: F7546000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aeaudio.sys
Service Name: aeaudio
Module Base: F79C9000
Module End: F79CB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
Service Name: HSFHWICH
Module Base: F6581000
Module End: F65B2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F6482000
Module End: F6581000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F63DC000
Module End: F6482000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7817000
Module End: F781F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nchssvad.sys
Service Name: NCHSSVAD
Module Base: F7547000
Module End: F7553000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7AB3000
Module End: F7AB4000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7557000
Module End: F7564000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F712E000
Module End: F7131000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F63C5000
Module End: F63DC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F7567000
Module End: F7572000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7577000
Module End: F7583000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F781F000
Module End: F7824000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F6314000
Module End: F6325000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7587000
Module End: F7590000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F782F000
Module End: F7834000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7837000
Module End: F783C000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7597000
Module End: F75A1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79CB000
Module End: F79CD000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\update.sys
Service Name: Update
Module Base: F62B6000
Module End: F6314000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F711E000
Module End: F7122000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F75A7000
Module End: F75B1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F75C7000
Module End: F75D6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F79D5000
Module End: F79D7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7B2C000
Module End: F7B2D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79D7000
Module End: F79D9000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F7857000
Module End: F785D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79D9000
Module End: F79DB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F79DB000
Module End: F79DD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F785F000
Module End: F7864000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F7867000
Module End: F786F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F793B000
Module End: F793E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE119000
Module End: EE12C000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE0C0000
Module End: EE119000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: Tcpip6
Module Base: EE088000
Module End: EE0C0000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE060000
Module End: EE088000
Hidden: No

Module Name: C:\WINDOWS\System32\vsdatant.sys
Service Name: vsdatant
Module Base: EDFF5000
Module End: EE060000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EDFA7000
Module End: EDFCD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ip6fw.sys
Service Name: ip6fw
Module Base: F75F7000
Module End: F7600000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7607000
Module End: F7610000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F7617000
Module End: F7626000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F795B000
Module End: F795E000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: ED214000
Module End: ED236000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7627000
Module End: F7630000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: ED1EF000
Module End: ED214000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F786F000
Module End: F7875000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: ED1C4000
Module End: ED1EF000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: ED154000
Module End: ED1C4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7637000
Module End: F7642000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F76A7000
Module End: F76B7000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ED114000
Module End: ED12C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7995000
Module End: F7997000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EDFE1000
Module End: EDFE4000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7797000
Module End: F779C000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7AA0000
Module End: F7AA1000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
Service Name: BVRPMPR5
Module Base: F77B7000
Module End: F77BE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mdc8021x.sys
Service Name: MDC8021X
Module Base: ED010000
Module End: ED014000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Service Name: NwlnkIpx
Module Base: ECF6E000
Module End: ECF84000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Service Name: NwlnkNb
Module Base: F7677000
Module End: F7687000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: ED000000
Module End: ED003000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: ECFE8000
Module End: ECFEC000
Hidden: No

Module Name: C:\WINDOWS\system32\NetWare\resmgr.sys
Service Name: RESMGR
Module Base: F77BF000
Module End: F77C6000
Hidden: No

Module Name: C:\WINDOWS\system32\NetWare\srvloc.sys
Service Name: SRVLOC
Module Base: ECD40000
Module End: ECD66000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: ECCEB000
Module End: ECD18000
Hidden: No

Module Name: C:\WINDOWS\system32\NetWare\nwfs.sys
Service Name: NetwareWorkstation
Module Base: ECC72000
Module End: ECCEB000
Hidden: No

Module Name: C:\WINDOWS\system32\NetWare\NWSAP.sys
Service Name: NWSAP
Module Base: F783F000
Module End: F7845000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
Service Name: CdaC15BA
Module Base: ECE26000
Module End: ECE29000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\hardlock.sys
Service Name: hardlock
Module Base: ECBB3000
Module End: ECC22000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: ECB8F000
Module End: ECBB3000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: ECD3C000
Module End: ECD3F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys
Service Name: Srv
Module Base: ECA9D000
Module End: ECAEF000
Hidden: No

Module Name: C:\WINDOWS\system32\NetWare\nwdhcp.sys
Service Name: NWDHCP
Module Base: F773F000
Module End: F7744000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Service Name: NwlnkSpx
Module Base: ECDE6000
Module End: ECDF4000
Hidden: No

Module Name: C:\WINDOWS\system32\NetWare\nwsipx32.sys
Service Name: NWSIPX32
Module Base: ECDD6000
Module End: ECDE0000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: ECD96000
Module End: ECDA0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: EC650000
Module End: EC665000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EC9E5000
Module End: EC9F4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: EC339000
Module End: EC37A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: EC2C1000
Module End: EC2CA000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\olnmoq.sys
Service Name: abp470n5
Module Base: F7A11000
Module End: F7A13000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: EC066000
Module End: EC091000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateFile
Address: EE013C80
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateKey
Address: EE02E170
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteFile
Address: EE014210
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteKey
Address: EE02E9F0
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteValueKey
Address: EE02E7A0
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwEnumerateKey
Address: F7385CA2
Driver Base: F7366000
Driver End: F7466000
Driver Name: spye.sys

Function Name: ZwEnumerateValueKey
Address: F7386030
Driver Base: F7366000
Driver End: F7466000
Driver Name: spye.sys

Function Name: ZwLoadKey
Address: EE02EF10
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwLoadKey2
Address: EE02EF90
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenFile
Address: EE014070
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenKey
Address: F73670C0
Driver Base: F7366000
Driver End: F7466000
Driver Name: spye.sys

Function Name: ZwQueryKey
Address: F7386108
Driver Base: F7366000
Driver End: F7466000
Driver Name: spye.sys

Function Name: ZwQueryValueKey
Address: F7385F88
Driver Base: F7366000
Driver End: F7466000
Driver Name: spye.sys

Function Name: ZwRenameKey
Address: EE02F6F0
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwReplaceKey
Address: EE02F150
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwRestoreKey
Address: EE02F540
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSetInformationFile
Address: EE014440
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSetValueKey
Address: EE02E4E0
Driver Base: EDFF5000
Driver End: EE060000
Driver Name: \SystemRoot\System32\vsdatant.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7367000
Hooking Module: spye.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 855E2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 855E2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 855E2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 855E2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 855E2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 855E2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8574D1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 84C491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 84C491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 84C491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 84C491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 84C491F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 855881F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: EE03B880
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: EE03B880
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: EE03B880
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: EE03B880
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: EE03B880
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 855E1500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 855E1500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 855E1500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 855E1500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 855E1500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 855E1500
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_CREATE
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_CLOSE
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_READ
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_WRITE
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SET_EA
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_POWER
Jump To: F736EE1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7383514
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F73AAB1C
Hooking Module: spye.sys

Hooked Module: \Driver\PCI_PNP2576
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F73AAB1C
Hooking Module: spye.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ROGERLAPTOP.KEMP.LOCAL:1121
Remote Address: A96-7-46-80.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: ESTABLISHED

Local Address: ROGERLAPTOP.KEMP.LOCAL:427
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ROGERLAPTOP.KEMP.LOCAL:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ROGERLAPTOP:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\AskBarDis\bar\bin\AskService.exe
State: LISTENING

Local Address: ROGERLAPTOP:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: ROGERLAPTOP:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ROGERLAPTOP:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: ROGERLAPTOP:CHARGEN
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: ROGERLAPTOP:QOTD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: ROGERLAPTOP:DAYTIME
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: ROGERLAPTOP:DISCARD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: ROGERLAPTOP:ECHO
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: ROGERLAPTOP.KEMP.LOCAL:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ROGERLAPTOP.KEMP.LOCAL:1044
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ROGERLAPTOP.KEMP.LOCAL:427
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ROGERLAPTOP.KEMP.LOCAL:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ROGERLAPTOP.KEMP.LOCAL:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ROGERLAPTOP.KEMP.LOCAL:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ROGERLAPTOP:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ROGERLAPTOP:1034
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: ROGERLAPTOP:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ROGERLAPTOP:7640
Remote Address: NA
Type: UDP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: NA

Local Address: ROGERLAPTOP:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: ROGERLAPTOP:1026
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\spoolsv.exe
State: NA

Local Address: ROGERLAPTOP:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: ROGERLAPTOP:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ROGERLAPTOP:161
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\snmp.exe
State: NA

Local Address: ROGERLAPTOP:CHARGEN
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: ROGERLAPTOP:QOTD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: ROGERLAPTOP:DAYTIME
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: ROGERLAPTOP:DISCARD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: ROGERLAPTOP:ECHO
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{1C5C44A1-2FDC-42B5-8242-B6F085064C4F}
Status: Access denied

Object: C:\System Volume Information\_restore{CDDF9E3F-7121-4F65-B939-46B642D264BE}
Status: Access denied

