Anyways, i've read a lot of posts and here is mine. I'm running Windows Vista 32Bit Ultimate btw.
Here are my ROOTREPEAL Logs
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/31 01:20
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8A5B8000 Size: 286720 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8223F000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x90329000 Size: 294912 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8A677000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8A67F000 Size: 122880 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8F9DA000 Size: 28672 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80683000 Size: 32768 File Visible: - Signed: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9E363000 Size: 102400 File Visible: - Signed: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x98710000 Size: 57344 File Visible: - Signed: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9E3E6000 Size: 90112 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8A9B9000 Size: 98304 File Visible: - Signed: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x806CC000 Size: 917504 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8ADCD000 Size: 135168 File Visible: - Signed: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8068B000 Size: 266240 File Visible: - Signed: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FDB9000 Size: 53248 File Visible: - Signed: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8ADEE000 Size: 36864 File Visible: - Signed: -
Status: -
Name: csc.sys
Image Path: C:\Windows\system32\drivers\csc.sys
Address: 0x8FD27000 Size: 368640 File Visible: - Signed: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FD81000 Size: 94208 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8ADBC000 Size: 69632 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8F9AE000 Size: 151552 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8FDD1000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FDC6000 Size: 45056 File Visible: No Signed: -
Status: -
Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x8FDD9000 Size: 69632 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FDEA000 Size: 40960 File Visible: - Signed: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8AB4A000 Size: 651264 File Visible: - Signed: -
Status: -
Name: eamon.sys
Image Path: C:\Windows\system32\DRIVERS\eamon.sys
Address: 0xA00CD000 Size: 315392 File Visible: - Signed: -
Status: -
Name: easdrv.sys
Image Path: C:\Windows\system32\DRIVERS\easdrv.sys
Address: 0x8FD1C000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8AD71000 Size: 159744 File Visible: - Signed: -
Status: -
Name: epfwtdir.sys
Image Path: C:\Windows\system32\DRIVERS\epfwtdir.sys
Address: 0x8FCD4000 Size: 49152 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8A97C000 Size: 45056 File Visible: - Signed: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8A6CF000 Size: 65536 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\Windows\system32\DRIVERS\flpydisk.sys
Address: 0x8F966000 Size: 40960 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8A69D000 Size: 204800 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8FBF6000 Size: 36864 File Visible: - Signed: -
Status: -
Name: fvevol.sys
Image Path: C:\Windows\System32\DRIVERS\fvevol.sys
Address: 0x8AD98000 Size: 147456 File Visible: - Signed: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8AAF0000 Size: 110592 File Visible: - Signed: -
Status: -
Name: gdrv.sys
Image Path: C:\Windows\gdrv.sys
Address: 0xA01F8000 Size: 9184 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8A9D1000 Size: 40960 File Visible: - Signed: -
Status: -
Name: giveio.sys
Image Path: C:\Windows\system32\giveio.sys
Address: 0x8AD70000 Size: 1664 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x8220C000 Size: 208896 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8F578000 Size: 73728 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8FD98000 Size: 65536 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8F9EA000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8FE00000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9E2DB000 Size: 438272 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x8A652000 Size: 28672 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8AB3B000 Size: 61440 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8F8D9000 Size: 45056 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8FDA8000 Size: 36864 File Visible: - Signed: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8060A000 Size: 32768 File Visible: - Signed: -
Status: -
Name: kl1.sys
Image Path: C:\Windows\system32\DRIVERS\kl1.sys
Address: 0x8FE0A000 Size: 5369856 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F8F1000 Size: 172032 File Visible: - Signed: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8A6DF000 Size: 462848 File Visible: - Signed: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x9E2B8000 Size: 65536 File Visible: - Signed: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8AB0B000 Size: 110592 File Visible: - Signed: -
Status: -
Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80612000 Size: 393216 File Visible: - Signed: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8AC00000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8F8E4000 Size: 45056 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8FDB1000 Size: 32768 File Visible: - Signed: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8A667000 Size: 65536 File Visible: - Signed: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9E37C000 Size: 86016 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9E391000 Size: 131072 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x9E3B1000 Size: 126976 File Visible: - Signed: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA0002000 Size: 233472 File Visible: - Signed: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA003B000 Size: 98304 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8FC56000 Size: 45056 File Visible: - Signed: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x807AC000 Size: 32768 File Visible: - Signed: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8A750000 Size: 188416 File Visible: - Signed: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8A917000 Size: 176128 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F91B000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8AD61000 Size: 61440 File Visible: - Signed: -
Status: -
Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8A80C000 Size: 1093632 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8A9F5000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8A7D6000 Size: 143360 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8F970000 Size: 69632 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x90387000 Size: 57344 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8FC8E000 Size: 204800 File Visible: - Signed: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8A942000 Size: 237568 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8FC61000 Size: 57344 File Visible: - Signed: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x903EE000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8AC0F000 Size: 1110016 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8223F000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8F9D3000 Size: 28672 File Visible: - Signed: -
Status: -
Name: nvBridge.kmd
Image Path: C:\Windows\system32\DRIVERS\nvBridge.kmd
Address: 0x8F569000 Size: 8192 File Visible: - Signed: -
Status: -
Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8EE01000 Size: 7764672 File Visible: - Signed: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x90371000 Size: 90112 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8A9A1000 Size: 98304 File Visible: - Signed: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x807DB000 Size: 61440 File Visible: - Signed: -
Status: -
Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0xA00C6000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x807B4000 Size: 159744 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x8A659000 Size: 57344 File Visible: - Signed: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA011A000 Size: 909312 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8223F000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F981000 Size: 184320 File Visible: - Signed: -
Status: -
Name: PROCEXP90.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP90.SYS
Address: 0xA01FB000 Size: 6464 File Visible: No Signed: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80672000 Size: 69632 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8FC6F000 Size: 36864 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8A7BF000 Size: 94208 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F808000 Size: 61440 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F817000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F82B000 Size: 86016 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8223F000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FCE0000 Size: 245760 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8FC24000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys
Address: 0x8F840000 Size: 561152 File Visible: - Signed: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8FC2C000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8AB26000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x9E2C8000 Size: 77824 File Visible: - Signed: -
Status: -
Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8FA00000 Size: 2056128 File Visible: - Signed: -
Status: -
Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8F58A000 Size: 122880 File Visible: - Signed: -
Status: -
Name: SCDEmu.SYS
Image Path: C:\Windows\System32\Drivers\SCDEmu.SYS
Address: 0x903E3000 Size: 43776 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x8A592000 Size: 155648 File Visible: - Signed: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9E3D0000 Size: 40960 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8F5F6000 Size: 40960 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8A987000 Size: 106496 File Visible: - Signed: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8FCC0000 Size: 81920 File Visible: - Signed: -
Status: -
Name: speedfan.sys
Image Path: C:\Windows\system32\speedfan.sys
