Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I think I have something called a vundo [Solved]

Started by twonil , Feb 11 2010 02:49 PM

This topic is locked

#16
twonil

Posted 16 February 2010 - 02:22 PM

Member

Topic Starter
Member
92 posts

ComboFix 10-02-12.01 - Owner 16/02/2010 20:07:44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2694 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-14 11:20 . 2010-02-14 11:20 -------- d-----w- c:\program files\ERUNT
2010-02-09 11:10 . 2010-02-09 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-08 20:52 . 2010-02-08 20:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-02-08 20:46 . 2010-02-08 20:46 -------- d-----w- C:\ATI
2010-02-08 20:25 . 2009-12-14 12:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-08 20:25 . 2010-02-08 20:25 -------- d-----w- C:\Intel
2010-02-08 19:57 . 2010-02-08 19:58 -------- d-----w- c:\program files\Driver Genius
2010-02-08 19:27 . 2010-02-16 20:02 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
2010-02-08 19:27 . 2010-02-16 20:02 288 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
2010-02-08 18:26 . 2010-02-08 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-08 18:26 . 2010-02-08 18:26 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI
2010-02-08 17:59 . 2010-02-08 17:59 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ATI
2010-02-08 17:53 . 2010-02-08 17:53 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-08 15:18 . 2009-09-29 21:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-08 14:40 . 2010-02-08 14:40 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-08 14:40 . 2010-02-08 14:40 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-08 14:40 . 2009-09-30 01:26 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-08 14:40 . 2010-02-08 14:40 189051 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-08 14:40 . 2009-09-30 02:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-08 14:40 . 2009-09-30 02:08 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-08 14:40 . 2009-09-30 01:30 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-08 14:40 . 2009-09-30 01:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-08 14:39 . 2009-09-30 01:26 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-08 14:39 . 2010-02-08 14:39 118784 ----a-w- c:\windows\system32\atibrtmon.exe
2010-02-08 14:39 . 2009-09-30 01:28 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-08 14:39 . 2009-09-30 01:27 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-08 14:39 . 2009-09-30 01:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-08 14:39 . 2009-09-30 01:34 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-08 14:34 . 2010-02-08 14:34 28272 ----a-w- c:\windows\system32\NicCo2.dll
2010-02-04 20:26 . 2010-02-04 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-04 20:26 . 2010-02-04 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-04 11:17 . 2010-02-04 11:17 -------- d-----w- c:\program files\CCleaner
2010-02-03 12:06 . 2010-02-16 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-02-02 20:39 . 2009-09-02 21:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-02-02 20:39 . 2009-09-02 21:58 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-02-02 20:39 . 2009-09-02 21:58 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-02-02 20:39 . 2009-09-02 21:58 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-02-02 20:39 . 2009-09-02 21:58 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-02-02 20:39 . 2009-09-02 21:58 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-02-02 20:39 . 2009-09-02 21:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-28 18:09 . 2010-01-28 18:09 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-01-28 17:52 . 2010-01-28 17:52 734328 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-01-28 17:52 . 2010-01-28 17:52 518264 ----a-w- c:\windows\system32\accesor.dll
2010-01-28 17:32 . 2010-01-28 17:32 128120 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-01-28 17:16 . 2010-01-28 17:16 1718904 ----a-w- c:\windows\system32\ncscolib.dll
2010-01-24 15:34 . 2010-01-24 15:34 -------- d-----w- c:\program files\uTorrent
2010-01-24 15:30 . 2010-02-16 19:43 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-01-24 15:17 . 2010-01-24 15:30 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent(2)
2010-01-24 13:19 . 2010-01-24 13:19 -------- d-----w- c:\program files\Common Files\Java
2010-01-24 13:19 . 2010-01-24 13:19 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62482393-n\msvcr71.dll
2010-01-24 13:19 . 2010-01-24 13:19 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17004837-n\decora-sse.dll
2010-01-24 13:19 . 2010-01-24 13:19 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62482393-n\msvcp71.dll
2010-01-24 13:19 . 2010-01-24 13:19 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62482393-n\jmc.dll
2010-01-24 13:19 . 2010-01-24 13:19 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17004837-n\decora-d3d.dll
2010-01-23 18:15 . 2010-01-23 18:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nova Development
2010-01-23 18:14 . 2010-01-23 18:14 -------- d-----w- c:\program files\Common Files\Nova Development
2010-01-23 18:12 . 2010-01-23 18:12 -------- d-----w- c:\program files\Nova Development

