i run OTL locksearsh and Gmer here are the results ! anyone can help ! PLEASE
locksearch report
LockSearch by jpshortstuff (05.11.09.1)
Log created at 13:56 on 19/12/2009 (Administrator)
Scanning C:\
C:\pagefile.sys
-------------------------
C:\WINDOWS\system32\dllcache\ndis.sys
-------------------------
C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [558635D3AF1C7546D26067D5D9B6959E : 182912 bytes]
C:\WINDOWS\ServicePackFiles\i386\ndis.sys [1DF7F42665C94B825322FAE71721130D : 182656 bytes]
C:\WINDOWS\system32\dllcache\ndis.sys [Unable to get md5 : 212224 bytes]
C:\WINDOWS\system32\drivers\ndis.sys [663E5962C1C35C1959BDE1909B018B60 : 212224 bytes]
-=E.O.F=-
OTL REPORT
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.66% Memory free
3.85 Gb Paging File | 3.05 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 8.09 Gb Free Space | 41.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DELL-731B2B2D1E
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\WINDOWS\system32\LXSUPMON.EXE (Lexmark International Inc.)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\klg.dat (PC Tools)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bluetooth Hid Switch Service) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe (Cambridge Silicon Radio)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
========== Driver Services (SafeList) ==========
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (CAM1690) -- C:\WINDOWS\system32\drivers\cam1690.sys ()
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (BCOREUSB) -- C:\WINDOWS\system32\drivers\BCOREUSB.sys (CSR)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (UnlockerDriver4) -- C:\WINDOWS\system32\UnlockerDriver4.sys ()
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 1D 1A A8 C6 3F CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{64BDCDEC-805E-4D29-9247-2B7D520C1CC2}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{64BDCDEC-805E-4D29-9247-2B7D520C1CC2} [2009/10/21 17:35:45 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1312.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE (Lexmark International Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1199771896505 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/15 11:57:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9889236-380f-11de-974a-0016410a8f44}\Shell - "" = AutoRun
O33 - MountPoints2\{b9889236-380f-11de-974a-0016410a8f44}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9889236-380f-11de-974a-0016410a8f44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/15 06:28:17 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B630F5FD-5AD2-4489-B0D3-8DD887A2B632} - NoIE8Tour
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E7B85360-EC5F-489B-9917-CA9DE72E7C5B} - Yahoo! Search Settings Update
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{3aacfd20-9de1-4e94-868d-add15875ba27} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/12/19 13:53:53 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/19 13:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\New Folder
[2009/12/13 20:27:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/13 20:22:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/12/13 18:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SupportSoft
[2009/12/13 18:19:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/13 18:14:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/13 17:49:58 | 00,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2009/12/13 17:49:56 | 03,395,584 | ---- | C] (Dell Inc.) -- C:\WINDOWS\System32\BCMWLCPL.CPL
[2009/12/13 17:49:56 | 01,392,640 | ---- | C] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.EXE
[2009/12/13 17:49:56 | 00,253,952 | ---- | C] (Dell Inc.) -- C:\WINDOWS\System32\bcmwlu00.exe
[2009/12/13 17:49:56 | 00,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2009/12/13 17:49:56 | 00,044,032 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\wltrynt.dll
[2009/12/13 17:49:55 | 02,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2009/12/13 17:49:55 | 01,253,376 | ---- | C] (Dell Inc.) -- C:\WINDOWS\System32\BCMWLTRY.EXE
[2009/12/13 16:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth
[2009/12/13 16:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Toshiba
[2009/12/13 16:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/12/13 16:49:02 | 00,000,000 | ---D | C] -- C:\Program Files\BlueTooth
[2009/12/13 16:47:02 | 00,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2009/12/13 16:39:37 | 00,086,867 | R--- | C] (CSR) -- C:\WINDOWS\System32\drivers\BCOREUSB.sys
[2009/12/13 15:56:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DELL DRIVERS
[2009/12/13 15:33:16 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/13 15:32:58 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/13 15:32:57 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/13 15:32:51 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/13 15:32:49 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/13 15:32:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/13 15:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/13 15:32:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/13 15:29:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/13 15:29:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/13 15:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/13 15:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/13 14:08:26 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/13 14:08:19 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/13 14:08:19 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/13 14:08:12 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/13 14:08:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/13 14:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/13 14:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/13 14:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2009/12/13 14:06:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PC tools spyware doctor v6.01.44
