[dnorquest]

Thank you for addressing this. I recently had a couple of Trojans and similar infections on my computer the prevented me from running my anti-virus software. After running SDfix, I was able to run Malwarebytes (and many other scanners) and clean up the infection. I am posting here to see if there are other infections lurking, or if I have a clean bill of health. Once again, thank you for your time.

Malwarebytes' Anti-Malware 1.40
Database version: 2604
Windows 5.1.2600 Service Pack 3

8/11/2009 4:04:52 PM
mbam-log-2009-08-11 (16-04-52).txt

Scan type: Quick Scan
Objects scanned: 96710
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 15:55
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA73F7000 Size: 471040 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7DBA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa74726b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7472574

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xa7e2c97c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xa7e2c98b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7472a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa747214c

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xa7e2c99a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa747264e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa747208c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa74720f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa747276e

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xa7e2c9a4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa747272e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa74728ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xad1b60b0

==EOF==

OTL logfile created on: 8/11/2009 3:59:55 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Doug\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.44 Gb Available in Paging File | 85.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.27 Gb Total Space | 170.71 Gb Free Space | 58.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Doug
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/03/04 12:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2004/03/04 12:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/08/10 20:20:42 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/12/04 11:57:38 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe
PRC - [2009/07/09 12:15:38 | 00,065,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/08/05 16:06:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\4df29645-1dfc-4465-8ce1-7ae7fd435d53.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/07/09 18:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
PRC - [2008/12/15 13:31:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/07/09 12:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/07/09 12:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/07/03 10:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/06/13 14:23:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/11 15:58:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/12/04 11:57:38 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/08/10 20:20:42 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/07/09 18:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/01/19 23:52:32 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/01/19 23:52:32 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/07/10 09:18:14 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/12/15 13:31:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2004/03/04 12:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/07/09 12:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2009/07/09 12:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.udel.edu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/15 13:31:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/10 15:46:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 14:23:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 14:23:02 | 00,000,000 | ---D | M]

[2008/11/21 02:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\mozilla\Extensions
[2008/11/21 02:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/11 13:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\mozilla\Firefox\Profiles\dw0be5ru.default\extensions
[2009/08/10 17:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\mozilla\Firefox\Profiles\dw0be5ru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/11 13:51:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 14:23:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/19 15:04:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/15 18:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/01/07 19:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/31 00:54:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/15 13:31:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/06/13 14:23:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 14:23:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/06/22 11:09:54 | 00,396,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npagent.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/12/15 13:31:49 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/07/10 09:18:10 | 00,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npitunes.dll
[2009/06/13 14:23:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/07/20 22:41:51 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/07/20 22:41:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/07/20 22:41:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/07/20 22:41:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/07/20 22:41:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/07/20 22:41:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/07/20 22:41:52 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/17 14:08:17 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\4df29645-1dfc-4465-8ce1-7ae7fd435d53.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03cc1c96-c045-11d9-9ff2-00132002aa5b}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe -- File not found
O33 - MountPoints2\{03cc1c97-c045-11d9-9ff2-00132002aa5b}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe -- File not found
O33 - MountPoints2\{2805380e-fd3b-11d9-a004-00132002aa5b}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/11 15:58:15 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe
[2009/08/11 15:53:38 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\RootRepeal.zip
[2009/08/11 00:51:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/11 00:48:37 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\SpywareBlaster.lnk
[2009/08/11 00:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/08/11 00:18:44 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/11 00:18:44 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/10 17:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Application Data\AVG8
[2009/08/10 17:31:23 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/08/10 17:30:52 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/08/10 17:30:52 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/08/10 17:30:51 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/08/10 17:30:51 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/08/10 17:30:46 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/08/10 17:30:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/08/10 17:27:33 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/10 17:27:32 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/10 17:27:32 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/10 17:27:31 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/10 17:27:29 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/10 17:27:28 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/10 17:27:28 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/10 17:27:28 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/10 17:27:28 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/10 17:26:55 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/10 17:26:55 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/10 17:26:33 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/10 17:21:34 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/10 17:14:02 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/10 17:13:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/10 17:13:49 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/10 17:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/08/10 16:57:47 | 32,192,88064 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/10 15:03:46 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\Spybot - Search & Destroy.lnk
[2009/08/10 14:56:49 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\HijackThis.lnk
[2009/08/10 14:56:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/10 12:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/10 12:33:44 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/10 12:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/10 12:33:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Application Data\SUPERAntiSpyware.com
[2009/08/10 11:51:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Application Data\Malwarebytes
[2009/08/10 02:12:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/08/10 02:09:29 | 06,881,824 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\fffffff.exe
[2009/08/10 02:07:17 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/08/10 01:25:31 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/10 01:25:27 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/10 01:25:26 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/10 01:25:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ma
[2009/08/10 01:05:29 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\fireball344.exe
[2009/08/10 01:00:33 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\TFC.exe
[2009/08/10 00:53:20 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Doug\Desktop\HJTInstall.exe
[2009/08/08 18:57:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/07/29 23:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/29 19:11:42 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Doug\Desktop\avast_home_setup.exe
[2009/07/29 19:11:08 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\setup.exe
[2009/07/29 19:09:13 | 08,060,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Doug\Desktop\rminstall.exe
[2009/07/28 18:06:33 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT

