Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need Help Removing Win32/Alureon.G [Solved]

Started by K1500 , Mar 31 2010 10:49 AM

Page 3 of 6
1
2
3
4
5

This topic is locked

#31
K1500

Posted 05 April 2010 - 11:19 PM

Member

Topic Starter
Member
68 posts

Safe mode will load fine now, but I'm still having trouble with MBAM crashing Windows in normal mode. The error reads:

PAGE_FAULT_IN_NONPAGED_AREA
STOP: 0x00000050
win32k.sys - BF8EBFFF base at BF800000, Datestamp 4a8564c7

Is this something that you can cover, or should I start a new thread? Thanks a lot!

Edited by K1500, 05 April 2010 - 11:21 PM.

#32
hammerman

Posted 06 April 2010 - 01:32 PM

Member 4k

Member
4,183 posts

Hi,

Have you tried uninstalling then reinstalling Malwarebytes?

#33
K1500

Posted 06 April 2010 - 02:56 PM

Member

Topic Starter
Member
68 posts

Hi,

Have you tried uninstalling then reinstalling Malwarebytes?

I have not (even though that's the logical first step

). I'll do that and let you know if it still crashes. Thanks again!

#34
K1500

Posted 06 April 2010 - 05:10 PM

Member

Topic Starter
Member
68 posts

Nope, I still got an error, though this time it solely said:

STOP: 0x000000F4

#35
hammerman

Posted 07 April 2010 - 01:23 PM

Member 4k

Member
4,183 posts

Hi,

Let's take a further in-depth look.

Please follow these steps.

-- Step 1 --

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

-- Step 2 --

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

#36
K1500

Posted 07 April 2010 - 04:09 PM

Member

Topic Starter
Member
68 posts

Here are the logfiles from AVZ and the log from SysProt:

virusinfo_syscure.zip 30.69KB 167 downloads

virusinfo_syscheck.zip 29.5KB 178 downloads

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1348
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1552
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1596
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1680
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1828
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 620
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 756
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1012
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1036
Hidden: No
Window Visible: No

Name: C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\tcpsvcs.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\snmp.exe
PID: 948
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\MsPMSPSv.exe
PID: 1496
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchindexer.exe
PID: 1736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2104
Hidden: No
Window Visible: No

Name: C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
PID: 3008
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3188
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe
PID: 3472
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3632
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PID: 3692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 3888
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 3972
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PID: 4004
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\msseces.exe
PID: 4072
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehmsas.exe
PID: 1112
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 2080
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2272
Hidden: No
Window Visible: No

Name: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PID: 2596
Hidden: No
Window Visible: No