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 20:02 . 2009-12-15 18:48 598048 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-16 20:02 . 2009-12-15 18:48 3124 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-16 20:02 . 2009-12-15 18:48 2738208 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-16 20:02 . 2009-12-15 18:48 23520 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-16 17:36 . 2009-12-15 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-16 15:00 . 2009-05-18 13:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 20:29 . 2009-04-23 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-14 13:02 . 2009-04-16 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-02-08 20:57 . 2009-06-10 14:54 -------- d-----w- c:\program files\ATI Technologies
2010-02-08 20:45 . 2009-04-13 21:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 20:28 . 2009-06-10 13:38 -------- d-----w- c:\program files\Intel
2010-02-04 20:30 . 2009-10-20 10:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-04 20:26 . 2009-10-26 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-03 11:54 . 2009-04-16 17:08 -------- d-----w- c:\program files\VideoLAN
2010-02-03 11:24 . 2009-08-01 05:31 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-02-02 20:39 . 2009-04-16 15:58 -------- d-----w- c:\program files\VSO
2010-02-02 15:48 . 2008-01-29 18:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2010-02-02 15:48 . 2009-12-15 19:05 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2010-02-02 15:48 . 2009-12-15 18:49 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-02 15:48 . 2009-12-15 18:49 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-02 15:48 . 2009-12-15 19:05 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2010-02-02 15:48 . 2009-12-15 19:05 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2010-01-27 13:52 . 2009-04-13 21:27 256712 ----a-w- c:\windows\system32\Prounstl.exe
2010-01-25 19:25 . 2009-10-17 10:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-25 11:12 . 2009-06-03 16:28 -------- d-----w- c:\program files\Ableton
2010-01-24 21:09 . 2009-04-13 21:24 66184 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-24 17:23 . 2009-05-19 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2010-01-23 18:11 . 2009-05-12 16:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 11:54 . 2009-08-12 20:21 -------- d-----w- c:\program files\Nokia
2010-01-21 19:09 . 2009-05-31 16:59 -------- d-----w- c:\program files\DIFX
2010-01-21 19:06 . 2009-06-01 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-01-14 11:34 . 2010-01-14 11:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2010-01-12 16:24 . 2010-01-12 16:24 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2010-01-10 12:43 . 2010-01-10 12:43 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-10 12:43 . 2009-12-15 18:35 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-10 12:43 . 2009-12-15 18:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-09 16:13 . 2009-12-20 20:48 -------- d-----w- c:\program files\Auslogics
2010-01-07 16:43 . 2009-04-13 21:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 16:43 . 2009-12-21 14:02 -------- d-----w- c:\program files\Steinberg
2010-01-05 14:37 . 2009-05-02 13:58 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2010-01-04 09:14 . 2010-01-04 09:14 116944 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 20:06 . 2009-12-20 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-20 14:55 . 2009-12-16 10:08 -------- d-----w- c:\program files\SpywareBlaster
2009-12-19 11:18 . 2009-12-21 14:03 2395648 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2009-12-17 17:14 . 2009-05-12 18:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 19:05 . 2009-12-15 19:05 21256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-12-15 19:05 . 2009-12-15 19:05 83208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-12-15 19:05 . 2009-12-15 19:05 62728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-12-15 19:05 . 2009-12-15 19:05 43784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-12-15 19:05 . 2009-12-15 19:05 365832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-12-15 19:05 . 2009-12-15 19:05 201992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-12-15 18:34 . 2009-12-15 18:34 65024 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-12-15 18:34 . 2009-12-15 18:34 5120 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2009-12-15 18:34 . 2009-12-15 18:34 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2006-02-28 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-02-28 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-02-28 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-24 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-12-15 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 22:27 110592 ----a-w- c:\windows\system32\ctasio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-07-13 20:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 22:45 28672 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-06-12 13:32 700416 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX410 Series]
2008-10-02 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFCE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
2003-08-28 10:47 396800 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 22:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-10 12:43 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
2007-10-12 08:33 202016 ----a-w- c:\program files\TalkTalk\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-24 13:14 289584 ----a-w- c:\documents and settings\Owner\Desktop\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
2010-01-24 13:14 289584 ----a-w- c:\documents and settings\Owner\Desktop\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"wwEngineSvc"=2 (0x2)
"tgsrvc_TalkTalk"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"sprtsvc_TalkTalk"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TeamViewer4"=2 (0x2)
"ServiceLayer"=3 (0x3)
"O&O Defrag"=2 (0x2)
"idsvc"=3 (0x3)
"GatewayAgentService"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ATI Smart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56538:TCP"= 56538:TCP:torrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 6:29 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [12/05/2009 6:16 PM 47640]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 8:07 PM 24592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/05/2009 7:14 PM 721904]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [09/07/2009 12:19 PM 16512]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 8:33 AM 202016]
S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 1:42 PM 148768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = 192.168.1.8:52125
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zufy3nyl.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B910B9687667CC179C2EE92B7940E51996025048BDEB91CD0A51E7FE862FCDD1DE990C389E0D796A1955B0E1D5453961BC526DD54BFC23F4858
952CE0A5D4554E39D936D7A58EEB0D8567EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E
127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC79330EF95813F23459CF07E8EFD5ECD1CCACF39609A32A570F5
A48CEC497D62D8F12C51075CB7CBC09B778FBD6A70AC50555D212DDFD7A836F5D57BB0D82F91BB84948A8E4842BEA85FEF27CD983F3157407044D6190
5968F09B6E688AF972171079E3F72A4FE3B48C8F57EB15B3EC10C1F2173369F60C58BEA6F04EEA90278CECB96CA56C564B44BEA9893CC893FEC1749CA
0A771651CD76CEAC45C836E419F897936CDF7D54F789FDEEFD8DA16F5E27A5A3A0015A1D61FF0A3D1F5C950AF2385791D013D9D1C649716771F54C0E0
E4A559008698064C99A76086735982252365D001C25012A7CDF1890EDDE0AB15E92C9A1279DF01D2E8CC87D41FEEE8965B8FE7420B67AA27B0E14A295
CD2052AC9A5EF9489761382E18451B236707C3FBE507CC946DF7516B9F9B83F529D0D7C11118032DF89D4B90C53CA98ED63479B7156210054B911B54C
348C4DED5B1BACFD4F4A1692EA6F1824A5D3856CF3696FCDB5BBD509183285FDEAD0D1CD48161E84A49B71B290A1049A49237A4DEE954060E4853C2D4
322CF1BDE64D089C57CF8CB3C99F8C014BDA61570BFFC1EC792586CBF0DA97A273B9D2135F9D12A585FA9B0A2BA64B3B3A86CEB3086976316BB456605
321BA453EFBF43F617602B2A63E0C249CA71F4D15F87A905A9D69494815A775AAD0C4CFBC248668E978CFD8543114385E9DF62736D6B91CCABCB9AA26
62DFD4486820CF8CC0EA6CE2AE8875DCA74AB118C75CDC2F6D21649E70F56C181970BB01C81ED46BAAD5269520F22465C85A609F8FA7E8D30B9E02109
B69A9A7EB8646C9E17F2044B85EA79E5999978EC0615EE4CBBAD4766E24D5F90632DF59CF083AD96508FF5553828F80FA7AE52057908A7F5890983F45
16D72D3B34A45AE68160ADABEAA833EADF3CACEDC18534327497DB9B733FCCFCF852B7BD0A11A1D877C7D1BFAA0B984906D3175E2FB20D71CD31EAE20
4292FC6B8D410361D3AA61FD4EE5581FC2C637D0E6D52B62FA830828D699429E3FC49674B14FBD94F9528CBDD2096949D3007A20E5C46A0E23682EDFB
5E53215A9BA4B0152D2CD9B1E90417B0A8DF69C8B5C88F6A6ED8117FAE0379A085D146772BD5C69852F2DAC4088B533A27EFD3F17F82B1195A693B5FA
A123751ABB4EFD003C214B92A9280152003721054BD1DC9515C36B582619A6110309D069241DC5ACC5038776ED6056BBE2234948C818A21B14C64B"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-02-16 20:17:01
ComboFix-quarantined-files.txt 2010-02-16 20:16
ComboFix2.txt 2010-02-15 11:28

Pre-Run: 65,350,356,992 bytes free
Post-Run: 65,297,690,624 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C43F2F28CCF2D6F466DC7CEE74B712B4

#17
hammerman

Posted 16 February 2010 - 02:26 PM

Member 4k

Member
4,183 posts

Hi,

Can you give me an update on the problems you are having.