[2009/12/13 11:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/13 11:02:30 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/12/13 11:02:30 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/12/13 11:02:30 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/12/13 11:02:30 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/13 11:02:30 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/12/13 11:02:30 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/13 11:02:30 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/13 11:02:30 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/13 11:02:30 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/12/13 11:02:30 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/13 11:02:30 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/13 09:59:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Autorun program
[2009/11/30 11:12:44 | 00,323,584 | ---- | C] (Dynasty) -- C:\Documents and Settings\Administrator\Application Data\googledownload.exe
[2009/11/26 06:34:52 | 34,101,504 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Application Data\sdsetup.exe
[2009/11/26 06:34:52 | 00,743,280 | ---- | C] (PC Tools) -- C:\Documents and Settings\Administrator\Application Data\PCTResetSD.exe
[2009/05/03 13:10:32 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2007/06/27 01:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/06/27 01:19:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/19 14:00:53 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD92B35C-0AD8-43A6-9FA5-47AAE55C1BD7}.job
[2009/12/19 13:52:22 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vxpf4vqk.exe
[2009/12/19 13:50:38 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/19 13:49:32 | 00,032,653 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe
[2009/12/19 13:46:13 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[2009/12/19 13:26:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/19 13:24:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/19 13:24:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 21:08:06 | 03,670,016 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/12/13 21:08:06 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/13 21:07:08 | 04,833,070 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/13 21:06:27 | 00,000,276 | ---- | M] () -- C:\WirelessDiagLog.csv
[2009/12/13 20:24:35 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 20:24:35 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 20:24:35 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 18:21:41 | 00,022,729 | ---- | M] () -- C:\newkey
[2009/12/13 18:21:41 | 00,022,729 | ---- | M] () -- C:\newfile.enc
[2009/12/13 18:10:07 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/12/13 18:10:07 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\AegisP.sys
[2009/12/13 18:10:07 | 00,013,984 | ---- | M] () -- C:\WINDOWS\AegisP.inf
[2009/12/13 18:10:07 | 00,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
[2009/12/13 18:10:06 | 00,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2009/12/13 17:19:00 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_XPS_MP061 .MRK
[2009/12/13 17:19:00 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_MP061 .MRK
[2009/12/13 17:07:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\tosOBEX.INI
[2009/12/13 16:53:39 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/12/13 15:32:58 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/13 15:32:58 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/13 15:32:57 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/13 15:32:51 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/13 15:32:49 | 46,570,310 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/13 15:32:49 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/13 15:32:49 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/13 15:32:44 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/13 15:32:44 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/13 15:32:44 | 00,123,708 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/13 15:22:44 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\HRUhrjj.cab
[2009/12/13 14:08:15 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/13 12:07:01 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Arugimibahukurub.dat
[2009/12/13 12:03:29 | 00,003,200 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/13 09:34:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Wtodikis.bin
[2009/12/13 09:33:54 | 00,001,048 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2009/12/10 18:35:24 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/10 12:52:15 | 00,212,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/11/30 11:12:44 | 00,323,584 | ---- | M] (Dynasty) -- C:\Documents and Settings\Administrator\Application Data\googledownload.exe
[2009/11/29 14:20:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/26 06:34:52 | 34,101,504 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Application Data\sdsetup.exe