OTL logfile created on: 9/5/2009 8:29:21 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop\Geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 66.07 Mb Available Physical Memory | 13.81% Memory free
1.10 Gb Paging File | 0.80 Gb Available in Paging File | 73.26% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 23.95 Gb Free Space | 32.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROGERLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2003/12/16 19:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2005/11/29 12:57:34 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2009/08/24 16:37:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/20 11:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2003/12/16 19:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/03/31 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/11/20 18:18:50 | 00,499,712 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/08/24 16:37:11 | 00,227,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 07:45:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2006/02/21 09:26:42 | 00,147,456 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - File not found -- -- (AresChatServer [On_Demand | Stopped])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/06 10:30:21 | 00,158,824 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2005/11/29 12:57:34 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/18 10:17:56 | 00,036,864 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\cusrvc.exe -- (cusrvc [On_Demand | Stopped])
SRV - [2002/04/29 07:51:00 | 00,147,456 | ---- | M] () -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/25 15:34:31 | 00,257,008 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2003/05/06 15:13:32 | 00,188,416 | ---- | M] (Rockwell Software Inc.) -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,143,360 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/08/24 16:37:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/20 11:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/12/02 08:28:32 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\WINDOWS\System32\OpcEnum.exe -- (OpcEnum [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
SRV - [2003/12/16 19:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/07/29 15:45:46 | 01,978,640 | ---- | M] (Rockwell Software, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx [On_Demand | Stopped])
SRV - [2003/12/16 19:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2003/03/31 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,180,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,983,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/06/03 04:08:02 | 00,071,448 | ---- | M] (Rockwell Software Inc.) -- C:\WINDOWS\System32\Drivers\ABKTCX.sys -- (ABKTCX [On_Demand | Stopped])
DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2006/04/10 11:10:34 | 00,044,224 | ---- | M] (BVRP Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Running])
DRV - [2005/11/29 12:57:36 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2003/02/19 15:14:12 | 00,019,153 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
DRV - [2002/12/20 11:59:20 | 00,050,396 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
DRV - [2002/11/18 20:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])
DRV - [2008/07/21 09:26:56 | 00,453,632 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2003/10/14 22:08:22 | 00,197,120 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2003/10/14 22:04:16 | 01,043,072 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/02/07 10:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/06/23 14:39:15 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/08/19 12:21:12 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
DRV - [2005/02/16 18:49:28 | 00,494,347 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwfs.sys -- (NetwareWorkstation [Auto | Running])
DRV - [2004/08/19 13:34:06 | 00,038,848 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM [Boot | Running])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/16 16:52:02 | 00,017,101 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwdhcp.sys -- (NWDHCP [Auto | Running])
DRV - [2005/01/13 10:43:26 | 00,037,196 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwdns.sys -- (NWDNS [On_Demand | Stopped])
DRV - [2005/01/14 09:46:38 | 00,015,919 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER [Boot | Running])
DRV - [2004/02/17 16:16:58 | 00,011,856 | ---- | M] () -- C:\WINDOWS\System32\NetWare\NWHOST.sys -- (NWHOST [On_Demand | Stopped])
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2003/03/31 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2003/03/31 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2003/02/26 15:51:18 | 00,023,232 | ---- | M] () -- C:\WINDOWS\System32\NetWare\NWSAP.sys -- (NWSAP [On_Demand | Running])
DRV - [2004/07/12 17:52:20 | 00,041,888 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwsipx32.sys -- (NWSIPX32 [Auto | Running])
DRV - [2005/01/03 15:51:38 | 00,020,332 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwslp.sys -- (NWSLP [On_Demand | Stopped])
DRV - [2003/02/13 08:27:38 | 00,005,808 | ---- | M] () -- C:\WINDOWS\System32\NetWare\NWSNS.sys -- (NWSNS [On_Demand | Stopped])
DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/08/22 15:44:03 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/01 19:19:34 | 00,027,249 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\resmgr.sys -- (RESMGR [Auto | Running])
DRV - [2003/10/20 22:09:26 | 00,065,664 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rmedia.sys -- (rmedia [Boot | Running])
DRV - [2004/06/03 04:08:34 | 00,030,166 | ---- | M] (Rockwell Software, Inc.) -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl [On_Demand | Stopped])
DRV - [2004/06/03 04:08:36 | 00,155,440 | ---- | M] (Rockwell Software Inc.) -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL [On_Demand | Stopped])
DRV - [2004/06/03 04:08:38 | 00,142,592 | ---- | M] (Rockwell Software, Inc.) -- C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS -- (RS_SS_NT [On_Demand | Stopped])
DRV - [2003/08/13 18:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Running])
DRV - [2003/09/15 13:20:18 | 00,011,258 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2007/09/05 04:03:00 | 00,049,664 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2005/03/03 13:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 11:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/01/13 19:40:28 | 00,612,032 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2009/08/19 12:11:27 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2005/01/03 15:55:34 | 00,155,405 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\srvloc.sys -- (SRVLOC [Auto | Running])
DRV - [2003/11/20 18:15:16 | 00,178,528 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2004/01/02 05:52:34 | 01,646,720 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand | Stopped])
DRV - [2008/01/07 13:36:16 | 02,216,064 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2003/10/14 22:05:48 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - File not found -- -- (abp470n5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DD 17 B2 8C 22 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/26 15:33:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 17:00:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 16:37:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/13 14:32:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 09:18:56 | 00,000,000 | ---D | M]