Name: C:\Program Files\PeerBlock\peerblock.exe
PID: 2912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 3064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3112
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 3312
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PID: 2316
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 2236
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchprotocolhost.exe
PID: 2744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchfilterhost.exe
PID: 3968
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProt.exe
PID: 2732
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A2814000
Module End: A281F000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys
Service Name: sptd
Module Base: B9EBF000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: B9EA7000
Module End: B9EBF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9E79000
Module End: B9EA7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9E68000
Module End: B9E79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9E49000
Module End: B9E68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9E23000
Module End: B9E49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfsync02.sys
Service Name: sfsync02
Module Base: BA0C8000
Module End: BA0D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfsync03.sys
Service Name: sfsync03
Module Base: BA0D8000
Module End: BA0E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0E8000
Module End: BA0F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9E0B000
Module End: B9E23000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iastor.sys
Service Name: iastor
Module Base: B9D36000
Module End: B9E0B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA0F8000
Module End: BA101000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA108000
Module End: BA115000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: B9D16000
Module End: B9D36000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9D04000
Module End: B9D16000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: drvmcdb
Module Base: B9CEE000
Module End: B9D04000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA118000
Module End: BA122000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9CD7000
Module End: B9CEE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9C4A000
Module End: B9CD7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9C1D000
Module End: B9C4A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\timntr.sys
Service Name: timounter
Module Base: B9BB2000
Module End: B9C1D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tdrpman.sys
Service Name: tdrpman
Module Base: B9B59000
Module End: B9BB2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\snapman.sys
Service Name: snapman
Module Base: B9B3A000
Module End: B9B59000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfvfs02.sys
Service Name: sfvfs02
Module Base: B9B26000
Module End: B9B3A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: BA338000
Module End: BA340000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: B9B14000
Module End: B9B26000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9AFA000
Module End: B9B14000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: B9A0D000
Module End: B9A10000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA188000
Module End: BA191000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: B802E000
Module End: B82E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B801A000
Module End: B802E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: B7FED000
Module End: B801A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA380000
Module End: BA386000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B7FC9000
Module End: B7FED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA388000
Module End: BA390000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\P17.sys
Service Name: P17
Module Base: B7E72000
Module End: B7FC9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B7E4E000
Module End: B7E72000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA198000
Module End: BA1A7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: B7E2B000
Module End: B7E4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Service Name: ossrv
Module Base: B7DFB000
Module End: B7E2B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: B7DD5000
Module End: B7DFB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: B7DA1000
Module End: B7DD5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: B7CA2000
Module End: B7DA1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: B7BFB000
Module End: B7CA2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: BA3C0000
Module End: BA3C8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: B86AC000
Module End: B86B5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: BA608000
Module End: BA60A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B869C000
Module End: B86AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B868C000
Module End: B869B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BA398000
Module End: BA39E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B867C000
Module End: B8687000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Service Name: ---
Module Base: B7B95000
Module End: B7BFB000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA726000
Module End: BA727000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: B866C000
Module End: B8679000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B99CD000
Module End: B99D0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B7B7E000
Module End: B7B95000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: B865C000
Module End: B8667000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: B864C000
Module End: B8658000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA400000
Module End: BA405000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B7B6D000
Module End: B7B7E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: B863C000
Module End: B8645000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA408000
Module End: BA40D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA410000
Module End: BA415000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: BA418000
Module End: BA41E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B7B3D000
Module End: B7B6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B862C000
Module End: B8636000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA420000
Module End: BA426000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA428000
Module End: BA42E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA610000
Module End: BA612000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B7ADF000
Module End: B7B3D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B99B5000
Module End: B99B9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B861C000
Module End: B8626000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B8347000
Module End: B8356000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA612000
Module End: BA614000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: B9981000
Module End: B9985000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: BA370000
Module End: BA375000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: B99F1000
Module End: B99F4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: AD58C000
Module End: AD5AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B99FD000
Module End: B9A00000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: AC7F0000
Module End: AC7F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: ACAD3000
Module End: ACADA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA5F4000
Module End: BA5F6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA7BF000
Module End: BA7C0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA5F6000
Module End: BA5F8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Service Name: DLARTL_N
Module Base: ACAC3000
Module End: ACAC9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: ACABB000
Module End: ACAC3000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: AC720000
Module End: AC726000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA5F8000
Module End: BA5FA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA5FA000
Module End: BA5FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: AC718000
Module End: AC71D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: AC710000
Module End: AC718000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: AD580000
Module End: AD583000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AB53C000
Module End: AB54F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AB4E3000
Module End: AB53C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AB4BD000
Module End: AB4E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AB495000
Module End: AB4BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: AC7D0000
Module End: AC7D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: Tcpip6
Module Base: AB45D000
Module End: AB495000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AB43B000
Module End: AB45D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: AC7C0000
Module End: AC7C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AB410000
Module End: AB43B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AB3A0000
Module End: AB410000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: AC7A0000
Module End: AC7AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ip6fw.sys
Service Name: Ip6Fw
Module Base: AC790000
Module End: AC799000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\xusb21.sys
Service Name: xusb21
Module Base: ACFDF000
Module End: ACFED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Service Name: ---
Module Base: ACFCF000
Module End: ACFDC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Service Name: Wdf01000
Module Base: A6184000
Module End: A6200000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rt73.sys
Service Name: RT73
Module Base: A6148000
Module End: A6184000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: A6A89000
Module End: A6A8C000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: AC3CE000
Module End: AC3D3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A6A85000
Module End: A6A88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\point32.sys
Service Name: Point32
Module Base: AC3B6000
Module End: AC3BC000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BA6DF000
Module End: BA6E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: AC5F8000
Module End: AC5FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: drvnddm
Module Base: B8317000
Module End: B8321000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Service Name: tifsfilter
Module Base: B8307000
Module End: B8311000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS
Service Name: DLADResN
Module Base: A6BD6000
Module End: A6BD7000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: A3F32000
Module End: A3F48000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: AEDFD000
Module End: AEE01000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: BA5C8000
Module End: BA5CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DefragFS.SYS
Service Name: DefragFS
Module Base: A3F0D000
Module End: A3F32000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: BA3F0000
Module End: BA3F7000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: A3EF5000
Module End: A3F0D000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: A3EDF000
Module End: A3EF5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: A797D000
Module End: A7982000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A892E000
Module End: A8932000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A3E3A000
Module End: A3E67000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\adfs.SYS
Service Name: adfs
Module Base: A3E29000
Module End: A3E3A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: ABCE3000
Module End: ABCE5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A3D82000
Module End: A3DD9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A3E8B000
Module End: A3E8E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: AED91000
Module End: AEDA1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A3CF5000
Module End: A3D0A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: AEDB1000
Module End: AEDC0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: A777A000
Module End: A7784000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A39AB000
Module End: A39CF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: AEB20000
Module End: AEB26000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: A37A8000
Module End: A37CB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A363F000
Module End: A3680000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: A2DB6000
Module End: A2DBF000
Hidden: No