Address: 0x8AD5F000 Size: 5248 File Visible: - Signed: -
Status: -
Name: speh.sys
Image Path: C:\Windows\System32\Drivers\speh.sys
Address: 0x8A489000 Size: 1048576 File Visible: No Signed: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8AD57000 Size: 32768 File Visible: - Signed: -
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x9E209000 Size: 716800 File Visible: - Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA007A000 Size: 311296 File Visible: - Signed: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA0053000 Size: 159744 File Visible: - Signed: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9E346000 Size: 118784 File Visible: - Signed: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8A77E000 Size: 266240 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F8EF000 Size: 4992 File Visible: - Signed: -
Status: -
Name: swmsflt.sys
Image Path: C:\Windows\System32\drivers\swmsflt.sys
Address: 0x8F5A8000 Size: 17792 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8AA09000 Size: 946176 File Visible: - Signed: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9E3DA000 Size: 49152 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8A9EA000 Size: 45056 File Visible: - Signed: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8FC78000 Size: 90112 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F8C9000 Size: 65536 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x986F0000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8AB32000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8FDF4000 Size: 45056 File Visible: - Signed: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F925000 Size: 53248 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x903F8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8ABE9000 Size: 61440 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8F932000 Size: 212992 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8F5B8000 Size: 253952 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8F5AD000 Size: 45056 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8F9F1000 Size: 49152 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8FC03000 Size: 135168 File Visible: - Signed: -
Status: -
Name: vmm.sys
Image Path: C:\Windows\system32\Drivers\vmm.sys
Address: 0x903A8000 Size: 241664 File Visible: - Signed: -
Status: -
Name: VMNetSrv.sys
Image Path: C:\Windows\system32\DRIVERS\VMNetSrv.sys
Address: 0x8A9DB000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x807EA000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8A608000 Size: 303104 File Visible: - Signed: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8AD1E000 Size: 233472 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x90395000 Size: 77824 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8F56B000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8A400000 Size: 507904 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8A47C000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x984D0000 Size: 2105344 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x984D0000 Size: 2105344 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x8A589000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8223F000 Size: 3903488 File Visible: - Signed: -
Status: -
AND here is my OTL Logs
OTL logfile created on: 8/31/2009 1:17:24 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Elephant\Favorites\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 87.59% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 260.30 Gb Total Space | 135.57 Gb Free Space | 52.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.79 Gb Total Space | 26.29 Gb Free Space | 69.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-798F164EAC
Current User Name: Elephant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/02/09 14:18:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/02/13 01:52:10 | 04,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/02/20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/01/20 22:23:22 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/03/09 23:51:54 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/01/20 22:23:22 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/07/17 14:21:34 | 00,080,392 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
PRC - [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2008/01/20 22:23:17 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009/08/04 23:33:54 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/08/31 01:15:21 | 00,472,064 | ---- | M] ( ) -- C:\Users\Elephant\Favorites\Desktop\RootRepeal.exe
PRC - [2009/08/31 01:15:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Elephant\Favorites\Desktop\OTL.exe
PRC - [2008/01/20 22:21:49 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/04/27 21:44:13 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/01/20 22:23:17 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/27 14:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/01/20 22:21:35 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSV.dll -- (AxInstSV [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/06/21 16:19:38 | 00,491,520 | ---- | M] () -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device [On_Demand | Stopped])