[2009/08/24 15:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions
[2009/08/14 09:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/23 12:00:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/24 15:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/05 07:46:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/13 14:32:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/13 14:34:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/24 16:37:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007/06/19 20:22:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com
[2009/08/13 14:32:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/03/05 18:08:04 | 00,061,440 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/13 14:32:28 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/08/13 14:32:28 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/08/13 14:32:28 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/08/13 14:32:30 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/08/13 14:32:30 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/24 16:37:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/13 14:32:42 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/13 14:32:51 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/13 14:32:51 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 00:12:00 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/13 14:32:51 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/13 14:32:51 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/13 14:32:51 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 Pro\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NWTRAY] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\netware\NWWS2NDS.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\netware\NWWS2SAP.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\netware\NWWS2SLP.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1124832226067 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1133885287693 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-5b2448a5e5555cbf.spaces.live.co...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://raiseinstall.rockwellautomation.com...emand/setup.exe (InstallShield Setup Player 2K2)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 64.255.96.2 64.255.96.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/23 13:39:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/09/05 08:18:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sysprot
[2009/09/05 08:05:36 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/09/05 08:02:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks2
[2009/09/01 08:37:52 | 00,025,658 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.pdf
[2009/08/31 14:59:35 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.doc
[2009/08/27 07:56:14 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/27 07:56:14 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/27 07:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 07:48:06 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 07:42:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks
[2009/08/26 08:58:33 | 00,000,385 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Welcome to your control panel.url
[2009/08/25 15:18:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/25 14:50:26 | 03,254,000 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/08/25 08:07:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/08/25 08:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/24 16:37:31 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 16:37:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 16:37:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 16:37:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 16:37:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/24 16:03:32 | 00,000,253 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2009/08/24 15:55:13 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/08/24 15:53:34 | 00,796,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u15.exe
[2009/08/24 15:53:18 | 00,881,976 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/08/24 15:49:02 | 00,466,305 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.mht
[2009/08/24 15:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/08/24 15:39:11 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/08/24 15:39:09 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/08/24 15:39:09 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/08/24 15:39:01 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/08/24 15:38:59 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/08/24 15:38:59 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/08/24 15:38:59 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/08/24 15:38:59 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/08/24 15:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/08/24 15:38:53 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/08/24 15:38:53 | 00,350,130 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/24 15:38:04 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/08/24 15:38:04 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/08/24 15:38:04 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/08/24 15:37:19 | 34,055,048 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_80_298_000_en.exe
[2009/08/24 11:21:32 | 02,628,096 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rmtanat.exe
[2009/08/21 16:39:17 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/08/21 14:23:10 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/08/21 13:13:26 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/21 13:13:26 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/21 13:13:26 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/21 13:13:26 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/21 13:13:26 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/21 13:13:26 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/21 13:13:26 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/21 13:13:26 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/21 13:13:26 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/21 13:13:26 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/21 13:13:26 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/21 13:13:26 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/21 13:13:26 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/21 13:13:26 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/21 13:13:26 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/21 13:13:26 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/21 13:13:26 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/21 13:13:26 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/21 13:13:26 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/21 13:13:26 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/21 13:13:26 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/21 13:13:26 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/21 13:13:26 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/21 13:13:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/21 13:13:25 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/21 13:13:25 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/21 13:13:25 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/21 13:13:25 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/21 13:13:24 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/21 13:13:24 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/21 13:13:24 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/21 13:13:24 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/21 13:13:24 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/21 13:13:24 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/21 13:13:24 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/21 13:13:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/21 13:13:24 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/21 13:13:23 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/21 13:13:23 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/21 13:13:23 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/21 13:13:23 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/21 13:13:23 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/21 13:13:23 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/21 13:13:23 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/21 13:13:23 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/21 13:13:23 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/21 13:13:23 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/21 13:13:23 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/21 13:13:23 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/21 13:13:23 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/21 13:13:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/21 13:13:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/21 13:13:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/21 13:13:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/21 13:13:22 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/21 13:13:22 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/21 13:13:22 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/21 13:13:22 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/21 13:13:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/21 12:43:33 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/21 12:43:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/21 12:43:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/21 12:28:19 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\regxplor.dll
[2009/08/21 08:36:57 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/20 13:06:30 | 01,294,368 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/20 13:06:30 | 00,057,120 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/20 13:06:30 | 00,014,612 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/20 13:06:30 | 00,005,924 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/20 13:01:08 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Please help! Infected with Win32-Heur and Win32-Tanatos_M [RESOLVE.mht
[2009/08/20 12:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/08/20 12:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/20 12:43:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2009/08/20 12:32:13 | 00,000,000 | ---D | C] -- C:\Program Files\avg1
[2009/08/20 09:38:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/20 08:52:58 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/08/20 08:42:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CD_DVD Burners
[2009/08/19 14:00:12 | 00,022,183 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.pdf
[2009/08/19 13:56:05 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.doc
[2009/08/19 12:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/19 12:57:33 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/19 12:57:29 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/19 12:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/08/19 12:21:12 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2009/08/19 12:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/08/19 12:11:27 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/19 12:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2009/08/19 11:54:24 | 00,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2009/08/19 11:54:24 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/08/19 11:54:23 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2009/08/19 11:54:23 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2009/08/19 11:54:23 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2009/08/19 11:54:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2009/08/19 11:54:22 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/08/19 11:54:22 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/08/19 11:54:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/08/19 11:54:21 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/08/19 11:54:21 | 00,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner
[2009/08/19 11:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nero
[2009/08/19 11:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/08/19 11:39:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/19 11:39:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/08/19 07:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Recovery
[2009/08/18 13:51:00 | 00,082,923 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Recovery console for those without an XP disk.mht
[2009/08/18 12:34:34 | 00,296,972 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\recovery_console_cd.zip
[2009/08/18 09:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/18 09:15:14 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/18 09:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/18 09:15:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/18 09:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 09:12:07 | 00,480,519 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Appear to Have Trojan or TrojanS- Malware Bytes Won't Remove.mht
[2009/08/14 15:31:21 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/14 08:47:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/14 08:47:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/13 18:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2009/08/13 18:16:34 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 18:15:50 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/11 13:52:53 | 00,021,410 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ADM Redundant Dump Pit Shutdown Controller.pdf
[2009/08/06 10:29:00 | 00,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2009.lnk
[2009/08/06 10:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2009
[2009/08/06 08:43:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AutoCad Install
[2009/02/27 01:08:24 | 00,075,576 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/04 18:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/11/27 17:50:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/31 09:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/19 21:51:59 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/07/19 20:42:21 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2007/06/19 20:29:29 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/03 08:31:28 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/12/10 17:32:16 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/07/26 07:55:49 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/24 17:53:36 | 00,001,635 | ---- | C] () -- C:\WINDOWS\System32\MRCVersion.ini
[2006/02/23 14:40:20 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vrcomp.dll
[2006/02/23 14:40:19 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\vrupcfg.dll
[2006/02/23 14:40:19 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\VrCAB.dll
[2006/02/23 14:40:18 | 00,299,008 | ---- | C] () -- C:\WINDOWS\VrEncDec.dll
[2006/02/23 14:40:18 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\VrEncDec.dll
[2006/02/23 14:40:18 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\Vrazrar.dll
[2006/02/23 14:40:16 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\VMSLog.dll
[2006/02/23 14:40:16 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Vrazace.dll
[2006/02/23 14:40:15 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VrExpJpn.dll
[2006/02/21 12:42:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/02/08 12:12:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2006/02/06 11:34:03 | 00,251,420 | ---- | C] () -- C:\WINDOWS\System32\FarLsp.dll
[2006/02/06 11:34:03 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\WipeAllCom.dll
[2006/02/06 11:34:03 | 00,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2005/11/30 17:50:02 | 00,000,062 | ---- | C] () -- C:\WINDOWS\abecad.ini
[2005/11/30 17:49:27 | 00,000,490 | ---- | C] () -- C:\WINDOWS\fw.ini
[2005/11/14 18:28:36 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/11/14 10:22:45 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/11/14 10:22:45 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/14 10:22:45 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/11/04 09:03:41 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/11/04 09:03:41 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/11/04 09:03:41 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/11/04 09:03:33 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2005/11/04 09:03:33 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2005/11/04 09:03:33 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2005/11/04 09:03:32 | 00,009,015 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2005/11/04 09:03:06 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/10/16 15:16:07 | 00,000,035 | ---- | C] () -- C:\WINDOWS\worldbuilder.INI
[2005/09/19 10:15:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\esmain.INI
[2005/09/03 21:25:21 | 00,000,515 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/03 09:19:56 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2005/08/25 12:29:53 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/24 17:43:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\csmain.INI
[2005/08/24 17:43:10 | 00,005,597 | ---- | C] () -- C:\WINDOWS\HEIDB.INI
[2005/08/24 17:42:31 | 00,004,257 | ---- | C] () -- C:\WINDOWS\DS400.INI
[2005/08/24 13:19:57 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/24 11:09:30 | 00,299,454 | ---- | C] () -- C:\WINDOWS\ALLSIM.INI
[2005/08/24 11:09:30 | 00,061,268 | ---- | C] () -- C:\WINDOWS\BIUTILSM.INI
[2005/08/24 11:09:30 | 00,057,969 | ---- | C] () -- C:\WINDOWS\SIMSIM.INI
[2005/08/24 11:09:30 | 00,000,580 | ---- | C] () -- C:\WINDOWS\Common.ini
[2005/08/24 11:09:29 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll
[2005/08/24 11:09:28 | 00,000,645 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2005/08/24 11:09:15 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2005/08/23 12:39:20 | 00,005,030 | ---- | C] () -- C:\WINDOWS\Constructor2003.ini
[2005/08/23 12:35:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/23 12:14:36 | 00,001,467 | ---- | C] () -- C:\WINDOWS\EDS.ini
[2005/08/23 12:14:36 | 00,000,260 | ---- | C] () -- C:\WINDOWS\Rocksoft.ini
[2005/08/23 08:03:25 | 00,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2005/08/22 16:33:40 | 00,000,032 | ---- | C] () -- C:\WINDOWS\EVMOVE.INI
[2005/08/22 16:22:10 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll
[2005/02/25 18:20:30 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/02/10 17:44:40 | 00,245,839 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/01/14 10:01:40 | 00,226,304 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004/10/05 18:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/06/26 05:21:18 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/06/23 15:45:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/23 13:51:17 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/22 18:19:37 | 00,000,878 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/22 18:19:37 | 00,000,500 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/06/22 18:19:10 | 00,000,929 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/06/22 18:19:05 | 00,000,306 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/08/07 15:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/28 19:04:22 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/03/27 15:18:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\akrip.dll
[2003/02/05 17:31:42 | 00,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2002/03/18 13:37:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\mwmp3enc.dll
[2001/10/04 15:40:54 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2000/01/20 10:15:14 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/06/30 05:48:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/11 05:37:36 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 10:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 09:36:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/09/05 08:30:43 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BD3D44B5-EE7C-46BA-BADE-4B5FC39C0C79}.job
[2009/09/05 08:12:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/05 08:08:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/05 08:08:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/03 23:00:00 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/09/01 08:39:49 | 00,025,658 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.pdf
[2009/09/01 08:36:28 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.doc
[2009/08/27 07:56:14 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/27 07:56:14 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/26 08:58:33 | 00,000,385 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Welcome to your control panel.url
[2009/08/25 15:16:16 | 00,000,306 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/25 14:50:35 | 03,254,000 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/08/25 14:39:07 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/08/24 16:44:53 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2009/08/24 16:37:10 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/24 16:37:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 16:37:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 16:37:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 16:37:10 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 16:23:30 | 00,796,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u15.exe
[2009/08/24 15:53:22 | 00,881,976 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/08/24 15:49:06 | 00,466,305 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.mht
[2009/08/24 15:41:23 | 00,350,130 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/24 15:39:19 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/24 15:37:39 | 34,055,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_80_298_000_en.exe
[2009/08/24 15:36:19 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/08/24 11:21:59 | 02,628,096 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rmtanat.exe
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/21 14:23:12 | 00,000,929 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/21 14:23:12 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/21 13:06:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/21 11:51:34 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/08/20 17:13:55 | 01,294,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/20 17:12:05 | 00,057,120 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/20 15:09:48 | 00,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/20 15:08:35 | 00,005,924 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/20 15:08:34 | 00,014,612 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/20 13:19:36 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009/08/20 13:01:08 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Please help! Infected with Win32-Heur and Win32-Tanatos_M [RESOLVE.mht
[2009/08/19 14:06:10 | 00,022,183 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.pdf
[2009/08/19 13:58:01 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.doc
[2009/08/19 12:57:33 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/19 12:21:12 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys
[2009/08/19 12:21:12 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2009/08/19 12:11:27 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/18 13:51:01 | 00,082,923 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Recovery console for those without an XP disk.mht
[2009/08/18 12:34:35 | 00,296,972 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\recovery_console_cd.zip
[2009/08/18 09:12:19 | 00,480,519 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Appear to Have Trojan or TrojanS- Malware Bytes Won't Remove.mht
[2009/08/14 16:16:36 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/14 16:16:36 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/14 15:31:21 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/14 15:03:12 | 00,005,030 | ---- | M] () -- C:\WINDOWS\Constructor2003.ini
[2009/08/14 08:47:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/14 08:47:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/11 13:52:53 | 00,021,410 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADM Redundant Dump Pit Shutdown Controller.pdf
[2009/08/06 10:42:58 | 00,062,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/06 10:29:00 | 00,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2009.lnk
< End of report >


This post has been edited by Essexboy: Sep 6 2009, 03:00 PM

Hello,



Please don't attach your log's unless asked. They can make them more difficult to read.