#18
twonil

Posted 17 February 2010 - 04:29 AM

Member

Topic Starter
Member
92 posts

Firefox caining my CPU usage, 79% of it, Internet pages not loading but they say 'done' in the bottom right hand corner, really slow computer, takes a while to do things, takes absolutely ages to shut down

Edited by twonil, 17 February 2010 - 06:57 AM.

#19
hammerman

Posted 17 February 2010 - 07:53 AM

Member 4k

Member
4,183 posts

Hi,

Do you have the same problems with Internet Explorer?

#20
twonil

Posted 17 February 2010 - 08:10 AM

Member

Topic Starter
Member
92 posts

I only have firefox installed because IE was just as bad as FF

#21
hammerman

Posted 17 February 2010 - 01:53 PM

Member 4k

Member
4,183 posts

Hi,

Do you recognise the file s7752788.exe on your desktop?

Please follow these steps.

-- Step 1 --

Please run a Malwarebytes quick scan and post the log. You can skip the update.

-- Step 2 --

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

-- Step 3 --

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

#22
twonil

Posted 17 February 2010 - 02:41 PM

Member

Topic Starter
Member
92 posts

Heres the mbam log

Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/02/2010 8:36:48 PM
mbam-log-2010-02-17 (20-36-48).txt

Scan type: Quick Scan
Objects scanned: 130621
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#23
twonil

Posted 18 February 2010 - 05:46 AM

Member

Topic Starter
Member
92 posts

Heres the AZ4 zip files

Attached Files

virusinfo_syscure.zip 152.05KB 138 downloads
virusinfo_syscheck.zip 152.54KB 141 downloads

#24
twonil

Posted 18 February 2010 - 06:40 AM

Member

Topic Starter
Member
92 posts

I was having a problem with sysprot but its sorted now

Edited by twonil, 18 February 2010 - 07:28 AM.

#25
twonil

Posted 18 February 2010 - 07:29 AM

Member

Topic Starter
Member
92 posts

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1420
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1656
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 488
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 724
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\scardsvr.exe
PID: 1696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1492
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 1480
Hidden: No
Window Visible: No

Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PID: 1720
Hidden: No
Window Visible: No

Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PID: 1752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\MsPMSPSv.exe
PID: 568
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Owner\Desktop\SysProt\SysProt.exe
PID: 2532
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Owner\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AF356000
Module End: AF361000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806ED780
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7987000
Module End: F7989000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7897000
Module End: F789A000
Hidden: No

Module Name: spsn.sys
Service Name: ---
Module Base: F74D5000
Module End: F75D6000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7989000
Module End: F798B000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F74BD000
Module End: F74D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F748F000
Module End: F74BD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F747E000
Module End: F748F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F75F7000
Module End: F7607000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7607000
Module End: F7615000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7617000
Module End: F7621000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A4F000
Module End: F7A50000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7707000
Module End: F770E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F798B000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7627000
Module End: F7632000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7858000
Module End: F7877000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F770F000
Module End: F7714000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7637000
Module End: F7644000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F7840000
Module End: F7858000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7647000
Module End: F7650000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7657000
Module End: F7664000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: BA7E0000
Module End: BA800000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: BA7CE000
Module End: BA7E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\klbg.sys
Service Name: klbg
Module Base: F7667000
Module End: F7672000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7677000
Module End: F7681000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: BA717000
Module End: BA72E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: BA704000
Module End: BA717000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: BA677000
Module End: BA704000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: BA64A000
Module End: BA677000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: BA630000
Module End: BA64A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kl1.sys
Service Name: kl1
Module Base: BA613000
Module End: BA630000
Hidden: No