[2009/11/26 06:34:52 | 00,743,280 | ---- | M] (PC Tools) -- C:\Documents and Settings\Administrator\Application Data\PCTResetSD.exe
[2009/11/19 21:10:34 | 00,000,267 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\NHYbnII.cab
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/19 13:54:00 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vxpf4vqk.exe
[2009/12/19 13:53:50 | 00,032,653 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe
[2009/12/19 13:46:12 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[2009/12/19 13:25:14 | 00,150,617 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.log
[2009/12/13 20:59:36 | 00,000,276 | ---- | C] () -- C:\WirelessDiagLog.csv
[2009/12/13 18:21:41 | 00,022,729 | ---- | C] () -- C:\newkey
[2009/12/13 18:21:41 | 00,022,729 | ---- | C] () -- C:\newfile.enc
[2009/12/13 17:49:56 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/13 17:49:55 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/13 17:49:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/12/13 17:07:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/12/13 16:48:50 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/12/13 16:16:07 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2009/12/13 15:32:58 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/13 15:32:49 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/13 15:32:44 | 46,570,310 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/13 15:32:44 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/13 15:32:44 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/13 15:32:44 | 00,123,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/13 14:08:15 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/13 11:03:29 | 00,003,200 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/13 11:02:30 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/13 11:02:30 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/12/13 11:02:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/12/12 11:57:22 | 03,670,016 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/11/07 15:04:16 | 00,000,267 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\NHYbnII.cab
[2009/11/07 15:04:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HRUhrjj.cab
[2009/11/02 09:26:58 | 00,000,089 | ---- | C] () -- C:\WINDOWS\okexusum.dll
[2009/11/02 09:17:08 | 00,000,089 | ---- | C] () -- C:\WINDOWS\owikugiyelovawub.dll
[2009/11/02 07:30:17 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ufehawagurinazob.dll
[2009/11/02 05:58:42 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ebofojufane.dll
[2009/11/02 03:56:42 | 00,000,089 | ---- | C] () -- C:\WINDOWS\omezucow.dll
[2009/11/02 01:54:42 | 00,000,089 | ---- | C] () -- C:\WINDOWS\asabocukali.dll
[2009/11/01 23:52:42 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ewusujoxu.dll
[2009/11/01 21:50:56 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ulejohap.dll
[2009/11/01 19:49:07 | 00,000,089 | ---- | C] () -- C:\WINDOWS\unefehocozisij.dll
[2009/11/01 17:46:42 | 00,000,089 | ---- | C] () -- C:\WINDOWS\osizuqujarow.dll
[2009/10/29 19:40:12 | 00,006,675 | ---- | C] () -- C:\WINDOWS\evadilawetidalu.dll
[2009/10/27 06:03:39 | 00,001,210 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\jdhfgyg.cab
[2009/10/27 06:03:39 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\cnbrtiu.cab
[2009/10/27 06:00:46 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bnfjvkmn.cab
[2009/10/16 05:16:25 | 00,013,886 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bacybowic.ban
[2009/10/15 07:23:56 | 00,019,404 | ---- | C] () -- C:\Program Files\Common Files\iweza.dll
[2009/10/15 07:23:56 | 00,018,362 | ---- | C] () -- C:\Program Files\Common Files\qohoxyr._sy
[2009/10/15 07:23:56 | 00,017,371 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\sudelebuxi.exe
[2009/10/15 07:23:56 | 00,016,481 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dile.db
[2009/10/15 07:23:56 | 00,016,397 | ---- | C] () -- C:\WINDOWS\isejawe.dll
[2009/10/15 07:23:56 | 00,015,428 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qemeciki._sy
[2009/10/15 07:23:56 | 00,015,025 | ---- | C] () -- C:\Program Files\Common Files\tadizi.dat
[2009/10/15 07:23:56 | 00,015,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bujiv.bin
[2009/10/15 07:23:56 | 00,013,700 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\luwy.scr
[2009/10/15 07:23:56 | 00,013,209 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fabef._sy
[2009/10/15 07:23:56 | 00,013,153 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\duge.vbs
[2009/10/15 07:23:56 | 00,012,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\gybanyr.scr
[2009/10/15 07:23:56 | 00,012,034 | ---- | C] () -- C:\WINDOWS\itoxefapi.dll
[2009/10/15 07:23:56 | 00,011,245 | ---- | C] () -- C:\Program Files\Common Files\duhefevo.dl
[2009/10/15 07:20:38 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\iniasd.txt
[2009/10/15 07:20:37 | 00,000,076 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wiaservg.log
[2009/10/15 07:10:22 | 00,001,201 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\cdbegchr.cab
[2009/10/15 07:10:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bcqyueio.cab