I also noticed that ComboFix is installed on your computer. Can you tell me why? And if you ran it?


I'm not seeing much there. I'll need to get a better look.



Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  CODE
  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Run Scan button. Post the log it produces in your next reply.

Next




Please open up Malware Bytes Anti Malware and click on the update tab. Please update the program and then run a Quick Scan. When it has completed it will open up a log. Please post that back here in your next reply.


Next



Download avz4.zip from here

1. Unzip it to your desktop to a folder named avz4
2. Double click on AVZ.exe to run it.
3. Run an update by clicking the Auto Update button on the Right of the Log window:
4. Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

1. Start AVZ.
   
2. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
   
3. Click on the “Execute selected scripts”.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.

When restarted

1. Start AVZ.
   
2. Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
   
3. Click on the "Execute selected scripts".
4. A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Please post the logs of OTL, MBAM and attach both AVZ files in your next reply

Hi and thanks again,

Yes I installed combofix and yes I ran it. I was getting pretty desperate to try to get some solutions to the variety of problems that Tanatos.M, Win32/Heur and a trojan downloader were causing on my computer. At that point, my computer would barely boot, it would take literally 30 minutes before the mouse pointer would highlight any buttons or icons. At one point, my computer would crash at bootup no matter if I selected even safe boot. So much has happened since then I don't remember exactly what, when, where, but I was finally able to get it to boot into Windows normal again, that's when I decided to follow a procedure on ... I think it Bleepingcomputer.com for a very similiar problem, and Combofix was one of the applications that I had used. I had lost about 2/3 of the icons on my desktop (default MSDOS icon) and after the procedure, things went back to pretty well 'normal' again. In that time, I had (I think anyway) gotten rid of the Tanatos.M, and the trojan downloader. My desktop icons were all back except 1 or 2 I think, but I still had no privelages to use task manager, or regedit. My folder views are still being manipulated also, I have to manually click the 'show hidden files' box every time I open a folder if I want to see hidden files. Hopefully that answers your question, it's been an adventure to be sure.

I ran the OTL fix, here is the report after the fix and after the scan you requested...

Note: After running the fix and reconnecting to the internet, these programs were shown to be running in task manager: winffbbyf.exe, w54f38.exe, winnjgsnm.exe( if you remember, I have to use a 3rd party regedit that ignores privelages in order to re-enable task manager long enough to get it running).

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 3739 bytes
->Temporary Internet Files folder emptied: 133700982 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Rog
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1774.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 17048 bytes
RecycleBin emptied: 5449 bytes

Total Files Cleaned = 127.56 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09072009_091126

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_1774.dat moved successfully.

Registry entries deleted on Reboot...



OTL logfile created on: 9/7/2009 9:21:47 AM - Run 3
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop\Geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 72.51 Mb Available Physical Memory | 15.16% Memory free
1.10 Gb Paging File | 0.79 Gb Available in Paging File | 72.15% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.56 Gb Free Space | 30.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROGERLAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2003/12/16 19:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2005/11/29 12:57:34 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2009/08/24 16:37:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/20 11:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2003/12/16 19:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2003/03/31 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2003/11/20 18:18:50 | 00,499,712 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/08/24 16:37:11 | 00,227,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/07 09:17:51 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\winnjgsnm.exe
PRC - [2009/09/07 09:17:54 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\winffbbyf.exe
PRC - [2009/09/07 09:18:22 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\w54f38.exe
PRC - [2009/08/27 07:45:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2006/02/21 09:26:42 | 00,147,456 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - File not found -- -- (AresChatServer [On_Demand | Stopped])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/06 10:30:21 | 00,158,824 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2005/11/29 12:57:34 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/18 10:17:56 | 00,036,864 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\cusrvc.exe -- (cusrvc [On_Demand | Stopped])
SRV - [2002/04/29 07:51:00 | 00,147,456 | ---- | M] () -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/25 15:34:31 | 00,257,008 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2003/05/06 15:13:32 | 00,188,416 | ---- | M] (Rockwell Software Inc.) -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,143,360 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/08/24 16:37:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/20 11:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/12/02 08:28:32 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\WINDOWS\System32\OpcEnum.exe -- (OpcEnum [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
SRV - [2003/12/16 19:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/07/29 15:45:46 | 01,978,640 | ---- | M] (Rockwell Software, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx [On_Demand | Stopped])
SRV - [2003/12/16 19:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2003/03/31 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,180,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,983,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/06/03 04:08:02 | 00,071,448 | ---- | M] (Rockwell Software Inc.) -- C:\WINDOWS\System32\Drivers\ABKTCX.sys -- (ABKTCX [On_Demand | Stopped])
DRV - File not found -- -- (abp470n5 [On_Demand | Running])
DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2006/04/10 11:10:34 | 00,044,224 | ---- | M] (BVRP Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Running])
DRV - [2005/11/29 12:57:36 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2003/02/19 15:14:12 | 00,019,153 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
DRV - [2002/12/20 11:59:20 | 00,050,396 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
DRV - [2002/11/18 20:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])
DRV - [2008/07/21 09:26:56 | 00,453,632 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2003/10/14 22:08:22 | 00,197,120 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2003/10/14 22:04:16 | 01,043,072 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2006/02/07 10:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/06/23 14:39:15 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/04/09 19:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/08/19 12:21:12 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
DRV - [2005/02/16 18:49:28 | 00,494,347 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwfs.sys -- (NetwareWorkstation [Auto | Running])
DRV - [2004/08/19 13:34:06 | 00,038,848 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM [Boot | Running])
DRV - [2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/16 16:52:02 | 00,017,101 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwdhcp.sys -- (NWDHCP [Auto | Running])
DRV - [2005/01/13 10:43:26 | 00,037,196 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwdns.sys -- (NWDNS [On_Demand | Stopped])
DRV - [2005/01/14 09:46:38 | 00,015,919 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER [Boot | Running])
DRV - [2004/02/17 16:16:58 | 00,011,856 | ---- | M] () -- C:\WINDOWS\System32\NetWare\NWHOST.sys -- (NWHOST [On_Demand | Stopped])
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2003/03/31 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2003/03/31 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2003/02/26 15:51:18 | 00,023,232 | ---- | M] () -- C:\WINDOWS\System32\NetWare\NWSAP.sys -- (NWSAP [On_Demand | Running])
DRV - [2004/07/12 17:52:20 | 00,041,888 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwsipx32.sys -- (NWSIPX32 [Auto | Running])
DRV - [2005/01/03 15:51:38 | 00,020,332 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\nwslp.sys -- (NWSLP [On_Demand | Stopped])
DRV - [2003/02/13 08:27:38 | 00,005,808 | ---- | M] () -- C:\WINDOWS\System32\NetWare\NWSNS.sys -- (NWSNS [On_Demand | Running])
DRV - [2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/08/22 15:44:03 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/06/01 19:19:34 | 00,027,249 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\resmgr.sys -- (RESMGR [Auto | Running])
DRV - [2003/10/20 22:09:26 | 00,065,664 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rmedia.sys -- (rmedia [Boot | Running])
DRV - [2004/06/03 04:08:34 | 00,030,166 | ---- | M] (Rockwell Software, Inc.) -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl [On_Demand | Stopped])
DRV - [2004/06/03 04:08:36 | 00,155,440 | ---- | M] (Rockwell Software Inc.) -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL [On_Demand | Stopped])
DRV - [2004/06/03 04:08:38 | 00,142,592 | ---- | M] (Rockwell Software, Inc.) -- C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS -- (RS_SS_NT [On_Demand | Stopped])
DRV - [2003/08/13 18:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Running])
DRV - [2003/09/15 13:20:18 | 00,011,258 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2007/09/05 04:03:00 | 00,049,664 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2005/03/03 13:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 11:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/01/13 19:40:28 | 00,612,032 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2009/08/19 12:11:27 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2005/01/03 15:55:34 | 00,155,405 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NetWare\srvloc.sys -- (SRVLOC [Auto | Running])
DRV - [2003/11/20 18:15:16 | 00,178,528 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2004/01/02 05:52:34 | 01,646,720 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand | Stopped])
DRV - [2008/01/07 13:36:16 | 02,216,064 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2003/10/14 22:05:48 | 00,679,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DD 17 B2 8C 22 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/26 15:33:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 17:00:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 16:37:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/13 14:32:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 09:18:56 | 00,000,000 | ---D | M]