Module Name: \WINDOWS\system32\drivers\TDI.SYS
Service Name: ---
Module Base: F7717000
Module End: F771C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: BA72E000
Module End: BA73E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7697000
Module End: F76A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: BA1C8000
Module End: BA57E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: BA1B4000
Module End: BA1C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F77E7000
Module End: F77ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: BA190000
Module End: BA1B4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\klfltdev.sys
Service Name: KLFLTDEV
Module Base: F76B7000
Module End: F76C0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F77F7000
Module End: F77FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ctaud2k.sys
Service Name: ctaud2k
Module Base: BA120000
Module End: BA190000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: BA0FC000
Module End: BA120000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F76C7000
Module End: F76D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: BA0D9000
Module End: BA0FC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ctoss2k.sys
Service Name: ossrv
Module Base: BA0AE000
Module End: BA0D9000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Service Name: ctprxy2k
Module Base: F79AB000
Module End: F79AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\IntelC53.sys
Service Name: IntelC53
Module Base: F76D7000
Module End: F76E6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\IntelC51.sys
Service Name: IntelC51
Module Base: B9F87000
Module End: BA0AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\IntelC52.sys
Service Name: IntelC52
Module Base: B9EF2000
Module End: B9F87000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mohfilt.sys
Service Name: mohfilt
Module Base: F7807000
Module End: F780D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7817000
Module End: F781F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: B9ECB000
Module End: B9EF2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B9EB7000
Module End: B9ECB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F76E7000
Module End: F76F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: BA5AA000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Asapiw2k.sys
Service Name: AsapiW2K
Module Base: F7737000
Module End: F773F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F76F7000
Module End: F7707000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F746E000
Module End: F747D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F745E000
Module End: F7469000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\klim5.sys
Service Name: klim5
Module Base: F7747000
Module End: F774F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7A9E000
Module End: F7A9F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F744E000
Module End: F745B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F791F000
Module End: F7922000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B9DD8000
Module End: B9DEF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F743E000
Module End: F7449000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F742E000
Module End: F743A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B9DC7000
Module End: B9DD8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F741E000
Module End: F7427000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F775F000
Module End: F7764000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7767000
Module End: F776C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\pcouffin.sys
Service Name: pcouffin
Module Base: F740E000
Module End: F741A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7887000
Module End: F7891000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F776F000
Module End: F7775000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7777000
Module End: F777D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79B1000
Module End: F79B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B9D69000
Module End: B9DC7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7933000
Module End: F7937000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BA7AE000
Module End: BA7B8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA79E000
Module End: BA7AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79B7000
Module End: F79B9000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ha10kx2k.sys
Service Name: ha10kx2k
Module Base: B1B72000
Module End: B1C2F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\emupia2k.sys
Service Name: emupia
Module Base: B1B57000
Module End: B1B72000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: B1B38000
Module End: B1B57000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ctac32k.sys
Service Name: ctac32k
Module Base: B1B18000
Module End: B1B38000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\hap16v2k.sys
Service Name: hap16v2k
Module Base: B1AF8000
Module End: B1B18000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: B9EB3000
Module End: B9EB7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F778F000
Module End: F7794000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\klif.sys
Service Name: KLIF
Module Base: B1A98000
Module End: B1AD0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F79BD000
Module End: F79BF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA582000
Module End: BA583000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79C1000
Module End: F79C3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F77AF000
Module End: F77B6000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77B7000
Module End: F77BD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79C5000
Module End: F79C7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F79C7000
Module End: F79C9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77C7000
Module End: F77CC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77D7000
Module End: F77DF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: BA5A6000
Module End: BA5A9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: B1A65000
Module End: B1A78000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: B19E4000
Module End: B1A3D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B1C47000
Module End: B1C4A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: BA73E000
Module End: BA747000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: B19BC000
Module End: B19E4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: B1996000
Module End: B19BC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F76A7000
Module End: F76B0000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: B1974000
Module End: B1996000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: B9E7F000
Module End: B9E8E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: B9E6F000
Module End: B9E78000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: B194F000
Module End: B1974000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F7757000
Module End: F775D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: B1924000
Module End: B194F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: B18B4000
Module End: B1924000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: B9E5F000
Module End: B9E6A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: B9D59000
Module End: B9D61000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: B9D41000
Module End: B9D48000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B1AF0000
Module End: B1AF3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B1AEC000
Module End: B1AF0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: B9E1F000
Module End: B9E2F000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B1874000
Module End: B188C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79E5000
Module End: F79E7000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B9E9F000
Module End: B9EA2000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F777F000
Module End: F7784000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7AA8000
Module End: F7AA9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: AF3EE000
Module End: AF412000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AF510000
Module End: AF514000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AED00000
Module End: AED15000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: BA75E000
Module End: BA76D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: AEC5D000
Module End: AEC8A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F79A9000
Module End: F79AB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: AEB54000
Module End: AEB95000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Service Name: LMIRfsDriver
Module Base: AF482000
Module End: AF48C000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\PfModNT.sys
Service Name: PfModNT
Module Base: AEC8A000
Module End: AEC8E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: AE96D000
Module End: AE9C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: AE41A000
Module End: AE445000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F781F000
Module End: F7826000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: B1AA6A72
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwClose
Address: B1AA701E
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwConnectPort
Address: B1AA8A82
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateFile
Address: B1AA8438
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateKey
Address: B1AA61E8
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateSymbolicLinkObject
Address: B1AAA3E4
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwCreateThread
Address: B1AA6E1A
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDeleteKey
Address: B1AA662A
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDeleteValueKey
Address: B1AA682A
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDeviceIoControlFile
Address: B1AA8744
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwDuplicateObject
Address: B1AAA8F0
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwEnumerateKey
Address: B1AA6940
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwEnumerateValueKey
Address: B1AA69A8
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwFsControlFile
Address: B1AA85FA
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwLoadDriver
Address: B1AA9EA8
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenFile
Address: B1AA8294
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenKey
Address: B1AA634A
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenProcess
Address: B1AA6C40
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenSection
Address: B1AAA40E
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwOpenThread
Address: B1AA6B96
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueryKey
Address: B1AA6A10
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueryMultipleValueKey
Address: B1AA6714
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueryValueKey
Address: B1AA64F2
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwQueueApcThread
Address: B1AAA110
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwReplaceKey
Address: B1AA5E6A
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwRequestWaitReplyPort
Address: B1AA930C
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwRestoreKey
Address: B1AA5FCC
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwResumeThread
Address: B1AAA7C0
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSaveKey
Address: B1AA5C68
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSecureConnectPort
Address: B1AA8924
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetContextThread
Address: B1AA6F18
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetSecurityObject
Address: B1AA9FA2
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetSystemInformation
Address: B1AAA438
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSetValueKey
Address: B1AA63A0
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSuspendProcess
Address: B1AAA51C
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSuspendThread
Address: B1AAA648
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwSystemDebugControl
Address: B1AA9DD4
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwTerminateProcess
Address: B1AA6CEA
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

Function Name: ZwWriteVirtualMemory
Address: B1AA6D5C
Driver Base: B1A98000
Driver End: B1AD0000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F74D6000
Hooking Module: spsn.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A158500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8ACA5500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8ACA5500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8ACA5500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8ACA5500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8ACA5500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8ACA5500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AD981F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A32C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A32C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A32C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A32C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A32C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AC3D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8ACA4500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8ACA4500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8ACA4500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8ACA4500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8ACA4500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8ACA4500
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_CREATE
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_READ
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_WRITE
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_POWER
Jump To: F74DDE30
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F74F2514
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7519AEA
Hooking Module: spsn.sys

Hooked Module: \Driver\PCI_PNP0734
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7519AEA
Hooking Module: spsn.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: M-0228DAFE5AC54.520B.COM:1643
Remote Address: 92.122.217.138:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1639
Remote Address: 65.55.206.60:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1636
Remote Address: 62.24.179.41:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1582
Remote Address: 209.85.229.113:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1540
Remote Address: 207.46.124.190:1863
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1525
Remote Address: 216.239.59.105:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1519
Remote Address: 92.122.127.242:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1516
Remote Address: 69.63.189.39:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1495
Remote Address: 62.24.179.41:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:1082
Remote Address: 207.46.125.79:1863
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54.520B.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: M-0228DAFE5AC54:1641
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1637
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1634
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1580
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1538
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1523
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1517
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1514
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1493
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1631
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1626
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1625
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1622
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1286
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1241
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1110
Remote Address: LOCALHOST:1232
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1080
Remote Address: LOCALHOST:1110
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:1050
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: M-0228DAFE5AC54:1047
Remote Address: LOCALHOST:1046
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: M-0228DAFE5AC54:19780
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
State: LISTENING

Local Address: M-0228DAFE5AC54:1110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
State: LISTENING

Local Address: M-0228DAFE5AC54:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: M-0228DAFE5AC54:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: M-0228DAFE5AC54.520B.COM:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: M-0228DAFE5AC54.520B.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: M-0228DAFE5AC54.520B.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: M-0228DAFE5AC54:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: M-0228DAFE5AC54:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: M-0228DAFE5AC54:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: M-0228DAFE5AC54:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: G:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: G:\System Volume Information\tracking.log
Status: Access denied

Object: G:\System Volume Information\_restore{37FE5751-A2CD-47F9-9E0A-12A2F8B5EEE9}
Status: Access denied

#26
hammerman

Posted 18 February 2010 - 02:05 PM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps.