SRV - [2008/01/20 22:23:20 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/02/20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/07/17 14:21:34 | 00,080,392 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service [Auto | Running])
SRV - [2008/01/20 22:21:56 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/24 21:18:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetMsmqActivator [Disabled | Stopped])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetPipeActivator [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpActivator [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [On_Demand | Running])
SRV - [2008/01/22 12:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2006/11/02 05:45:35 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
SRV - [2009/02/09 14:18:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/09 18:15:04 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2009/04/09 19:09:17 | 00,189,072 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - [2008/01/20 22:23:17 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC [Auto | Running])
SRV - [2008/01/20 22:23:17 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS [On_Demand | Running])
SRV - [2008/01/20 22:21:41 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 22:23:48 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/30 14:20:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 02:42:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/30 15:39:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/30 15:38:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/07/07 11:58:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/08/30 15:38:10 | 00,000,000 | ---D | M]
[2009/04/25 23:22:37 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\mozilla\Extensions
[2009/04/25 23:22:37 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/30 16:28:45 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\mozilla\Firefox\Profiles\muzewbcs.default\extensions
[2009/08/30 16:28:45 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\mozilla\Firefox\Profiles\muzewbcs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/14 19:35:13 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\mozilla\Firefox\Profiles\muzewbcs.default\extensions\[email protected]
[2009/08/30 16:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 23:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/20 21:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/24 18:03:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/30 15:36:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/04 23:33:54 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 23:33:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 23:33:54 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 11:58:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1263 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - Startup: C:\Users\Elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07b50568-ffb8-11dd-a33e-001fd0cdaf94}\Shell - "" = AutoRun
O33 - MountPoints2\{07b50568-ffb8-11dd-a33e-001fd0cdaf94}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{375c07aa-78cd-11de-96dd-001fd0cdaf94}\Shell\Auto\command - "" = F:\RavMonE.exe -- File not found
O33 - MountPoints2\{77237c21-93ae-11de-946d-001fd0cdaf94}\Shell - "" = AutoRun
O33 - MountPoints2\{77237c21-93ae-11de-946d-001fd0cdaf94}\Shell\AutoRun\command - "" = G:\MediaManager.exe -- File not found
O33 - MountPoints2\{e70cd977-7269-11de-80b8-001fd0cdaf94}\Shell\Auto\command - "" = RavMonE.exe e
O33 - MountPoints2\{e70cd97a-7269-11de-80b8-001fd0cdaf94}\Shell - "" = AutoRun
O33 - MountPoints2\{e70cd97a-7269-11de-80b8-001fd0cdaf94}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell\readit\command - "" = notepad readme.doc
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ==========
[2 C:\Users\Elephant\Favorites\Desktop\*.tmp files]
[2009/08/31 01:15:39 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Elephant\Favorites\Desktop\OTL.exe
[2009/08/31 01:15:20 | 00,472,064 | ---- | C] ( ) -- C:\Users\Elephant\Favorites\Desktop\RootRepeal.exe
[2009/08/31 01:11:51 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/31 00:59:15 | 00,000,796 | ---- | C] () -- C:\Users\Elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/08/31 00:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2009/08/31 00:59:07 | 02,062,665 | ---- | C] () -- C:\Users\Elephant\Favorites\Desktop\spywareguardsetup.exe
[2009/08/31 00:56:41 | 00,001,760 | ---- | C] () -- C:\Users\Elephant\Favorites\Desktop\Update Checker.lnk
[2009/08/31 00:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2009/08/31 00:56:36 | 00,159,454 | ---- | C] () -- C:\Users\Elephant\Favorites\Desktop\FHSetup.exe
[2009/08/31 00:39:23 | 00,000,913 | ---- | C] () -- C:\Users\Elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/31 00:39:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/31 00:39:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Elephant\Favorites\Desktop\erunt_setup.exe
[2009/08/31 00:36:18 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\Elephant\Favorites\Desktop\TFC.exe