========== Files - Modified Within 14 Days ==========

[2009/08/11 15:58:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe
[2009/08/11 15:53:53 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\RootRepeal.zip
[2009/08/11 01:58:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/11 01:57:41 | 00,206,345 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/11 01:57:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/11 01:56:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/11 01:02:35 | 32,192,88064 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 01:01:55 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/08/11 01:01:55 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/08/11 01:01:55 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/08/11 01:01:55 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/08/11 01:01:55 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/08/11 00:48:37 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\SpywareBlaster.lnk
[2009/08/11 00:18:44 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/11 00:18:44 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/10 17:31:23 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/08/10 17:27:33 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/10 17:27:28 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/10 17:17:29 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/10 17:13:49 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/10 15:53:29 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/08/10 15:03:46 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\Spybot - Search & Destroy.lnk
[2009/08/10 14:56:49 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\HijackThis.lnk
[2009/08/10 12:34:31 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/10 02:10:01 | 06,881,824 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\fffffff.exe
[2009/08/10 01:25:31 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/10 01:05:47 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\fireball344.exe
[2009/08/10 01:00:33 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\TFC.exe
[2009/08/10 00:53:25 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Doug\Desktop\HJTInstall.exe
[2009/08/08 14:43:40 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/29 19:11:53 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doug\Desktop\setup.exe
[2009/07/29 19:11:53 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Doug\Desktop\avast_home_setup.exe
[2009/07/29 19:11:47 | 08,060,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Doug\Desktop\rminstall.exe