[2009/05/17 07:57:13 | 00,008,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/03 13:10:37 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/05/03 13:10:32 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009/05/03 13:10:32 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/05/03 13:10:32 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/01/08 15:45:07 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/27 13:12:54 | 00,034,456 | ---- | C] () -- C:\WINDOWS\cam1690c.ini
[2007/11/26 19:33:04 | 00,065,991 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007/11/21 16:37:06 | 00,181,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2007/11/15 16:04:06 | 00,065,673 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007/11/15 12:33:33 | 02,908,160 | ---- | C] () -- C:\WINDOWS\System32\nvvitvs.dll
[2007/11/15 12:33:28 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\nvexpbar.dll
[2007/11/15 12:33:23 | 00,950,272 | ---- | C] () -- C:\WINDOWS\System32\nvcpluir.dll
[2007/11/15 12:33:19 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/11/15 11:50:37 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2007/11/15 11:50:37 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\ContextMenuExt.dll
[2007/11/15 11:50:35 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\UnlockerDriver4.sys
[2007/10/18 10:06:42 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007/08/29 14:40:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll
[2007/06/27 14:30:14 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/09/01 21:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/12/31 07:00:00 | 00,212,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
========== LOP Check ==========
[2009/12/13 09:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
[2009/05/03 13:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/12/13 15:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/13 20:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/12/13 18:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/19 13:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/19 14:00:53 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD92B35C-0AD8-43A6-9FA5-47AAE55C1BD7}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< c:\$recycle.bin\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-08-30 07:00:33
< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/12/31 07:00:00 | 00,095,616 | ---- | M] (Microsoft Corporation) MD5=F0B864105F8B82E7E9D415B73B8A9466 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2002/12/31 07:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: BEEP.SYS >
[2002/12/31 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002/12/31 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2002/12/31 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=98D45EFDDD1A67F90353BE8D28ED72DB -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2002/12/31 07:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2002/12/31 07:00:00 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2007/04/16 10:52:53 | 00,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 08:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2002/12/31 07:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2002/12/31 07:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2009/12/10 12:52:15 | 00,212,224 | ---- | M] () MD5=663E5962C1C35C1959BDE1909B018B60 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2002/12/31 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2002/12/31 07:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=2490B30D416A96AC96603D7844CA5C0F -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2002/12/31 07:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
< MD5 for: PROQUOTA.EXE >
[2002/12/31 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
< MD5 for: QMGR.DLL >
[2002/12/31 07:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: SCECLI.DLL >
[2002/12/31 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SFCFILES.DLL >
[2002/12/31 07:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
< MD5 for: SPOOLSV.EXE >
[2002/12/31 07:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2002/12/31 07:00:00 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=902CF9595F640E53F33C0F1637F464F9 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2002/12/31 07:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TERMSRV.DLL >
[2002/12/31 07:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=972063211CB1CE503E7CB0AE48955145 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll
< MD5 for: USERINIT.EXE >
[2002/12/31 07:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2002/12/31 07:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2002/12/31 07:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
GMER report
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-19 15:03:24
Windows 5.1.2600 Service Pack 3
Running: vxpf4vqk.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfpoyaog.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF745D514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF744C282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF744C474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745DD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745DFB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF745C3FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745E422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745D7D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF744BF32]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016410a8f44
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016410a8f44 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Sign In
Create Account