[2009/08/24 15:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions
[2009/08/14 09:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/23 12:00:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/24 15:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\e6m6iza8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/05 07:46:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/13 14:32:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/13 14:34:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/24 16:37:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007/06/19 20:22:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com
[2009/08/13 14:32:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/03/05 18:08:04 | 00,061,440 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/13 14:32:28 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/08/13 14:32:28 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/08/13 14:32:28 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/08/13 14:32:30 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/08/13 14:32:30 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/24 16:37:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/13 14:32:42 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/13 14:32:51 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/13 14:32:51 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/24 00:12:00 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/13 14:32:51 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/13 14:32:51 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/13 14:32:51 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 Pro\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0 Pro\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NWTRAY] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\netware\NWWS2NDS.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\netware\NWWS2SAP.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\netware\NWWS2SLP.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1124832226067 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1133885287693 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-5b2448a5e5555cbf.spaces.live.co...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://raiseinstall.rockwellautomation.com...emand/setup.exe (InstallShield Setup Player 2K2)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 64.255.96.2 64.255.96.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/23 13:39:06 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/09/07 09:11:26 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/07 09:11:07 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\GeeksFix_9_07_09.doc
[2009/09/05 08:18:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sysprot
[2009/09/05 08:05:36 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/09/05 08:02:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks2
[2009/09/01 08:37:52 | 00,025,658 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.pdf
[2009/08/31 14:59:35 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.doc
[2009/08/27 07:56:14 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/27 07:56:14 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/27 07:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 07:48:06 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 07:42:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks
[2009/08/26 08:58:33 | 00,000,385 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Welcome to your control panel.url
[2009/08/25 15:18:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/25 14:50:26 | 03,254,000 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/08/25 08:07:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/08/25 08:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/24 16:37:31 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 16:37:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 16:37:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 16:37:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 16:37:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/24 16:03:32 | 00,000,253 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2009/08/24 15:55:13 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/08/24 15:53:34 | 00,796,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u15.exe
[2009/08/24 15:53:18 | 00,881,976 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/08/24 15:49:02 | 00,466,305 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.mht
[2009/08/24 15:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/08/24 15:39:11 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/08/24 15:39:09 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/08/24 15:39:09 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/08/24 15:39:01 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/08/24 15:38:59 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/08/24 15:38:59 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/08/24 15:38:59 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/08/24 15:38:59 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/08/24 15:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/08/24 15:38:53 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/08/24 15:38:53 | 00,350,130 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/24 15:38:04 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/08/24 15:38:04 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/08/24 15:38:04 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/08/24 15:37:19 | 34,055,048 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_80_298_000_en.exe
[2009/08/24 11:21:32 | 02,628,096 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rmtanat.exe
[2009/08/21 16:39:17 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/08/21 14:23:10 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/08/21 13:13:26 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/21 13:13:26 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/21 13:13:26 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/21 13:13:26 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/21 13:13:26 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/21 13:13:26 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/21 13:13:26 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/21 13:13:26 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/21 13:13:26 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/21 13:13:26 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/21 13:13:26 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/21 13:13:26 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/21 13:13:26 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/21 13:13:26 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/21 13:13:26 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/21 13:13:26 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/21 13:13:26 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/21 13:13:26 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/21 13:13:26 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/21 13:13:26 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/21 13:13:26 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/21 13:13:26 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/21 13:13:26 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/21 13:13:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/21 13:13:25 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/21 13:13:25 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/21 13:13:25 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/21 13:13:25 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/21 13:13:24 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/21 13:13:24 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/21 13:13:24 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/21 13:13:24 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/21 13:13:24 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/21 13:13:24 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/21 13:13:24 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/21 13:13:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/21 13:13:24 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/21 13:13:23 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/21 13:13:23 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/21 13:13:23 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/21 13:13:23 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/21 13:13:23 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/21 13:13:23 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/21 13:13:23 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/21 13:13:23 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/21 13:13:23 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/21 13:13:23 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/21 13:13:23 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/21 13:13:23 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/21 13:13:23 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/21 13:13:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/21 13:13:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/21 13:13:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/21 13:13:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/21 13:13:22 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/21 13:13:22 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/21 13:13:22 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/21 13:13:22 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/21 13:13:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/21 12:43:33 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/21 12:43:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/21 12:43:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/21 12:28:19 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\regxplor.dll
[2009/08/21 08:36:57 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/20 13:06:30 | 01,294,368 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/20 13:06:30 | 00,057,120 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/20 13:06:30 | 00,014,612 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/20 13:06:30 | 00,005,924 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/20 13:01:08 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Please help! Infected with Win32-Heur and Win32-Tanatos_M [RESOLVE.mht
[2009/08/20 12:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/08/20 12:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/20 12:43:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2009/08/20 12:32:13 | 00,000,000 | ---D | C] -- C:\Program Files\avg1
[2009/08/20 09:38:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/20 08:52:58 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/08/20 08:42:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CD_DVD Burners
[2009/08/19 14:00:12 | 00,022,183 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.pdf
[2009/08/19 13:56:05 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.doc
[2009/08/19 12:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/19 12:57:33 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/19 12:57:29 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/19 12:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/08/19 12:21:12 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2009/08/19 12:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/08/19 12:11:27 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/19 12:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2009/08/19 11:54:24 | 00,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2009/08/19 11:54:24 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/08/19 11:54:23 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2009/08/19 11:54:23 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2009/08/19 11:54:23 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2009/08/19 11:54:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2009/08/19 11:54:22 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/08/19 11:54:22 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/08/19 11:54:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/08/19 11:54:21 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/08/19 11:54:21 | 00,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner
[2009/08/19 11:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nero
[2009/08/19 11:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/08/19 11:39:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/08/19 11:39:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/08/19 07:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Recovery
[2009/08/18 13:51:00 | 00,082,923 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Recovery console for those without an XP disk.mht
[2009/08/18 12:34:34 | 00,296,972 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\recovery_console_cd.zip
[2009/08/18 09:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/18 09:15:14 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/18 09:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/18 09:15:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/18 09:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 09:12:07 | 00,480,519 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Appear to Have Trojan or TrojanS- Malware Bytes Won't Remove.mht
[2009/08/14 15:31:21 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/14 08:47:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/14 08:47:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/13 18:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2009/08/13 18:16:34 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 18:15:50 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/11 13:52:53 | 00,021,410 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ADM Redundant Dump Pit Shutdown Controller.pdf
[2009/02/27 01:08:24 | 00,075,576 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/04 18:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/11/27 17:50:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/31 09:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/19 21:51:59 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/07/19 20:42:21 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2007/06/19 20:29:29 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/03 08:31:28 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/12/10 17:32:16 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/07/26 07:55:49 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/24 17:53:36 | 00,001,635 | ---- | C] () -- C:\WINDOWS\System32\MRCVersion.ini
[2006/02/23 14:40:20 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vrcomp.dll
[2006/02/23 14:40:19 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\vrupcfg.dll
[2006/02/23 14:40:19 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\VrCAB.dll
[2006/02/23 14:40:18 | 00,299,008 | ---- | C] () -- C:\WINDOWS\VrEncDec.dll
[2006/02/23 14:40:18 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\VrEncDec.dll
[2006/02/23 14:40:18 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\Vrazrar.dll
[2006/02/23 14:40:16 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\VMSLog.dll
[2006/02/23 14:40:16 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Vrazace.dll
[2006/02/23 14:40:15 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VrExpJpn.dll
[2006/02/21 12:42:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/02/08 12:12:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2006/02/06 11:34:03 | 00,251,420 | ---- | C] () -- C:\WINDOWS\System32\FarLsp.dll
[2006/02/06 11:34:03 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\WipeAllCom.dll
[2006/02/06 11:34:03 | 00,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2005/11/30 17:50:02 | 00,000,062 | ---- | C] () -- C:\WINDOWS\abecad.ini
[2005/11/30 17:49:27 | 00,000,490 | ---- | C] () -- C:\WINDOWS\fw.ini
[2005/11/14 18:28:36 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/11/14 10:22:45 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/11/14 10:22:45 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/11/14 10:22:45 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/11/04 09:03:41 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/11/04 09:03:41 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/11/04 09:03:41 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/11/04 09:03:33 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2005/11/04 09:03:33 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2005/11/04 09:03:33 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2005/11/04 09:03:32 | 00,009,015 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2005/11/04 09:03:06 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/10/16 15:16:07 | 00,000,035 | ---- | C] () -- C:\WINDOWS\worldbuilder.INI
[2005/09/19 10:15:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\esmain.INI
[2005/09/03 21:25:21 | 00,000,515 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/03 09:19:56 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2005/08/25 12:29:53 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/24 17:43:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\csmain.INI
[2005/08/24 17:43:10 | 00,005,597 | ---- | C] () -- C:\WINDOWS\HEIDB.INI
[2005/08/24 17:42:31 | 00,004,257 | ---- | C] () -- C:\WINDOWS\DS400.INI
[2005/08/24 13:19:57 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/24 11:09:30 | 00,299,454 | ---- | C] () -- C:\WINDOWS\ALLSIM.INI
[2005/08/24 11:09:30 | 00,061,268 | ---- | C] () -- C:\WINDOWS\BIUTILSM.INI
[2005/08/24 11:09:30 | 00,057,969 | ---- | C] () -- C:\WINDOWS\SIMSIM.INI
[2005/08/24 11:09:30 | 00,000,580 | ---- | C] () -- C:\WINDOWS\Common.ini
[2005/08/24 11:09:29 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll
[2005/08/24 11:09:28 | 00,000,645 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2005/08/24 11:09:15 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2005/08/23 12:39:20 | 00,005,030 | ---- | C] () -- C:\WINDOWS\Constructor2003.ini
[2005/08/23 12:35:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/23 12:14:36 | 00,001,467 | ---- | C] () -- C:\WINDOWS\EDS.ini
[2005/08/23 12:14:36 | 00,000,260 | ---- | C] () -- C:\WINDOWS\Rocksoft.ini
[2005/08/23 08:03:25 | 00,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2005/08/22 16:33:40 | 00,000,032 | ---- | C] () -- C:\WINDOWS\EVMOVE.INI
[2005/08/22 16:22:10 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll
[2005/02/25 18:20:30 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/02/10 17:44:40 | 00,245,839 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/01/14 10:01:40 | 00,226,304 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2004/10/05 18:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/06/26 05:21:18 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/06/23 15:45:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/23 13:51:17 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/22 18:19:37 | 00,000,878 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/22 18:19:37 | 00,000,500 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/06/22 18:19:10 | 00,000,929 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/06/22 18:19:05 | 00,000,306 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/08/07 15:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/28 19:04:22 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/03/27 15:18:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\akrip.dll
[2003/02/05 17:31:42 | 00,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2002/03/18 13:37:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\mwmp3enc.dll
[2001/10/04 15:40:54 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2000/01/20 10:15:14 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/06/30 05:48:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/11 05:37:36 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 10:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 09:36:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/09/07 09:21:40 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BD3D44B5-EE7C-46BA-BADE-4B5FC39C0C79}.job
[2009/09/07 09:14:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/07 09:13:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/07 09:13:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/07 09:11:08 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\GeeksFix_9_07_09.doc
[2009/09/03 23:00:00 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/09/01 08:39:49 | 00,025,658 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.pdf
[2009/09/01 08:36:28 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Challenger_Door_Plt2_Laminator.doc
[2009/08/27 07:56:14 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/08/27 07:56:14 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/08/26 08:58:33 | 00,000,385 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Welcome to your control panel.url
[2009/08/25 15:16:16 | 00,000,306 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/25 14:50:35 | 03,254,000 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/08/25 14:39:07 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/08/24 16:44:53 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.url
[2009/08/24 16:37:10 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/24 16:37:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 16:37:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 16:37:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 16:37:10 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 16:23:30 | 00,796,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u15.exe
[2009/08/24 15:53:22 | 00,881,976 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/08/24 15:49:06 | 00,466,305 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UPDATED 8-step Viruses-Spyware-Malware Preliminary Removal Instructions - TechSpot OpenBoards.mht
[2009/08/24 15:41:23 | 00,350,130 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/24 15:39:19 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/24 15:37:39 | 34,055,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\zaSetup_80_298_000_en.exe
[2009/08/24 15:36:19 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2009/08/24 11:21:59 | 02,628,096 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rmtanat.exe
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/21 14:23:12 | 00,000,929 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/21 14:23:12 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/21 13:06:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/21 11:51:34 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/08/20 17:13:55 | 01,294,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/20 17:12:05 | 00,057,120 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/20 15:09:48 | 00,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/20 15:08:35 | 00,005,924 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/20 15:08:34 | 00,014,612 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/20 13:19:36 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009/08/20 13:01:08 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Please help! Infected with Win32-Heur and Win32-Tanatos_M [RESOLVE.mht
[2009/08/19 14:06:10 | 00,022,183 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.pdf
[2009/08/19 13:58:01 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Stephanie.doc
[2009/08/19 12:57:33 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/19 12:21:12 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys
[2009/08/19 12:21:12 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SoundTap Streaming Audio Recorder.lnk
[2009/08/19 12:11:27 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/18 13:51:01 | 00,082,923 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Recovery console for those without an XP disk.mht
[2009/08/18 12:34:35 | 00,296,972 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\recovery_console_cd.zip
[2009/08/18 09:12:19 | 00,480,519 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Appear to Have Trojan or TrojanS- Malware Bytes Won't Remove.mht
[2009/08/14 16:16:36 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/14 16:16:36 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/14 15:31:21 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/14 15:03:12 | 00,005,030 | ---- | M] () -- C:\WINDOWS\Constructor2003.ini
[2009/08/14 08:47:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/14 08:47:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/11 13:52:53 | 00,021,410 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ADM Redundant Dump Pit Shutdown Controller.pdf
< End of report >