========== LOP Check ==========

[2009/08/11 00:51:13 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/10 17:13:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/08/25 23:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aspen Publishers
[2008/10/14 20:02:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2005/05/08 04:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
[2009/02/28 14:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\foldit
[2008/05/28 13:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2005/04/22 17:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2005/08/09 21:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/04/22 16:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/08/11 00:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/07 19:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/10 17:34:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data
[2006/02/20 19:55:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\.bittorrent
[2009/07/18 16:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Aim
[2009/07/18 15:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Auslogics
[2008/08/25 19:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\BearShare
[2009/05/04 13:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\BitTorrent
[2005/08/30 08:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Corel
[2005/05/03 21:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\CyberLink
[2005/12/25 02:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Flickr
[2007/06/13 18:33:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\GetRightToGo
[2005/12/27 20:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\iPodSoft
[2005/04/30 03:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Leadertech
[2006/02/15 19:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\LucasArts
[2007/06/11 22:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\My Games
[2006/02/15 19:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Petroglyph
[2005/10/15 21:59:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\System Requirements Lab
[2009/03/09 01:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\SystemRequirementsLab
[2007/06/13 18:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Turbine
[2009/05/02 15:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\uTorrent
[2007/03/17 13:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Ventrilo
[2007/01/18 18:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Viewpoint
[2009/08/10 17:17:29 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/07/22 15:57:58 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/11 01:57:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTL Extras logfile created on: 8/11/2009 3:59:55 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Doug\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.44 Gb Available in Paging File | 85.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.27 Gb Total Space | 170.71 Gb Free Space | 58.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: Doug
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\PROGRA~1\MOZILL~1.7\MOZILLA.EXE File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:wow
"6112:TCP" = 6112:TCP:*:Enabled:wow
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"7324:TCP" = 7324:TCP:*:Enabled:7324
"3712:TCP" = 3712:TCP:*:Enabled:bit

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\World of Warcraft\WoW-1.4.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.NET.4.6.1740.37410\Swapper.exe" = C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.NET.4.6.1740.37410\Swapper.exe:*:Enabled:Swapper.NET -- File not found
"C:\Program Files\Kiwi Alpha\KiwiAlpha.exe" = C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha -- File not found
"C:\Program Files\LordofSearch\LordofSearch.exe" = C:\Program Files\LordofSearch\LordofSearch.exe:*:Enabled:LordofSearch -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- File not found
"C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Doug\Desktop\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe" = C:\Documents and Settings\Doug\Desktop\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Doug\Desktop\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe" = C:\Documents and Settings\Doug\Desktop\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient.exe -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\SYSTEM32\MMC.EXE" = C:\WINDOWS\SYSTEM32\MMC.EXE:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe" = C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London -- File not found
"C:\Program Files\THQ\Dawn of War - Soulstorm Demo\Soulstorm.exe" = C:\Program Files\THQ\Dawn of War - Soulstorm Demo\Soulstorm.exe:*:Enabled:Soulstorm -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Documents and Settings\Doug\Local Settings\Temp\Blizzard Launcher Temporary - 20988d78\Launcher.exe" = C:\Documents and Settings\Doug\Local Settings\Temp\Blizzard Launcher Temporary - 20988d78\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Documents and Settings\Doug\Local Settings\Temp\Blizzard Launcher Temporary - 3305f3e0\Launcher.exe" = C:\Documents and Settings\Doug\Local Settings\Temp\Blizzard Launcher Temporary - 3305f3e0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1_01
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}" = Apple Mobile Device Support
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED4476BF-40B2-4C0B-83D1-38295BCF7DB0}" = AspenLaw Studydesk
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioConSole" = Creative Audio Console
"avast!" = avast! Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BearShare" = BearShare
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"DMX4_is1" = DriverMax 4
"DriverAgent.exe" = DriverAgent by TouchStone Software
"EPSON Printer and Utilities" = EPSON Printer Software
"Flickr Uploadr" = Flickr Uploadr 2.3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDump" = iDump Build: 24
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LimeWire" = LimeWire 4.18.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PPTView97" = Microsoft PowerPoint Viewer 97
"RealPlayer 6.0" = RealPlayer Basic
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = Grapevine 3.0
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"TalkShoe Live! 2.0" = TalkShoe Live! 2.0
"The Rosetta Stone" = The Rosetta Stone
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"ESPN Java Check" = ESPN Java Check
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/29/2009 8:18:15 PM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 7/29/2009 9:04:43 PM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/8/2009 3:13:30 PM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/11/2009 12:25:24 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002507-04495D58\AVSCAN-20090811-002510-F704A371
failed, 00000005.

Error - 8/11/2009 12:26:20 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002614-B0FAC7E8\AVSCAN-20090811-002617-A4BA1DFB
failed, 00000005.