Module Name: \??\C:\Program Files\PeerBlock\pbfilter.sys
Service Name: pbfilter
Module Base: BA3D8000
Module End: BA3DF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A2751000
Module End: A277C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: BA390000
Module End: BA397000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: B9EC00D0
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwEnumerateKey
Address: B9EC5E2C
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: B9EC61BA
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwOpenKey
Address: B9EC00B0
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwQueryKey
Address: B9EC6292
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: B9EC6112
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwSetValueKey
Address: B9EC6324
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_CREATE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_CLOSE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_READ
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_WRITE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SET_EA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_POWER
Jump To: B9ECF712
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B9EF22C8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2108
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB991E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB991E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB991E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB991E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8AB991E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\au9s2lsy.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AB991E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: BA0D995C
Hooking Module: C:\WINDOWS\system32\drivers\sfsync03.sys

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AE701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8B97D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8B97D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B97D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: BA0D995C
Hooking Module: C:\WINDOWS\system32\drivers\sfsync03.sys

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8B97D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8B97D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8B90C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A6617A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A6617A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A6617A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A6617A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A6617A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE607A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE677A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AE677A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE677A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE677A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE677A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE677A0
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: XPS400:46928
Remote Address: 192.168.1.1:2869
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: CLOSING

Local Address: XPS400:2869
Remote Address: 192.168.1.1:1471
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: CLOSE_WAIT

Local Address: XPS400:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: XPS400:27015
Remote Address: LOCALHOST:1059
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: XPS400:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: XPS400:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: XPS400:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: XPS400:1059
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: XPS400:1029
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: XPS400:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: XPS400:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: XPS400:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: XPS400:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: XPS400:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:SMTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:FTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:CHARGEN
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:QOTD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:DAYTIME
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:DISCARD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:ECHO
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: XPS400:3198
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1027
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: XPS400:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: XPS400:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1064
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1049
Remote Address: NA
Type: UDP
Process: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
State: NA

Local Address: XPS400:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: XPS400:3544
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:3456
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: NA

Local Address: XPS400:1031
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: XPS400:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: XPS400:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: XPS400:161
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\snmp.exe
State: NA

Local Address: XPS400:CHARGEN
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:QOTD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:DAYTIME
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:DISCARD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:ECHO
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: F:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: F:\System Volume Information\tracking.log
Status: Access denied

Object: F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP21F974FA.exe
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP3965CAF3.exe
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP46951BC6.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP5B7D7B31.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP64FF6323.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP80C3B217.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APAD39A243.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APB4D04087.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APC8DFB6F1.dll
Status: Access denied

#37
hammerman

Posted 08 April 2010 - 06:57 AM

Member 4k

Member
4,183 posts

Hi,

We need to show your hidden System Files and Folders.

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\\System32\Drivers\au9s2lsy.SYS
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Repeat for this file.

c:\0.exe

#38
K1500

Posted 08 April 2010 - 02:25 PM

Member

Topic Starter
Member
68 posts

For both files I get the message "ERROR: Can't find upload file!" I've already had hidden files and folders visible, and I unchecked the box for hiding protected system operating files, but they won't upload and I can't find the files at the file paths specified through Windows Explorer.

Edited by K1500, 08 April 2010 - 02:25 PM.

#39
hammerman

Posted 08 April 2010 - 04:03 PM

Member 4k

Member
4,183 posts

Hi,

Could you check these 2 files at VirScan.org and post the reports.

C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
C:\WINDOWS\System32\C0EC55B373.sys

Then...

Run OTL

When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scans/Fixes box paste this in the following.

CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

#40
K1500

Posted 08 April 2010 - 05:03 PM

Member

Topic Starter
Member
68 posts

This time I get the message "ERROR: Maximum upload size of 20 exceeded. Your upload has failed!"

I'm about to run OTL, but I figured I'd let you know that first since you might want me to take another course of action. Thanks again!