Malwarebytes' Anti-Malware 1.40
Database version: 2750
Windows 5.1.2600 Service Pack 3

9/7/2009 10:03:19 AM
mbam-log-2009-09-07 (10-02-21).txt

Scan type: Quick Scan
Objects scanned: 100952
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Okay, after a bit of trouble, I've finished the AVZ scans ...
Your link doesn't seem to be accurate/uptodate, and the menu options were slightly different than you spelled out. I downloaded Version 4.32 through a mirror listed elsewhere on the z-oleg site you had hyperlinked. I was unable to run AVZ because within about 3-5 seconds after I double-clicked on it, it shutdown. I renamed AVZ.exe to AVX.exe and it ran fine. I updated the database and here are the results:


Here is the first (Cure) scan:

AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 9/7/2009 10:37:21 AM
Database loaded: signatures - 240420, NN profile(s) - 2, malware removal microprograms - 56, signature database released 06.09.2009 21:47
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 138926
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083220)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A220
KiST = 804E26A8 (284)
Function NtCreateFile (25) intercepted (8056CDC0->EE02FC80), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateKey (29) intercepted (8057065D->EE04A170), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteFile (3E) intercepted (805D801B->EE030210), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteKey (3F) intercepted (805952CA->EE04A9F0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteValueKey (41) intercepted (80592D5C->EE04A7A0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateKey (47) intercepted (80570D64->F7385CA2), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateValueKey (49) intercepted (80590677->F7386030), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey (62) intercepted (805AED6D->EE04AF10), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey2 (63) intercepted (805AEBAA->EE04AF90), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenFile (74) intercepted (8056CD5B->EE030070), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenKey (77) intercepted (80568D59->F73670C0), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryKey (A0) intercepted (80570A6D->F7386108), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (8056A1F2->F7385F88), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtRenameKey (C0) intercepted (8064E77C->EE04B6F0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (C1) intercepted (8064F0DC->EE04B150), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (CC) intercepted (8064EC71->EE04B540), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetInformationFile (E0) intercepted (8057494A->EE030440), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (80572889->EE04A4E0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 284, intercepted: 18, restored: 18
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
CmpCallCallBacks = 0013A76A
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 857491F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_CREATE] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_CLOSE] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_WRITE] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_EA] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_EA] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_PNP] = 85576500 -> hook not defined
\driver\tcpip[IRP_MJ_CREATE] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_CLOSE] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_DEVICE_CONTROL] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_CLEANUP] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
Checking - complete
2. Scanning RAM
Number of processes found: 32
Number of modules loaded: 354
Scanning RAM - complete
3. Scanning disks
C:\Program Files\AutomationDirect\C-more\EANumericEntry.dll >>> suspicion for AdvWare.WinFetcher.f ( 00786601 00000000 00150830 001BAF99 53248)
File quarantined succesfully (C:\Program Files\AutomationDirect\C-more\EANumericEntry.dll)
C:\Program Files\Rockwell Software\RSLINX\DNWHOPS.DLL >>> suspicion for Trojan.Win32.AntiAV.atk ( 006D9DD0 00000000 001A08E2 00200BA9 61440)
File quarantined succesfully (C:\Program Files\Rockwell Software\RSLINX\DNWHOPS.DLL)
C:\WINDOWS\Installer\3d1c50b.msi/{MS-OLE}/\16 >>> suspicion for Trojan.Win32.Delf.bvq ( 0A27A310 044A8123 0022EAE5 001FF791 42496)
File quarantined succesfully (C:\WINDOWS\Installer\3d1c50b.msi)
Direct reading: C:\WINDOWS\system32\drivers\sptd.sys
C:\_OTS\MovedFiles\09052009_080536\C_Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.msi/{MS-OLE}/\16 >>> suspicion for Trojan.Win32.Delf.bvq ( 0A27A310 044A8123 0022EAE5 001FF791 42496)
File quarantined succesfully (C:\_OTS\MovedFiles\09052009_080536\C_Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.msi)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
>>> Attention - Task Manager is blocked
>>> Attention - Registry Editor is blocked
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal SCR files association
>> Blocked: Registry Editor
>> Blocked: Task Manager
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 178098, extracted from archives: 144604, malicious software found 0, suspicions - 4
Scanning finished at 9/7/2009 11:13:13 AM
!!! Attention !!! Restored 18 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 00:35:54
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
System Analysis - complete



Here is the last (Check) scan:

AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 9/7/2009 10:37:21 AM
Database loaded: signatures - 240420, NN profile(s) - 2, malware removal microprograms - 56, signature database released 06.09.2009 21:47
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 138926
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083220)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A220
KiST = 804E26A8 (284)
Function NtCreateFile (25) intercepted (8056CDC0->EE02FC80), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtCreateKey (29) intercepted (8057065D->EE04A170), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteFile (3E) intercepted (805D801B->EE030210), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteKey (3F) intercepted (805952CA->EE04A9F0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtDeleteValueKey (41) intercepted (80592D5C->EE04A7A0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateKey (47) intercepted (80570D64->F7385CA2), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateValueKey (49) intercepted (80590677->F7386030), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey (62) intercepted (805AED6D->EE04AF10), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtLoadKey2 (63) intercepted (805AEBAA->EE04AF90), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenFile (74) intercepted (8056CD5B->EE030070), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenKey (77) intercepted (80568D59->F73670C0), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryKey (A0) intercepted (80570A6D->F7386108), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (8056A1F2->F7385F88), hook spnm.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtRenameKey (C0) intercepted (8064E77C->EE04B6F0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtReplaceKey (C1) intercepted (8064F0DC->EE04B150), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtRestoreKey (CC) intercepted (8064EC71->EE04B540), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetInformationFile (E0) intercepted (8057494A->EE030440), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (80572889->EE04A4E0), hook C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 284, intercepted: 18, restored: 18
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
CmpCallCallBacks = 0013A76A
Disable callback OK
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 857491F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 857491F8 -> hook not defined
\FileSystem\FastFat[IRP_MJ_CREATE] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_CLOSE] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_WRITE] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_EA] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_EA] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_QUERY_VOLUME_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_SET_VOLUME_INFORMATION] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_DIRECTORY_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_FILE_SYSTEM_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_DEVICE_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_LOCK_CONTROL] = 85576500 -> hook not defined
\FileSystem\FastFat[IRP_MJ_PNP] = 85576500 -> hook not defined
\driver\tcpip[IRP_MJ_CREATE] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_CLOSE] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_DEVICE_CONTROL] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
\driver\tcpip[IRP_MJ_CLEANUP] = EE057880 -> C:\WINDOWS\System32\vsdatant.sys, driver recognized as trusted
Checking - complete
2. Scanning RAM
Number of processes found: 32
Number of modules loaded: 354
Scanning RAM - complete
3. Scanning disks
C:\Program Files\AutomationDirect\C-more\EANumericEntry.dll >>> suspicion for AdvWare.WinFetcher.f ( 00786601 00000000 00150830 001BAF99 53248)
File quarantined succesfully (C:\Program Files\AutomationDirect\C-more\EANumericEntry.dll)
C:\Program Files\Rockwell Software\RSLINX\DNWHOPS.DLL >>> suspicion for Trojan.Win32.AntiAV.atk ( 006D9DD0 00000000 001A08E2 00200BA9 61440)
File quarantined succesfully (C:\Program Files\Rockwell Software\RSLINX\DNWHOPS.DLL)
C:\WINDOWS\Installer\3d1c50b.msi/{MS-OLE}/\16 >>> suspicion for Trojan.Win32.Delf.bvq ( 0A27A310 044A8123 0022EAE5 001FF791 42496)
File quarantined succesfully (C:\WINDOWS\Installer\3d1c50b.msi)
Direct reading: C:\WINDOWS\system32\drivers\sptd.sys
C:\_OTS\MovedFiles\09052009_080536\C_Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.msi/{MS-OLE}/\16 >>> suspicion for Trojan.Win32.Delf.bvq ( 0A27A310 044A8123 0022EAE5 001FF791 42496)
File quarantined succesfully (C:\_OTS\MovedFiles\09052009_080536\C_Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.msi)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
>>> Attention - Task Manager is blocked
>>> Attention - Registry Editor is blocked
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal SCR files association
>> Blocked: Registry Editor
>> Blocked: Task Manager
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 178098, extracted from archives: 144604, malicious software found 0, suspicions - 4
Scanning finished at 9/7/2009 11:13:13 AM
!!! Attention !!! Restored 18 KiST functions during Anti-Rootkit operation
This may affect execution of certain software, so it is strongly recommended to reboot
Time of scanning: 00:35:54
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
System Analysis - complete

... at this point I see no difference in the machine, still same symptoms. I know we are making progress though!

Hello,


Thanks for the heads up on the link.


Running ComboFix without supervision from a trained person is a risky move. Sometimes things can go wrong when running it and could possibly stop your computer from booting up.


Please don't run anymore tool's on your own while we work in your PC.



Since you have already ran ComboFix, can you post that log aswell. It will be located at C:\combofix.txt


Can you please attach the AVZ .HTML file into this thread. Also could you run the second part of the AVZ and attach that log aswell.


In your next reply attach both AVZ logs and post the CF log.

If you do not know how to attach a file, follow the instructions in my previous post.

This post has been edited by jwang01: Sep 7 2009, 10:08 PM

 avz_log_9_07_09_Cure.txt ( 10.82K ) Number of downloads: 51
 avz_log_9_07_09_Check.txt ( 9.04K ) Number of downloads: 69
No problem, here is the combofix log from 8/25. I did attach (copy/paste) the AVZ reports. They aren't html's anymore, just .txt files. They are named the same name for either report... In my previous post they are both copy/pasted. The first report I labeled 'cure', the second I labeled 'Check'. I will attach both to this post for you also though.

Combofix log:

ComboFix 09-08-24.06 - owner 08/25/2009 15:02.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.188 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: The Shield Deluxe 2009 Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: The Shield Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://media.townhallstore.com
.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 12:07 . 2009-08-25 12:07 -------- d-----w- c:\program files\Trend Micro
2009-08-24 20:37 . 2009-08-24 20:37 -------- d-----w- c:\program files\Java
2009-08-24 20:03 . 2009-08-24 20:36 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-24 19:55 . 2009-08-24 19:55 -------- d-----w- c:\program files\CCleaner
2009-08-24 19:41 . 2009-08-24 19:41 -------- d-----w- c:\program files\AskBarDis
2009-08-24 19:39 . 2009-02-16 04:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-24 19:39 . 2009-02-16 04:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-24 19:38 . 2009-08-24 19:38 -------- d-----w- c:\program files\Zone Labs
2009-08-24 19:38 . 2009-02-16 04:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-21 16:28 . 2002-07-02 13:15 299008 ----a-w- c:\windows\system32\regxplor.dll
2009-08-21 12:49 . 2009-08-21 12:49 -------- d-----w- c:\documents and settings\Rog\Application Data\Malwarebytes
2009-08-20 19:13 . 2009-08-20 19:13 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-20 17:06 . 2009-08-20 21:13 1294368 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-20 17:06 . 2009-08-20 21:12 57120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-20 16:45 . 2009-08-20 20:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-20 16:45 . 2009-08-20 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-20 16:43 . 2009-08-20 16:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-08-20 16:32 . 2009-08-21 16:36 -------- d-----w- c:\program files\avg1
2009-08-20 15:17 . 2009-08-20 15:17 -------- d-sh--w- c:\documents and settings\Rog\PrivacIE
2009-08-20 15:16 . 2009-08-20 15:17 -------- d-----w- c:\documents and settings\Rog\Local Settings\Application Data\Google
2009-08-20 15:09 . 2009-08-20 15:09 -------- d-----w- c:\documents and settings\Rog\Local Settings\Application Data\Adobe
2009-08-20 12:52 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll
2009-08-19 16:58 . 2009-08-25 15:32 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-19 16:57 . 2009-08-19 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-19 16:57 . 2009-08-21 20:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-19 16:57 . 2009-08-19 16:57 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-19 16:20 . 2009-08-19 16:21 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-19 16:11 . 2009-08-19 16:11 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-19 16:11 . 2009-08-19 16:11 -------- d-----w- c:\program files\LSoft Technologies
2009-08-19 15:54 . 1998-07-13 21:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2009-08-19 15:54 . 2005-03-11 22:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-08-19 15:54 . 2005-02-24 17:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-08-19 15:54 . 2005-02-24 16:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-08-19 15:54 . 1998-07-13 02:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-08-19 15:54 . 2000-10-01 22:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-08-19 15:54 . 1998-07-13 02:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-19 15:54 . 1998-07-12 22:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-08-19 15:54 . 2009-08-20 12:24 -------- d-----w- c:\program files\Free Easy Burner
2009-08-19 15:54 . 2003-04-18 19:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-08-19 15:43 . 2009-08-19 15:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-08-19 15:40 . 2009-08-19 15:41 -------- d-----w- c:\program files\Nero
2009-08-19 15:39 . 2009-08-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-19 15:39 . 2009-08-19 15:42 -------- d-----w- c:\program files\Common Files\Nero
2009-08-18 13:15 . 2009-08-18 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-08-18 13:15 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 13:15 . 2009-08-18 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 13:15 . 2009-08-18 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 13:15 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 22:15 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 20:53 . 2009-08-13 20:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-07 21:03 . 2009-08-07 21:03 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-06 14:20 . 2009-08-20 19:05 -------- d-----w- c:\program files\AutoCAD 2009
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 14:28 . 2006-02-06 15:31 -------- d-----w- c:\program files\PCSecurityShield
2009-08-24 20:41 . 2008-02-15 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo
2009-08-24 20:37 . 2008-12-19 13:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-24 19:58 . 2005-08-23 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 19:40 . 2009-08-24 19:40 8192 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-08-24 19:40 . 2009-08-24 19:40 1305088 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-08-24 19:40 . 2009-08-24 19:40 936960 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-08-24 19:40 . 2009-08-24 19:40 8192 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-08-24 19:39 . 2005-08-22 21:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-24 13:13 . 2005-08-22 21:56 -------- d-----w- c:\program files\Google
2009-08-21 21:06 . 2008-09-18 21:50 -------- d-----w- c:\documents and settings\Owner\Application Data\IGN_DLM
2009-08-21 20:52 . 2004-06-23 18:11 -------- d-----w- c:\program files\QuickTime
2009-08-21 20:51 . 2008-11-12 13:34 -------- d-----w- c:\program files\MP3 Workshop
2009-08-21 19:30 . 2008-11-14 13:45 1503232 ----a-w- c:\documents and settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFYTMEAEAJNEAJINXETAGEDIFFFFFF0\MediaJoin.exe
2009-08-21 19:06 . 2007-03-30 17:37 184832 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{D403FC26-C620-4697-B645-30F24B7638AB}\setup.exe
2009-08-21 19:06 . 2009-04-10 17:57 184832 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{81D808BC-3456-4431-A010-A992974DA97C}\setup.exe
2009-08-21 19:02 . 2009-04-10 17:58 1318912 ----a-w- c:\documents and settings\Owner\Application Data\AutomationDirect\C-more\EA-Run.exe
2009-08-21 19:02 . 2009-04-10 17:57 2818048 ----a-w- c:\documents and settings\Owner\Application Data\AutomationDirect\C-more\EA-PGM.exe
2009-08-21 18:57 . 2007-09-20 22:17 360448 -c--a-w- c:\documents and settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\AcrobatUpd709_all_incr.exe
2009-08-21 18:57 . 2007-09-20 22:16 360448 -c--a-w- c:\documents and settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\AcrobatUpd708_all_incr.exe
2009-08-21 18:57 . 2006-04-18 13:19 368640 -c--a-w- c:\documents and settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\AcrobatUpd707_all_incr.exe
2009-08-20 19:08 . 2009-08-20 17:06 5924 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-20 19:08 . 2009-08-20 17:06 14612 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-20 18:39 . 2005-11-04 12:44 -------- d-----w- c:\program files\AutoCAD 2004
2009-08-20 18:33 . 2008-11-14 12:35 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-08-20 18:33 . 2008-11-14 12:26 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2009-08-20 17:19 . 2004-06-23 18:21 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-08-20 15:07 . 2009-08-20 15:07 62792 ----a-w- c:\documents and settings\Rog\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 16:57 . 2008-12-17 13:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-19 16:21 . 2007-11-20 20:24 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys
2009-08-19 16:11 . 2004-06-23 17:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 20:02 . 2005-08-23 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 18:28 . 2008-01-04 19:06 -------- d-----w- c:\program files\Support Tools
2009-08-06 14:45 . 2005-11-04 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-08-06 14:42 . 2005-08-22 21:42 62728 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 14:30 . 2005-11-29 16:55 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-08-06 14:20 . 2005-11-04 12:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Autodesk
2009-08-05 09:01 . 2002-12-12 07:14 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:33 . 2009-04-27 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 13:30 . 2005-08-23 16:33 5058 -c--a-w- c:\windows\Help\hhcolreg.dat
2009-07-17 19:01 . 2004-06-22 22:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-06-23 17:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-06-18 04:49 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2009-04-16 21:03 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-06-22 22:19 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-06-22 22:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-06-22 22:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-06-22 22:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-06-22 22:18 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-06-22 22:19 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-06-22 22:18 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-06-22 22:19 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-06-22 22:18 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-06-23 17:34 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-06-22 22:19 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 16:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-03-05 22:08 . 2009-04-27 13:22 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-08-13 18:32 . 2007-06-20 00:22 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-13 18:32 . 2007-06-20 00:22 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-13 18:32 . 2007-08-10 13:18 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-13 18:32 . 2007-08-10 13:18 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-13 18:32 . 2007-06-20 00:22 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-21_17.06.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 14:29 . 2009-08-25 14:29 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
+ 2009-08-25 19:15 . 2009-08-25 19:15 16384 c:\windows\Temp\Perflib_Perfdata_10f4.dat
+ 2009-08-24 19:39 . 2009-02-16 04:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-08-24 19:39 . 2008-11-17 06:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-08-24 19:39 . 2009-02-16 04:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 35208 c:\windows\system32\vswmi.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 58248 c:\windows\system32\vsregexp.dll
+ 2009-08-24 19:38 . 2009-08-24 19:38 62464 c:\windows\Installer\86cec5.msi
+ 2009-08-24 19:39 . 2009-02-16 04:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 09:23 . 2008-07-29 09:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 09:23 . 2008-07-29 09:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 07:51 . 2008-07-29 07:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-08-24 19:39 . 2007-10-11 20:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-08-24 19:39 . 2008-11-17 06:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-08-24 19:39 . 2008-11-17 06:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-08-24 19:38 . 2009-02-04 22:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-08-24 19:39 . 2008-03-17 20:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 109960 c:\windows\system32\vsxml.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 482184 c:\windows\system32\vsutil.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 229256 c:\windows\system32\vsinit.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-08-24 19:38 . 2009-02-16 04:10 110472 c:\windows\system32\vsdata.dll
+ 2009-08-24 20:37 . 2009-08-24 20:37 149280 c:\windows\system32\javaws.exe
+ 2009-08-24 20:37 . 2009-08-24 20:37 145184 c:\windows\system32\javaw.exe
+ 2009-08-24 20:37 . 2009-08-24 20:37 145184 c:\windows\system32\java.exe
+ 2009-08-24 20:37 . 2009-08-24 20:37 537600 c:\windows\Installer\8caac.msi
+ 2009-08-24 19:39 . 2009-02-16 04:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-08-24 19:38 . 2009-02-16 04:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-08-24 19:39 . 2008-11-17 06:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-08-24 19:39 . 2009-02-16 04:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-08-24 19:39 . 2008-12-15 05:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-08-24 19:39 . 2008-12-15 05:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-24 227104]
"NWTRAY"="NWTRAY.EXE" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 139316]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 23:49 110592 ------w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
backup=c:\windows\pss\RCA Detective.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSSERV"=2 (0x2)
"LIVESRV"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\Windows Media Player\\wmdbexport.exe"=
"c:\\WINDOWS\\system32\\msfeedssync.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0 Pro\\Distillr\\Acrotray.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 7.0 Pro\\Acrobat\\acrobat_sl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:Port 135 TCP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/24/2009 3:41 PM 464264]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\olnmoq.sys --> c:\windows\system32\drivers\olnmoq.sys [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 dcamx;dcamx;c:\windows\system32\drivers\wfugoqm.sys --> c:\windows\system32\drivers\wfugoqm.sys [?]
S2 vouioeniqurbml;vouioeniqurbml;\??\c:\windows\system32\drivers\pdshtuskhzmg.sys --> c:\windows\system32\drivers\pdshtuskhzmg.sys [?]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [6/3/2004 4:08 AM 71448]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?]
S3 kyceusb;kyceusb;c:\windows\system32\DRIVERS\kyceusb.sys --> c:\windows\system32\DRIVERS\kyceusb.sys [?]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [6/3/2004 4:08 AM 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [6/3/2004 4:08 AM 30166]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [6/3/2004 4:08 AM 155440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-23 19:31]

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{BD3D44B5-EE7C-46BA-BADE-4B5FC39C0C79}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.foxnews.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://raiseinstall.rockwellautomation.com/ecad-ondemand/setup.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e6m6iza8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\LgNotify.dll
.
Completion time: 2009-08-25 15:23
ComboFix-quarantined-files.txt 2009-08-25 19:23
ComboFix2.txt 2009-08-24 13:00
ComboFix3.txt 2009-08-21 17:17
ComboFix4.txt 2009-02-20 19:35

Pre-Run: 26,779,648,000 bytes free
Post-Run: 26,725,322,752 bytes free

384 --- E O F --- 2009-08-14 20:04  ComboFix.txt ( 30.76K ) Number of downloads: 54

Please note:

I have not ran any scans or fixes other than what you prescribe since I asked for help from this site, I do realise how important that is

Hello,



The first thing we need to do is fix your SafeBoot Key. Please do the following

• Please download SafeBoot Repair here by sUBs
• Close all windows and programs.
• Double click the SafeBootKeyRepair.exe and allow it to run.

Next



I need to see the correct AVZ logs. In the AVZ folder, there should be another folder called Logs. In that, there should be .zip files from when you ran the scans. I need you to post those as an atachment so I can look at the correct logs.

Ahhhhh ok, I see them there. I will send them in a minute, let me run the safeboot fix...