Error - 8/11/2009 12:27:12 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002705-B8A191E3\AVSCAN-20090811-002707-A8D9D098
failed, 00000005.

Error - 8/11/2009 12:27:41 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002736-CD07EC52\AVSCAN-20090811-002739-BE5851F4
failed, 00000005.

Error - 8/11/2009 12:27:52 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002747-8F54CE77\AVSCAN-20090811-002750-7E1D1425
failed, 00000005.

Error - 8/11/2009 12:28:01 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002757-29136761\AVSCAN-20090811-002800-17DA0E3F
failed, 00000005.

Error - 8/11/2009 12:28:09 AM | Computer Name = DAVID | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090811-002804-3E902548\AVSCAN-20090811-002807-2D357283
failed, 00000005.

[ Application Events ]
Error - 8/10/2009 1:24:39 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 8/10/2009 1:49:07 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 8/10/2009 2:37:41 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 8/10/2009 10:47:26 AM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10003973.

Error - 8/10/2009 12:34:15 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.27.0.1002, faulting
module superantispyware.exe, version 4.27.0.1002, fault address 0x0008a7a3.

Error - 8/10/2009 12:34:32 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.27.0.1002, faulting
module superantispyware.exe, version 4.27.0.1002, fault address 0x0008a7a3.

Error - 8/10/2009 12:36:10 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 8/10/2009 12:37:34 PM | Computer Name = DAVID | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.27.0.1002, faulting
module superantispyware.exe, version 4.27.0.1002, fault address 0x0008a7a3.

Error - 8/10/2009 5:13:56 PM | Computer Name = DAVID | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/10/2009 5:50:38 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 8.5.0.405, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/10/2009 8:10:35 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/10/2009 8:10:35 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The Windows Live OneCare Health Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/10/2009 8:10:35 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/10/2009 8:10:35 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 8/10/2009 8:10:36 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7031
Description = The OneCare Firewall service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/10/2009 8:10:36 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7031
Description = The Windows Live OneCare service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 8/10/2009 8:10:41 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 8/10/2009 8:10:41 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053

Error - 8/11/2009 12:19:54 AM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The AVG On-access Scanner Minifilter Driver x86 service failed to
start due to the following error: %%87

Error - 8/11/2009 1:58:31 AM | Computer Name = DAVID | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

[ Windows OneCare Events ]
Error - 8/8/2009 7:10:43 PM | Computer Name = DAVID | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.


< End of report >


Please let me know if there is anything else you need.

Edited by dnorquest, 11 August 2009 - 11:03 PM.

[Advertisements]

Hi dnorquest

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

[azarl]

Hi dnorquest

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

[azarl]

Hi dnorquest

Sorry for the delay. I want to take a look at your system in more depth. Please follow these instructions. In step one, please attach the report to your reply. In step 2, paste it as normal.

Step 1
OTS
Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Step 2
Sysprot AntiRootkit
Download SysProt Antirootkit from Here

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

• Click on the Log tab.
• In the Write to log box select all items.
• Click on the Create Log button on the bottom right.
• After a few seconds a new Window should appear.
• Make sure Scan all drives is selected and click on the Start button.
• When it is complete a new Window will appear to indicate that the scan is finished.
• The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

Finally, could you also describe any symptoms you are experiencing

[dnorquest]

Thank you for your assistance.

The symptoms I have experienced: disk defrag unable to scan, anti-virus software unable to open or install, and two iexplorer applications being opened in the background (unviewable) and when I would close (from taskmanager) they would either resume immediately or in five minutes or so.

Eventually I was able to remove one of the trojans with SDFix, and after that, Malawarebytes was able to clean up the other 5 or 6 left over. I downloaded a couple other scanners to confirm, and everything is coming up clean. After I was satisfied that I was no longer experiencing symptoms, I made a post here so that a more educated person could review my actions. I know you can't say with 100% certainty that my system is clean now, but I wanted to make sure nothing was left hidden or lingering in my system logging my keystrokes or whatever.