-- Step 1 --

Double click on AVZ.exe
Click File > Custom scripts

Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DelBHO('{E312764E-7706-43F1-8DAB-FCDD2B1E416D}');
ExecuteSysClean;
RebootWindows(true);
end.

Note: When you run the script, your PC will be restarted
Click Run
Restart your PC if it doesn't do it automatically.

-- Step 2 --

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 3 --

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#27
twonil

Posted 19 February 2010 - 04:55 AM

Member

Topic Starter
Member
92 posts

I dont have internet explorer on my computer, only firefox

Ive just installed IE and it wont even open :-(

Something seriously wrong with my pc, doing my head in trying to fix it

Edited by twonil, 19 February 2010 - 06:44 AM.

#28
hammerman

Posted 19 February 2010 - 07:45 AM

Member 4k

Member
4,183 posts

Hi,

Let's get some fresh logs.

Run OTL

When the window appears, underneath Output at the top change it to Minimal Output.
Select Use SafeList under Extra Registry
Under the Custom Scans/Fixes box paste this in the following.

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Next..

Run a GMER scan and post the log.

#29
twonil

Posted 19 February 2010 - 07:59 AM

Member

Topic Starter
Member
92 posts

Extras.TXT

OTL Extras logfile created on: 19/02/2010 1:45:21 PM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.60 Gb Total Space | 78.73 Gb Free Space | 55.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 5.91 Gb Free Space | 79.32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.86 Gb Total Space | 0.91 Gb Free Space | 48.66% Space Free | Partition Type: FAT32

Computer Name: M-0228DAFE5AC54
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56538:TCP" = 56538:TCP:*:Enabled:torrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" = C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0BBBA9A9-02E8-467D-BE57-4797A50F7861}" = Intel® Network Connections
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Activision®
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C5C66EEE-7A05-4B11-A0B9-524F917BCE25}" = Sony Sound Forge Audio Studio 9.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ASAPI Update" = ASAPI Update
"ATI Display Driver" = ATI Display Driver
"AudioHQ" = Creative AudioHQ
"CCleaner" = CCleaner
"Creative Restore Defaults" = Creative Restore Defaults
"Creative Surround Mixer 2" = Creative Surround Mixer
"Creative WaveStudio" = Creative WaveStudio
"Diagnostics_Audigy2" = Creative Diagnostics
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition v9.0.0.186
"EAX" = EAX Console
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"ffdshow" = ffdshow (remove only)
"ie8" = Windows Internet Explorer 8
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Live 7.0.3" = Live 7.0.3
"MediaSource DVD-Audio Player" = MediaSource DVD-Audio Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixed In Key" = Mixed In Key 2.5
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Revo Uninstaller" = Revo Uninstaller 1.85
"SB Audigy 2 Getting Started Demo" = Getting Started Demo
"SFBM" = SoundFont Bank Manager
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 3.00
"SPEAKER" = Creative Speaker Settings
"SPKR_CALIBRATOR" = Creative Speaker Calibrator
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SumatraPDF" = Sumatra PDF reader
"SURMIXER" = Creative Surround Mixer
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMend Registry Cleaner_is1" = WinMend Registry Cleaner 1.5.4
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2010 12:25:38 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application kxsetup.exe, version 5.10.0.3550, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/02/2010 12:25:41 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application kxsetup.exe, version 5.10.0.3550, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/02/2010 4:23:34 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/02/2010 4:58:42 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/02/2010 4:58:50 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 12/02/2010 3:59:28 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 14/02/2010 9:18:13 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/02/2010 9:18:19 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/02/2010 7:42:46 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18/02/2010 8:04:27 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ DriverScanne Events ]
Error - 08/02/2010 12:25:38 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 08/02/2010 12:25:41 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 11/02/2010 4:23:34 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 11/02/2010 4:58:42 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 11/02/2010 4:58:50 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1001
Description =

Error - 12/02/2010 3:59:28 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 14/02/2010 9:18:13 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 14/02/2010 9:18:19 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 18/02/2010 7:42:46 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 18/02/2010 8:04:27 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

[ DriverScanne Events ]
Error - 08/02/2010 12:25:38 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 08/02/2010 12:25:41 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 11/02/2010 4:23:34 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 11/02/2010 4:58:42 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 11/02/2010 4:58:50 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1001
Description =

Error - 12/02/2010 3:59:28 PM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 14/02/2010 9:18:13 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 14/02/2010 9:18:19 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 18/02/2010 7:42:46 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

Error - 18/02/2010 8:04:27 AM | Computer Name = M-0228DAFE5AC54 | Source = Application Hang | ID = 1002
Description =

[ System Events ]
Error - 18/02/2010 6:46:18 AM | Computer Name = M-0228DAFE5AC54 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0011118518B9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/02/2010 6:46:41 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 18/02/2010 7:24:22 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 18/02/2010 8:48:18 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 19/02/2010 5:45:19 AM | Computer Name = M-0228DAFE5AC54 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0011118518B9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/02/2010 5:46:38 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 19/02/2010 6:55:58 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 19/02/2010 8:21:03 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 19/02/2010 8:25:39 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 19/02/2010 9:47:08 AM | Computer Name = M-0228DAFE5AC54 | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

< End of report >

#30
twonil

Posted 19 February 2010 - 08:00 AM

Member

Topic Starter
Member
92 posts

OTL logfile created on: 19/02/2010 1:45:21 PM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.60 Gb Total Space | 78.73 Gb Free Space | 55.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 5.91 Gb Free Space | 79.32% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.86 Gb Total Space | 0.91 Gb Free Space | 48.66% Space Free | Partition Type: FAT32

Computer Name: M-0228DAFE5AC54
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)

========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\WINDOWS\system32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\ctsblfx.dll (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\ctaudfx.dll (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\commonfx.dll (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (AsapiW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.8:52125

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.facebook.com"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 13:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 13:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2010/02/02 15:37:39 | 000,000,000 | ---D | M]