[2009/08/31 00:26:33 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/31 00:26:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/31 00:26:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/31 00:26:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/31 00:26:33 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/31 00:26:33 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/31 00:26:33 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/31 00:26:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/31 00:26:24 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/31 00:25:16 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/30 23:41:10 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/30 23:01:51 | 03,188,306 | R--- | C] () -- C:\Users\Elephant\Favorites\Desktop\ComboFix.exe
[2009/08/30 18:08:27 | 00,000,000 | ---D | C] -- C:\Users\Elephant\AppData\Roaming\Malwarebytes
[2009/08/30 18:08:26 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 18:08:23 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/30 18:08:22 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/30 18:08:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/30 18:08:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/30 18:08:01 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elephant\Favorites\Desktop\mbam-setup.exe
[2009/08/30 17:18:19 | 00,359,932 | ---- | C] () -- C:\Users\Elephant\Favorites\Desktop\dds.com
[2009/08/30 16:31:57 | 00,001,830 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2009/08/30 16:31:56 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc
[2009/08/30 16:31:47 | 02,052,104 | ---- | C] () -- C:\Users\Elephant\Favorites\Desktop\advisor.exe
[2009/08/30 16:26:21 | 00,000,000 | ---D | C] -- C:\Users\Elephant\AppData\Local\ESET
[2009/08/30 16:01:44 | 00,005,702 | -H-- | C] () -- C:\Windows\nod32restoretemdono.reg
[2009/08/30 16:01:44 | 00,000,568 | -H-- | C] () -- C:\Windows\nod32fixtemdono.reg
[2009/08/30 15:55:24 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/08/30 15:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/08/30 15:52:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/30 15:31:52 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\Elephant\Favorites\Desktop\KillBox.exe
[2009/08/30 14:39:11 | 15,882,328 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Elephant\Favorites\Desktop\wm3v93np.exe
[2009/08/30 14:25:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/08/30 14:17:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/08/30 14:02:11 | 00,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/29 23:56:57 | 00,000,000 | ---D | C] -- C:\Users\Elephant\AppData\Roaming\mIRC
[2009/08/29 01:34:12 | 00,000,000 | ---D | C] -- C:\Users\Elephant\Favorites\Desktop\EDIT
[2009/08/25 15:51:53 | 00,000,000 | ---D | C] -- C:\Users\Elephant\Favorites\Desktop\New Folder
[2009/08/21 16:59:31 | 00,853,747 | ---- | C] () -- C:\Users\Elephant\Documents\IMG_1230.jpg
[2009/08/21 16:58:30 | 00,003,831 | ---- | C] () -- C:\Users\Elephant\Documents\dela.jpg
[2009/08/19 01:03:16 | 00,454,656 | ---- | C] (Simon Tatham) -- C:\Users\Elephant\Favorites\Desktop\putty.exe
[2009/08/17 21:58:40 | 00,010,670 | ---- | C] () -- C:\Users\Elephant\Favorites\Desktop\index.php
[2009/08/17 18:34:04 | 00,000,000 | ---D | C] -- C:\Users\Elephant\Documents\My Received Files
========== Files - Modified Within 14 Days ==========
[2 C:\Users\Elephant\Favorites\Desktop\*.tmp files]
[2009/08/31 01:15:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Elephant\Favorites\Desktop\OTL.exe
[2009/08/31 01:15:21 | 00,472,064 | ---- | M] ( ) -- C:\Users\Elephant\Favorites\Desktop\RootRepeal.exe
[2009/08/31 01:11:27 | 03,188,306 | R--- | M] () -- C:\Users\Elephant\Favorites\Desktop\ComboFix.exe
[2009/08/31 01:01:28 | 00,000,452 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25055CE1-34A6-4B4D-80D3-8E34BC2A5C9F}.job
[2009/08/31 00:59:15 | 00,000,796 | ---- | M] () -- C:\Users\Elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/08/31 00:59:08 | 02,062,665 | ---- | M] () -- C:\Users\Elephant\Favorites\Desktop\spywareguardsetup.exe
[2009/08/31 00:56:41 | 00,001,760 | ---- | M] () -- C:\Users\Elephant\Favorites\Desktop\Update Checker.lnk
[2009/08/31 00:56:37 | 00,159,454 | ---- | M] () -- C:\Users\Elephant\Favorites\Desktop\FHSetup.exe
[2009/08/31 00:45:42 | 00,787,256 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/31 00:45:42 | 00,666,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/31 00:45:42 | 00,125,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/31 00:39:23 | 00,000,913 | ---- | M] () -- C:\Users\Elephant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/31 00:39:15 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Elephant\Favorites\Desktop\erunt_setup.exe
[2009/08/31 00:38:17 | 00,002,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/31 00:38:17 | 00,002,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/31 00:37:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/31 00:37:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/31 00:37:49 | 32,196,44416 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/31 00:36:19 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\Elephant\Favorites\Desktop\TFC.exe