Once again, thank you for your time.



SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\smss.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\csrss.exe
PID: 636
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\services.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\lsass.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 904
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1200
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PID: 1548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\spoolsv.exe
PID: 1576
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PID: 1680
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1836
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PID: 148
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ctfmon.exe
PID: 172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 276
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\acs.exe
PID: 316
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 400
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
PID: 420
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 500
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PID: 520
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 580
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\nvsvc32.exe
PID: 1416
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PID: 1192
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1744
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PID: 1968
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PID: 2152
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 2232
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
PID: 3004
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\alg.exe
PID: 3324
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 2544
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
PID: 764
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Doug\Desktop\SysProt\SysProt.exe
PID: 696
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Doug\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A93C5000
Module End: A93D0000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9F79000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9F68000
Module End: B9F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmdide.sys
Service Name: CmdIde
Module Base: BA5AE000
Module End: BA5B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\toside.sys
Service Name: TosIde
Module Base: BA5B0000
Module End: BA5B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: BA5B2000
Module End: BA5B4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: BA5B4000
Module End: BA5B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9F49000
Module End: B9F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0C8000
Module End: BA0D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cpqarray.sys
Service Name: Cpqarray
Module Base: BA4BC000
Module End: BA4C0000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: B9F31000
Module End: B9F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: B9EBE000
Module End: B9F31000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9EA6000
Module End: B9EBE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aha154x.sys
Service Name: Aha154x
Module Base: BA4C0000
Module End: BA4C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sparrow.sys
Service Name: Sparrow
Module Base: BA338000
Module End: BA33D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc810.sys
Service Name: symc810
Module Base: BA4C4000
Module End: BA4C8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78xx.sys
Service Name: aic78xx
Module Base: BA0D8000
Module End: BA0E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac960nt.sys
Service Name: dac960nt
Module Base: BA4C8000
Module End: BA4CC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql10wnt.sys
Service Name: Ql10wnt
Module Base: BA0E8000
Module End: BA0F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amsint.sys
Service Name: amsint
Module Base: BA4CC000
Module End: BA4CF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc.sys
Service Name: asc
Module Base: BA340000
Module End: BA347000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3550.sys
Service Name: asc3550
Module Base: BA4D0000
Module End: BA4D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mraid35x.sys
Service Name: mraid35x
Module Base: BA348000
Module End: BA34D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: BA350000
Module End: BA355000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ini910u.sys
Service Name: ini910u
Module Base: BA4D4000
Module End: BA4D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1240.sys
Service Name: ql1240
Module Base: BA0F8000
Module End: BA102000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78u2.sys
Service Name: aic78u2
Module Base: BA108000
Module End: BA116000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc8xx.sys
Service Name: symc8xx
Module Base: BA358000
Module End: BA360000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_hi.sys
Service Name: sym_hi
Module Base: BA360000
Module End: BA367000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_u3.sys
Service Name: sym_u3
Module Base: BA368000
Module End: BA370000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Service Name: abp480n5
Module Base: BA370000
Module End: BA376000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3350p.sys
Service Name: asc3350p
Module Base: BA378000
Module End: BA37E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Service Name: cd20xrnt
Module Base: BA5B6000
Module End: BA5B8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ultra.sys
Service Name: ultra
Module Base: BA118000
Module End: BA121000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: B9E8D000
Module End: B9EA6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dpti2o.sys
Service Name: dpti2o
Module Base: BA380000
Module End: BA385000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1080.sys
Service Name: ql1080
Module Base: BA128000
Module End: BA132000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1280.sys
Service Name: ql1280
Module Base: BA138000
Module End: BA144000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql12160.sys
Service Name: ql12160
Module Base: BA148000
Module End: BA154000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2.sys