[2010/02/11 20:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/17 14:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zufy3nyl.default\extensions
[2010/02/11 20:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/15 12:31:56 | 000,377,740 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13042 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 70 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/13 21:37:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "ose"
MsConfig - Services: "wwEngineSvc"
MsConfig - Services: "tgsrvc_TalkTalk"
MsConfig - Services: "SupportSoft RemoteAssist"
MsConfig - Services: "sprtsvc_TalkTalk"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "TeamViewer4"
MsConfig - Services: "ServiceLayer"
MsConfig - Services: "O&O Defrag"
MsConfig - Services: "idsvc"
MsConfig - Services: "GatewayAgentService"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "ATI Smart"
MsConfig - StartUpReg: AsioReg - hkey= - key= - File not found
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: CTDVDDet - hkey= - key= - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTHelper - hkey= - key= - File not found
MsConfig - StartUpReg: CTSyncU.exe - hkey= - key= - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: EPSON SX410 Series - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: PSDrvCheck - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TalkTalk - hkey= - key= - C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Documents and Settings\Owner\Desktop\utorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: µTorrent - hkey= - key= - C:\Documents and Settings\Owner\Desktop\utorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/19 11:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fonts
[2010/02/19 11:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/02/19 11:02:12 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/02/18 14:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\What Adam Wants
[2010/02/18 12:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinMend
[2010/02/18 11:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SysProt
[2010/02/17 20:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\avz4
[2010/02/17 20:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/02/17 20:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/17 11:04:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/16 20:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/16 20:02:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/16 13:51:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/15 11:11:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/15 11:10:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/15 11:10:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/15 11:10:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/15 11:10:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/15 11:07:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/14 12:18:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/14 11:43:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam_1_44.exe
[2010/02/14 11:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/14 10:36:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2010/02/12 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Penstick
[2010/02/11 20:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/02/11 20:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/09 11:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/02/08 20:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2010/02/08 20:46:20 | 000,000,000 | ---D | C] -- C:\ATI
[2010/02/08 20:25:33 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/02/08 20:25:14 | 000,000,000 | ---D | C] -- C:\Intel
[2010/02/08 19:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DriverGenius
[2010/02/08 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Genius
[2010/02/08 19:52:23 | 008,096,260 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\Driver_Genius_Pro_v9.0.0.186.with.autoreg-whoknows.exe
[2010/02/08 19:16:48 | 000,823,616 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys
[2010/02/08 19:16:48 | 000,141,536 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys
[2010/02/08 19:16:48 | 000,116,000 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys
[2010/02/08 19:16:48 | 000,015,840 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\pfmodnt.sys
[2010/02/08 19:16:47 | 000,189,504 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys
[2010/02/08 19:16:47 | 000,135,248 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys
[2010/02/08 19:16:47 | 000,006,144 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys
[2010/02/08 19:16:46 | 000,498,688 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys
[2010/02/08 19:16:45 | 000,135,040 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys
[2010/02/08 19:16:44 | 000,049,152 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\CTDCRES.DLL
[2010/02/08 19:16:43 | 000,270,336 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\sfms32.dll
[2010/02/08 19:16:43 | 000,036,864 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\sfman32.dll
[2010/02/08 19:16:42 | 000,176,128 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\READREG.EXE
[2010/02/08 19:16:42 | 000,159,744 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\OPENAL32.DLL
[2010/02/08 19:16:42 | 000,110,592 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\piaproxy.dll
[2010/02/08 19:16:42 | 000,049,152 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\MIDIDEF.EXE
[2010/02/08 19:16:41 | 000,094,208 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\DEVREG.DLL
[2010/02/08 19:16:41 | 000,077,824 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\eaxac3.dll
[2010/02/08 19:16:41 | 000,020,480 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ENSDEF.EXE
[2010/02/08 19:16:40 | 000,655,360 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctsblfx.dll
[2010/02/08 19:16:40 | 000,155,648 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctosuser.dll
[2010/02/08 19:16:40 | 000,110,592 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctscal.dll
[2010/02/08 19:16:40 | 000,045,056 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctspkhlp.dll
[2010/02/08 19:16:39 | 000,036,864 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctemupia.dll
[2010/02/08 19:16:39 | 000,028,672 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CtHelper.exe
[2010/02/08 19:16:38 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdcifce.dll
[2010/02/08 19:16:38 | 000,110,592 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdproxy.dll
[2010/02/08 19:16:37 | 000,495,616 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctaudfx.dll
[2010/02/08 19:16:37 | 000,393,216 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdc0001.dll
[2010/02/08 19:16:37 | 000,319,488 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdc0000.dll
[2010/02/08 19:16:37 | 000,110,592 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctasio.dll
[2010/02/08 19:16:37 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctagent.dll
[2010/02/08 19:16:35 | 000,126,976 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\commonfx.dll
[2010/02/08 19:16:35 | 000,053,248 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ac3api.dll
[2010/02/08 18:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ATI
[2010/02/08 17:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ATI
[2010/02/08 14:40:06 | 000,290,816 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/02/08 14:40:01 | 000,475,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/02/08 14:40:01 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/02/08 14:40:01 | 000,307,200 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/02/08 14:40:01 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/02/08 14:39:59 | 003,227,648 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/02/08 14:39:58 | 000,126,976 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/02/08 14:39:58 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibrtmon.exe
[2010/02/08 14:39:58 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/02/08 14:39:54 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/02/08 14:39:53 | 000,049,664 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/02/08 14:34:39 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2010/02/04 20:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/04 20:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/04 11:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/03 12:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/02/02 20:39:47 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/02/02 20:39:47 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\Pncrt.dll
[2010/02/02 20:39:47 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2010/02/02 20:39:47 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2010/02/02 20:39:47 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2010/02/02 20:39:47 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2010/02/02 20:39:47 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2010/02/02 20:39:46 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2010/01/29 19:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bangers
[2010/01/28 18:09:36 | 000,182,784 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\Ncs2Setp.dll
[2010/01/28 17:52:50 | 000,734,328 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2dmix.dll
[2010/01/28 17:52:50 | 000,518,264 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\accesor.dll
[2010/01/28 17:32:04 | 000,128,120 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2instutility.dll
[2010/01/28 17:16:16 | 001,718,904 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ncscolib.dll
[2010/01/25 15:22:46 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.copy
[2010/01/24 15:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/01/24 15:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/01/24 15:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent(2)
[2010/01/24 15:17:30 | 000,289,584 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\Desktop\utorrent.exe
[2010/01/24 13:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/24 13:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/01/24 13:17:53 | 000,919,840 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u18-windows-i586-iftw-rv.exe
[2010/01/23 18:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Tutorial Files
[2010/01/23 18:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nova Development
[2010/01/23 11:32:11 | 018,076,640 | ---- | C] (VSO-Software ) -- C:\Documents and Settings\Owner\Desktop\vsoConvertXtoDVD4_setup-avangate_588.exe
[2010/01/21 19:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup
[2009/10/17 13:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/17 13:30:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/17 13:30:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/17 13:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/02 09:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/10 16:51:23 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/05/17 15:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer
[2009/05/11 17:17:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2009/04/13 21:25:59 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/19 12:50:52 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Wants List.rtf
[2010/02/19 12:24:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/19 12:24:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/19 12:22:55 | 002,738,208 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/19 12:22:55 | 000,606,240 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/19 12:22:55 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/19 12:22:55 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/19 12:22:55 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/19 12:22:55 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/19 12:22:55 | 000,023,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/19 12:22:55 | 000,003,152 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/19 12:22:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/19 12:22:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/19 12:22:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
[2010/02/19 12:22:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
[2010/02/19 12:22:48 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/19 12:22:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/19 12:18:16 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-10031102}.CDF
[2010/02/19 12:18:16 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-10031102}.BAK
[2010/02/19 12:17:11 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2010/02/19 11:20:13 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Photoshop CS4.lnk
[2010/02/19 11:02:26 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/02/19 10:58:48 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/02/18 12:33:55 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WinMend Registry Cleaner.lnk
[2010/02/18 11:36:52 | 000,354,396 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2010/02/17 20:23:58 | 005,125,238 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avz4.zip
[2010/02/17 14:34:08 | 000,001,254 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Usernames.rtf
[2010/02/17 13:55:22 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Play.com beef.rtf
[2010/02/17 13:33:29 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/16 20:14:01 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/16 13:32:12 | 000,001,173 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/02/15 12:31:56 | 000,377,740 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/15 11:21:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100215-123156.backup
[2010/02/15 11:11:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/15 11:03:25 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/02/14 12:18:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/14 12:10:58 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/14 11:43:48 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam_1_44.exe
[2010/02/14 10:36:40 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2010/02/13 21:17:54 | 004,844,652 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/12 20:01:25 | 016,455,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Agnes Vs The Drill Mashup 3rd.mp3
[2010/02/12 19:49:41 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 14:39:50 | 000,140,912 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\End Of Night Tune.mp3.sfk