[2009/08/31 00:36:00 | 00,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-963894560-725345543-1003UA.job
[2009/08/30 23:41:10 | 00,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2009/08/30 18:22:54 | 28,715,2297 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/30 18:08:26 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 18:08:04 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Elephant\Favorites\Desktop\mbam-setup.exe
[2009/08/30 17:18:19 | 00,359,932 | ---- | M] () -- C:\Users\Elephant\Favorites\Desktop\dds.com
[2009/08/30 16:31:57 | 00,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2009/08/30 16:31:49 | 02,052,104 | ---- | M] () -- C:\Users\Elephant\Favorites\Desktop\advisor.exe
[2009/08/30 15:31:52 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\Elephant\Favorites\Desktop\KillBox.exe
[2009/08/30 14:39:25 | 15,882,328 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Elephant\Favorites\Desktop\wm3v93np.exe
[2009/08/30 14:30:50 | 06,291,456 | -H-- | M] () -- C:\Users\Elephant\AppData\Local\IconCache.db
[2009/08/30 14:02:11 | 00,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/08/30 01:36:00 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-963894560-725345543-1003Core.job
[2009/08/29 22:04:59 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/08/29 22:04:58 | 00,091,136 | ---- | M] () -- C:\Users\Elephant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/21 22:58:27 | 00,000,600 | ---- | M] () -- C:\Users\Elephant\AppData\Roaming\winscp.rnd
[2009/08/21 16:59:50 | 00,853,747 | ---- | M] () -- C:\Users\Elephant\Documents\IMG_1230.jpg
[2009/08/21 16:58:30 | 00,003,831 | ---- | M] () -- C:\Users\Elephant\Documents\dela.jpg
[2009/08/19 22:30:49 | 00,001,734 | -H-- | M] () -- C:\Users\Elephant\Documents\Default.rdp
[2009/08/19 01:03:16 | 00,454,656 | ---- | M] (Simon Tatham) -- C:\Users\Elephant\Favorites\Desktop\putty.exe
[2009/08/17 21:58:41 | 00,010,670 | ---- | M] () -- C:\Users\Elephant\Favorites\Desktop\index.php
========== LOP Check ==========
[2009/08/30 18:08:27 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming
[2009/08/09 16:48:14 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\acccore
[2009/02/20 21:50:11 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Ahead
[2009/02/20 23:48:40 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Aim
[2009/08/31 00:43:42 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Azureus
[2009/03/23 00:08:56 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\CyberLink
[2009/04/16 00:10:36 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\DAEMON Tools Lite
[2009/08/31 01:08:08 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\DNA
[2009/07/26 02:50:47 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\DVD Flick
[2009/08/18 16:40:40 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\dvdcss
[2009/08/30 18:17:43 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\FileZilla
[2009/08/31 00:48:57 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\foobar2000
[2009/03/23 00:53:50 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\FrostWire
[2009/02/21 01:03:12 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\icefinch.net
[2009/04/05 01:41:42 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\LimeWire
[2006/11/02 08:35:50 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Media Center Programs
[2009/08/30 01:31:56 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\mIRC
[2009/07/13 16:18:52 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Notepad++
[2009/05/03 14:49:24 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Opera
[2009/04/26 23:39:05 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Red Alert 3
[2009/02/28 19:47:30 | 00,000,000 | RH-D | M] -- C:\Users\Elephant\AppData\Roaming\SecuROM
[2009/05/10 02:23:30 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\teamspeak2
[2009/04/29 00:14:42 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\Thunderbird
[2009/08/31 00:43:44 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\uTorrent
[2009/04/13 01:10:09 | 00,000,000 | ---D | M] -- C:\Users\Elephant\AppData\Roaming\ZoomBrowser EX
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\Windows\Tasks\desktop.ini
[2009/08/30 01:36:00 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-963894560-725345543-1003Core.job
[2009/08/31 00:36:00 | 00,000,920 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-963894560-725345543-1003UA.job
[2009/08/31 00:37:59 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2008/01/20 22:54:58 | 00,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/31 01:01:28 | 00,000,452 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25055CE1-34A6-4B4D-80D3-8E34BC2A5C9F}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
< %systemroot%\system32\scecli.dll >
[2008/01/20 22:22:59 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
[2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 928 bytes -> C:\Windows\System32:msnmsgr
< End of report >
Please help me fix this nasty virus, please let me know if I have to post more info. Thank you!