Service Name: perc2
Module Base: BA388000
Module End: BA38F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2hib.sys
Service Name: perc2hib
Module Base: BA5B8000
Module End: BA5BA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\hpn.sys
Service Name: hpn
Module Base: BA390000
Module End: BA397000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cbidf2k.sys
Service Name: cbidf
Module Base: BA4D8000
Module End: BA4DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac2w2k.sys
Service Name: dac2w2k
Module Base: B9E61000
Module End: B9E8D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA158000
Module End: BA161000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA168000
Module End: BA175000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: B9E41000
Module End: B9E61000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9E2F000
Module End: B9E41000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA178000
Module End: BA181000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: B9E1A000
Module End: B9E2F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9E03000
Module End: B9E1A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9D76000
Module End: B9E03000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9D49000
Module End: B9D76000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sisagp.sys
Service Name: sisagp
Module Base: BA188000
Module End: BA192000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: BA198000
Module End: BA1A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA1A8000
Module End: BA1B8000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA1B8000
Module End: BA1C6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9D2F000
Module End: B9D49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: BA1C8000
Module End: BA1D3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\alim1541.sys
Service Name: alim1541
Module Base: BA1D8000
Module End: BA1E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amdagp.sys
Service Name: amdagp
Module Base: BA1E8000
Module End: BA1F3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agpCPQ.sys
Service Name: agpCPQ
Module Base: BA1F8000
Module End: BA203000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA228000
Module End: BA231000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B8057000
Module End: B865C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B8043000
Module End: B8057000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Service Name: b57w2k
Module Base: B8014000
Module End: B8043000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA408000
Module End: BA40E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B7FF0000
Module End: B8014000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA410000
Module End: BA418000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ctaud2k.sys
Service Name: ctaud2k
Module Base: B7F6F000
Module End: B7FF0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B7F4B000
Module End: B7F6F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B95CB000
Module End: B95DA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: B7F28000
Module End: B7F4B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ctoss2k.sys
Service Name: ossrv
Module Base: B7EF4000
Module End: B7F28000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Service Name: ctprxy2k
Module Base: BA430000
Module End: BA438000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Service Name: gameenum
Module Base: B9C16000
Module End: B9C19000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ubohci.sys
Service Name: ubohci
Module Base: B7ED5000
Module End: B7EF4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\UB1394.SYS
Service Name: ---
Module Base: B7EB8000
Module End: B7ED5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\vinyl97.sys
Service Name: VIAudio
Module Base: B7E85000
Module End: B7EB8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: B95BB000
Module End: B95C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA440000
Module End: BA446000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA448000
Module End: BA44E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B7E71000
Module End: B7E85000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: B95AB000
Module End: B95BB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: B9C0E000
Module End: B9C12000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B959B000
Module End: B95A6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pfc.sys
Service Name: pfc
Module Base: BA568000
Module End: BA56B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: BA61E000
Module End: BA620000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B958B000
Module End: B959B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B957B000
Module End: B958A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BA450000
Module End: BA457000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA7CA000
Module End: BA7CB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: B956B000
Module End: B9578000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA574000
Module End: BA577000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B7E5A000
Module End: B7E71000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: B955B000
Module End: B9566000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: B954B000
Module End: B9557000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA458000
Module End: BA45D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B7E49000
Module End: B7E5A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: B86EC000
Module End: B86F5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA460000
Module End: BA465000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA468000
Module End: BA46D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B86DC000
Module End: B86E6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA620000
Module End: BA622000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B7DEB000
Module End: B7E49000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA57C000
Module End: BA580000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\omci.sys
Service Name: omci
Module Base: BA470000
Module End: BA475000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B86BC000
Module End: B86C6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA268000