[2010/02/12 14:39:37 | 006,541,795 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\End Of Night Tune.mp3
[2010/02/11 20:55:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/02/11 20:55:38 | 000,000,186 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/11 20:31:51 | 000,017,266 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\antivundo.html
[2010/02/10 14:16:09 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Mums Links.rtf
[2010/02/08 20:28:43 | 000,774,538 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/08 20:28:43 | 000,628,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/08 20:28:43 | 000,132,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/08 19:57:39 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Driver Genius Professional Edition.lnk
[2010/02/08 19:51:01 | 008,090,114 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Driver_Genius_Pro_v9.0.0.186.with.autoreg.rar
[2010/02/08 19:17:34 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/08 19:12:29 | 000,000,136 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2010/02/08 17:53:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/08 14:40:13 | 002,670,720 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/02/08 14:40:11 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/02/08 14:40:10 | 003,107,788 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/08 14:40:02 | 000,015,577 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010/02/08 14:40:01 | 000,189,051 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/02/08 14:40:01 | 000,007,167 | ---- | M] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/02/08 14:39:58 | 003,818,272 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/02/08 14:39:58 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibrtmon.exe
[2010/02/08 14:39:54 | 000,626,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/02/08 14:39:54 | 000,325,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/02/08 14:34:39 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2010/02/08 11:39:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/03 08:30:47 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vlc-1.0.5-win32.exe
[2010/02/02 20:46:03 | 000,063,104 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Informant.XtoDVD
[2010/02/02 20:40:25 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ConvertXtoDVD 4.lnk
[2010/02/02 15:48:38 | 000,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/02/02 15:48:38 | 000,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2010/02/02 15:48:33 | 000,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/02/02 15:48:33 | 000,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/29 13:50:17 | 013,138,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Deadmau5 vs. The Police.mp3
[2010/01/29 10:58:59 | 000,000,062 | ---- | M] () -- C:\WINDOWS\MyProg.ini
[2010/01/28 18:09:36 | 000,182,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\Ncs2Setp.dll
[2010/01/28 17:52:50 | 000,734,328 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2dmix.dll
[2010/01/28 17:52:50 | 000,518,264 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\accesor.dll
[2010/01/28 17:32:04 | 000,128,120 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2instutility.dll
[2010/01/28 17:16:16 | 001,718,904 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ncscolib.dll
[2010/01/27 13:52:26 | 000,256,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2010/01/25 15:07:03 | 000,048,275 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ALL NEW FUNNY [bleep] DVD.XtoDVD
[2010/01/25 14:55:40 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100201-155256.backup
[2010/01/25 13:04:02 | 000,000,981 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml%
[2010/01/24 21:09:11 | 000,066,184 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/24 16:54:13 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/24 13:17:54 | 000,919,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u18-windows-i586-iftw-rv.exe
[2010/01/24 13:14:56 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\Desktop\utorrent.exe
[2010/01/23 12:13:49 | 009,965,926 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\video.mp4
[2010/01/23 11:32:18 | 018,076,640 | ---- | M] (VSO-Software ) -- C:\Documents and Settings\Owner\Desktop\vsoConvertXtoDVD4_setup-avangate_588.exe
[2010/01/21 18:21:33 | 000,373,642 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100124-150445.backup
[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 12:17:11 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2010/02/19 11:20:13 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Photoshop CS4.lnk
[2010/02/18 12:33:55 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WinMend Registry Cleaner.lnk
[2010/02/18 11:36:48 | 000,354,396 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2010/02/17 20:23:01 | 005,125,238 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avz4.zip
[2010/02/17 13:55:22 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Play.com beef.rtf
[2010/02/16 16:08:25 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-10031102}.BAK
[2010/02/15 11:11:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/15 11:11:28 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/15 11:10:12 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/15 11:10:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/15 11:10:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/15 11:10:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/15 11:10:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/15 11:03:21 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/02/14 12:11:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/02/14 12:10:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/12 20:01:15 | 016,455,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Agnes Vs The Drill Mashup 3rd.mp3
[2010/02/12 14:38:33 | 000,140,912 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\End Of Night Tune.mp3.sfk
[2010/02/12 14:38:02 | 006,541,795 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\End Of Night Tune.mp3
[2010/02/11 20:31:49 | 000,017,266 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\antivundo.html
[2010/02/10 14:16:09 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Mums Links.rtf
[2010/02/08 20:27:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/02/08 19:57:39 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Driver Genius Professional Edition.lnk
[2010/02/08 19:37:00 | 008,090,114 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Driver_Genius_Pro_v9.0.0.186.with.autoreg.rar
[2010/02/08 19:29:30 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-10031102}.CDF
[2010/02/08 19:27:10 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
[2010/02/08 19:27:10 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
[2010/02/08 19:17:34 | 000,030,036 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/08 19:17:34 | 000,030,036 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/08 19:17:34 | 000,029,760 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/08 19:17:34 | 000,029,760 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
[2010/02/08 19:16:47 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/02/08 19:16:46 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/02/08 19:16:46 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/02/08 19:16:46 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/02/08 19:16:46 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/02/08 19:16:43 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/02/08 19:16:42 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/02/08 19:16:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\killapps.exe
[2010/02/08 19:16:42 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/02/08 19:16:42 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2010/02/08 19:16:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default8.sfm
[2010/02/08 19:16:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2010/02/08 19:16:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default.sfm
[2010/02/08 19:16:40 | 002,259,067 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT.ECW
[2010/02/08 19:16:38 | 004,481,358 | ---- | C] () -- C:\WINDOWS\CTDVAUDY.CDF
[2010/02/08 19:16:36 | 002,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT2MGM.SF2
[2010/02/08 19:16:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\CT1MGM.ROM
[2010/02/08 18:20:29 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/08 17:53:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/08 15:18:01 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/02/08 14:40:11 | 000,152,496 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/02/08 14:40:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/02/08 14:40:07 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/08 14:40:01 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/02/08 14:40:01 | 000,015,577 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/02/08 14:40:01 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/02/03 08:30:28 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vlc-1.0.5-win32.exe
[2010/02/02 20:46:03 | 000,063,104 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Informant.XtoDVD
[2010/02/02 20:40:25 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ConvertXtoDVD 4.lnk
[2010/01/29 10:58:59 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2010/01/25 15:05:47 | 000,048,275 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ALL NEW FUNNY [bleep] DVD.XtoDVD
[2010/01/25 15:02:29 | 013,138,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Deadmau5 vs. The Police.mp3
[2010/01/25 13:04:02 | 000,000,981 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml%
[2010/01/23 12:10:20 | 009,965,926 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\video.mp4
[2009/12/08 17:56:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/20 11:16:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/10/17 11:58:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/08/13 17:24:02 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2009/08/09 15:15:45 | 000,347,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\MB.SAV
[2009/07/18 11:34:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/08 18:51:01 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/06/08 18:50:07 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/06/08 18:50:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/08 18:46:50 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/05/27 12:59:03 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/05/15 19:55:15 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/05/14 19:14:34 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/13 11:56:02 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/05/11 17:45:09 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/11 17:41:44 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/11 17:17:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/05/11 17:17:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/04/16 15:58:54 | 000,001,173 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2009/04/16 15:58:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2009/04/13 21:42:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\setup.txt
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/24 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/10/21 16:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/24 11:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/09 11:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/10/17 13:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/05 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/05/12 16:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/05/14 19:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/15 09:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/08/13 17:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Doctor Web
[2009/11/05 10:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/08 17:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/01/21 19:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/02/19 12:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/05/13 07:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/10/27 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/17 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/12 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/08/17 15:06:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/06/22 19:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/02/04 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/04 20:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/16 07:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OO Software
[2009/06/22 20:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/01 13:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/22 14:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/02/15 20:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/24 13:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/12/15 18:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/13 11:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/04 20:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/02/19 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/11 10:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/25 14:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/12/08 18:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/07/09 13:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/04/15 10:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2007/01/11 22:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/12/17 22:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[2009/08/12 19:59:18 | 033,773,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
[2009/08/12 20:19:33 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
[2009/08/12 20:19:33 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
[2009/08/12 20:19:33 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
[2009/08/12 20:19:33 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2009/06/01 12:08:00 | 033,642,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe
[2009/06/01 12:27:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
[2009/06/01 12:27:38 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
[2009/06/01 12:27:38 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2009/12/15 19:05:47 | 000,201,992 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
[2009/10/12 14:10:16 | 000,053,319 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe

< %APPDATA%\*. >
[2009/06/16 17:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ableton
[2009/08/17 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Activision
[2009/08/08 16:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/11/23 21:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/07/28 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artifex Mundi
[2009/07/25 15:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Astroburn
[2010/02/08 18:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ATI
[2010/01/14 11:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/10/28 14:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\avidemux
[2009/06/20 16:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BlackBean
[2009/10/23 08:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blinkx
[2009/08/12 14:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2009/07/05 11:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Creative
[2009/06/09 20:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/07/24 15:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/05/15 09:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2009/05/14 12:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deluge
[2010/02/03 11:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2009/12/12 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/05/31 17:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/09/08 16:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/06/10 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/04/13 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2009/12/08 17:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/10/27 09:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2009/04/13 21:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/02/17 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/10/17 13:30:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/02/11 20:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/10/29 15:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla(2)
[2009/10/27 08:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nod32 updater
[2009/06/01 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2009/09/06 10:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nordic Games
[2009/06/01 13:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2009/05/18 13:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2009/09/09 16:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2009/05/18 13:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/05/16 08:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2009/10/23 08:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF
[2009/04/15 10:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/12/15 18:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/01/05 14:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2009/05/11 10:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2010/02/19 13:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/01/24 15:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent(2)
[2010/02/18 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/02/14 13:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/05/11 19:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2009/06/11 10:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yamicsoft

< %APPDATA%\*.exe /s >
[2009/08/13 17:24:02 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2009/12/15 18:34:36 | 000,018,944 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
[2009/12/15 18:34:36 | 000,065,024 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
[2009/12/15 18:34:36 | 000,005,120 | R--- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/18 11:04:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/05/18 11:04:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/18 11:04:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/05/18 11:04:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Owner\My Documents\DriverGenius\Backup\Driver Backup 2-8-2010-20178\Intel® 82801FB FBM Ultra ATA Storage Controllers - 266F\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Owner\My Documents\DriverGenius\Backup\Driver Backup 2-8-2010-20178\Intel® 82801FB Ultra ATA Storage Controllers - 2651\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Owner\My Documents\DriverGenius\Backup\Driver Backup 2-8-2010-20178\Primary IDE Channel#1\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Owner\My Documents\DriverGenius\Backup\Driver Backup 2-8-2010-20178\Primary IDE Channel\atapi.sys
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Owner\My Documents\My Drivers\hdc\mshdc.inf\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\atapi.sys
[2006/02/28 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[72 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/05/14 19:14:34 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009/04/13 21:42:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/13 21:42:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/13 21:42:14 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
< End of report >