Module End: BA277000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA62E000
Module End: BA630000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\hap16v2k.sys
Service Name: hap16v2k
Module Base: B1112000
Module End: B113D000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ha10kx2k.sys
Service Name: ha10kx2k
Module Base: B1008000
Module End: B1112000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\emupia2k.sys
Service Name: emupia
Module Base: B0FD9000
Module End: B1008000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: AEFAD000
Module End: AEFD6000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ctac32k.sys
Service Name: ctac32k
Module Base: AEF11000
Module End: AEFAD000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\COMMONFX.SYS
Service Name: COMMONFX
Module Base: AE2E2000
Module End: AE2FD000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\CTSBLFX.SYS
Service Name: CTSBLFX
Module Base: AE254000
Module End: AE2E2000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\CTAUDFX.SYS
Service Name: CTAUDFX
Module Base: AE1C9000
Module End: AE254000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: B11B1000
Module End: B11B6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: AEE6C000
Module End: AEE6F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA60C000
Module End: BA60E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: ADE81000
Module End: ADE82000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA60E000
Module End: BA610000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: AE196000
Module End: AE19C000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: AE18E000
Module End: AE194000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA610000
Module End: BA612000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA612000
Module End: BA614000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: AE186000
Module End: AE18B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: AE17E000
Module End: AE186000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: AEE64000
Module End: AEE67000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
Service Name: MSFWHLPR
Module Base: ADBE6000
Module End: ADC01000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: ADBD3000
Module End: ADBE6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: ADB7A000
Module End: ADBD3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: ADB52000
Module End: ADB7A000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: ADB26000
Module End: ADB48000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: AE0EA000
Module End: AE0F3000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: ADB01000
Module End: ADB26000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: AE176000
Module End: AE17C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: ADAD6000
Module End: ADB01000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: ADA66000
Module End: ADAD6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: AE0DA000
Module End: AE0E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: ADA40000
Module End: ADA66000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: AE0CA000
Module End: AE0D3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: B1ACB000
Module End: B1ADB000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A9D46000
Module End: A9DB9000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: AB380000
Module End: AB383000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BA480000
Module End: BA485000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: ADA01000
Module End: ADA02000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: AD66A000
Module End: AD674000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: BA7B6000
Module End: BA7B7000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: A9ACF000
Module End: A9AE5000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: AB49C000
Module End: AB4A0000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: BA5BC000
Module End: BA5BE000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: B8885000
Module End: B888C000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: AD65A000
Module End: AD663000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: BA7B7000
Module End: BA7B8000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: A9AB6000
Module End: A9ACF000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: A9A9D000
Module End: A9AB6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: ADA34000
Module End: ADA38000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: ADA30000
Module End: ADA34000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A9998000
Module End: A99AD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B9D0F000
Module End: B9D1E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A991D000
Module End: A994A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Service Name: ASCTRM
Module Base: ADE09000
Module End: ADE0B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A988C000
Module End: A98CD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: B9CAF000
Module End: B9CB8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A97EA000
Module End: A983C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
Service Name: MSFWDrv
Module Base: A97D5000
Module End: A97EA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: ---
Module Base: A979D000
Module End: A97D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: BA298000
Module End: BA2A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: A963D000
Module End: A9647000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ubsbm.sys
Service Name: ubsbm
Module Base: AA4E0000
Module End: AA4E9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ubumapi.sys
Service Name: ubumapi
Module Base: AA4C0000
Module End: AA4CE000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: B88BD000
Module End: B88C2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A8E91000
Module End: A8EB5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: BA438000
Module End: BA43F000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: ADB0A0B0
Driver Base: ADB01000
Driver End: ADB26000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DAVID:1176
Remote Address: CDS79.EWR9.MSECN.NET:HTTP
Type: TCP
Process: C:\Program Files\Microsoft Windows OneCare Live\winss.exe
State: CLOSE_WAIT

Local Address: DAVID:1135
Remote Address: CDS25.EWR9.MSECN.NET:HTTP
Type: TCP
Process: C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
State: CLOSE_WAIT

Local Address: DAVID:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DAVID:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: DAVID:5152
Remote Address: LOCALHOST:1355
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: DAVID:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: DAVID:1335
Remote Address: LOCALHOST:1334
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAVID:1334
Remote Address: LOCALHOST:1335
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAVID:1331
Remote Address: LOCALHOST:1330
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAVID:1330
Remote Address: LOCALHOST:1331
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DAVID:1036
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\alg.exe
State: LISTENING

Local Address: DAVID:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\LEXPPS.EXE
State: LISTENING

Local Address: DAVID:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DAVID:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: LISTENING

Local Address: DAVID:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DAVID:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DAVID:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DAVID:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DAVID:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DAVID:1328
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\explorer.exe
State: NA

Local Address: DAVID:1249
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DAVID:1037
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft Windows OneCare Live\winss.exe
State: NA

Local Address: DAVID:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DAVID:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: DAVID:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: DAVID:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\StartupCleaner\Backup
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\StartupCleaner
Status: Access denied

Object: C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}
Status: Access denied

Attached Files

•  OTS.Txt   203.14KB   97 downloads

[azarl]

Hi dnorquest

This is going to take me a little while to go through. Please bear with me.

[azarl]

Hi dnorquest

Firstly, do you recognise a file called fffffff.exe on your desktop? If you don't know what it is, please advise me.

Step 1
Java Update
Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step 2
Kaspersky Scanner
Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Step 3
Start OTS
Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{BA52B914-B692-46c4-B683-905236F6F655}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\] > -> HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\] > -> HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

Step 4
Malwarebytes' Anti-Malware
Please run MBAM again.
Once the program has loaded, select the Update tab and click the Check for Updates button. When it's finished updating (it may restart itself)

• select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please include

• Kaspersky Scan Results
• OTS Log
• MBAM Log

With your next post

[dnorquest]

All steps competed.

I originally had to rename anti-virus applications to open them, fffffff.exe is SUPERAntiSpyware free edition.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 16, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 16, 2009 19:00:07
Records in database: 2636448
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 144592
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:30:32

No threats found. Scanned area is clean.

Selected area has been scanned.





[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-316337164-4188841594-1745027252-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
< End of fix log >
OTS by OldTimer - Version 3.0.10.3 fix logfile created on 08162009_132919






Malwarebytes' Anti-Malware 1.40
Database version: 2635
Windows 5.1.2600 Service Pack 3

8/16/2009 2:01:57 PM
mbam-log-2009-08-16 (14-01-57).txt

Scan type: Quick Scan
Objects scanned: 97164
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by dnorquest, 16 August 2009 - 12:11 PM.

[azarl]

Hi dnorquest

Your logs are clean or appear to be. I've not found any malware left on your PC, you did a good job clearing it off but I've fixed a few registry errors.

Time to clean up!

Step 1
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2
Cleanup
A good workman always cleans up after himself so..Run OTL/OTS and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

Step 3
Create New System Restore Point and Clear Earlier Ones
Now we need to create a new System Restore point

Click Start Menu > Run > type (or copy and paste) %SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

There are a couple of things that will speed up you PC and make it safer

Multiple anti-viruses running running on your PC. This can cause conflicts and poor performance and provides no benefits.

AVG
Avast
Avira
OneCare Live A/V

Please select just one to keep and uninstall the other using the Add/Remove programs section of the the Control Panel

*!* Note: You have the following file-sharing software present:

Revolutionary Stuff
Kiwi Alpha
LordofSearch
LimeWire
BitTorrent
BearShare Applications
uTorrent

Peer-to-peer (P2P) or file sharing applications allow users to share files over the Internet. The sharing of infected files is a major vector for viruses or spyware as it is so easy to become infected by downloading an apparently innocent file. It is highly probable that your current issues stem from using this program. I recommend that you seriously consider uninstalling these program. If you need assistance doing this, please let me know and I'll assist you to unintall them.
[/quote]

[dnorquest]

I've finished the clean up. Thank you for everything, you have been most helpful!

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.