EDIT: Here's the OTL log:

OTL logfile created on: 4/8/2010 6:06:18 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 13.00 Gb Free Space | 18.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 435.24 Gb Free Space | 93.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (SysProtDrv.sys) -- C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (hamachi_oem) -- C:\WINDOWS\system32\drivers\gan_adapter.sys (Applied Networking Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys ()
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\hidswvd.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 64.34.161.90:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.26
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {1fe12979-ef26-4a7a-911a-ba0f596362bd}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.83.20100316
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {2e6959d0-3be5-11df-9879-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.90.179.108"
FF - prefs.js..network.proxy.gopher: "64.90.179.108"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.90.179.108"
FF - prefs.js..network.proxy.ssl: "64.90.179.108"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..splitbrowser.search.loadResultsIn: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 00:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 00:29:00 | 000,000,000 | ---D | M]

[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\[email protected]
[2010/04/07 23:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions
[2010/01/26 21:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{1fe12979-ef26-4a7a-911a-ba0f596362bd}
[2010/03/30 22:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{2e6959d0-3be5-11df-9879-0800200c9a66}
[2010/03/28 20:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/23 00:49:43 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/10/15 07:00:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/21 00:34:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/27 12:53:39 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/20 10:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 04:08:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/29 18:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/14 04:09:51 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/01/27 19:23:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/26 16:53:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/04/05 22:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/09/13 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\bug489729@alice0775
[2009/07/01 20:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/07/26 10:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/06/18 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2010/03/23 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/12/29 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/07/12 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/10/28 05:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\TFToolbarX@torrent-finder
[2009/11/11 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/01/06 00:33:16 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\searchplugins\userlogos.xml
[2010/04/07 23:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/01 21:55:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/22 03:01:25 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/04/02 06:27:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.1.74.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1187479030750 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase2213.cab (CwlscInstall Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130464946046 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131080027541 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://69.213.66.54/TSWEB/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 16:00:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/06 16:00:04 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 16:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/02 07:14:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 06:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/02 00:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/01 16:44:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 16:43:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 16:43:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 16:43:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 16:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 16:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 16:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 16:25:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 16:31:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Graham\Recent
[2010/03/31 16:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Desktop\Alureon.G
[2010/03/30 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 22:00:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 22:00:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 22:00:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 22:00:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/28 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/28 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/03/22 20:48:24 | 000,000,000 | ---D | C] -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers_files
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/10 00:04:04 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 23:33:38 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/03/09 22:20:28 | 000,000,000 | ---D | C] -- F:\My Documents\print.aw3_files
[2010/03/09 19:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2010/01/06 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2010/01/06 06:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/23 15:11:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/12 01:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/10/08 17:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2009/07/31 17:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/07 01:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/25 15:56:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/07/13 20:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/07 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL

========== Files - Modified Within 30 Days ==========

[2010/04/08 18:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
[2010/04/08 15:33:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 15:33:27 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\Graham\NTUSER.DAT
[2010/04/08 15:33:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 15:33:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 15:33:17 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 16:42:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Graham\ntuser.ini
[2010/04/06 23:54:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/06 17:16:04 | 000,108,512 | ---- | M] () -- C:\VETlog.dmp
[2010/04/06 17:15:08 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/06 16:00:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 12:18:08 | 000,037,198 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2010/04/03 12:00:00 | 000,011,128 | ---- | M] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/02 09:01:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 06:28:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/02 06:27:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/01 16:45:00 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/01 15:11:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:35 | 000,335,856 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 23:38:19 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 22:49:14 | 049,852,416 | ---- | M] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 21:59:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/30 21:59:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 21:59:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 21:59:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 21:59:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 18:30:06 | 000,011,024 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:30:01 | 003,494,576 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/30 18:30:01 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 18:29:26 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 17:33:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 02:28:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:10:12 | 000,716,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 23:10:12 | 000,580,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 23:10:12 | 000,122,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/03/28 20:25:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\WinRAR.lnk
[2010/03/28 20:09:09 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/03/22 22:03:51 | 000,013,225 | ---- | M] () -- F:\My Documents\Bill.docx
[2010/03/22 20:48:50 | 000,248,227 | ---- | M] () -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers.htm
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/10 00:06:24 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/09 23:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/09 23:33:38 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/03/09 22:20:31 | 000,166,719 | ---- | M] () -- F:\My Documents\print.aw3.htm
[2010/03/09 19:55:17 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Graham\webct_upload_applet.properties
[2010/03/09 19:52:03 | 000,923,136 | ---- | M] () -- F:\My Documents\Percy Bysshe Shelley.ppt
[2010/03/09 19:27:58 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk

========== Files Created - No Company Name ==========

[2010/04/06 16:00:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/06 16:00:11 | 000,011,128 | ---- | C] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/06 06:55:14 | 3756,167,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/01 16:45:00 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/01 16:44:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 16:43:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 16:43:31 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/01 16:43:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 16:43:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 16:43:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/01 15:11:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:15 | 000,335,856 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 22:46:34 | 049,852,416 | ---- | C] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 18:30:06 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:30:06 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:29:59 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 17:37:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 20:09:09 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/03/22 22:03:51 | 000,013,225 | ---- | C] () -- F:\My Documents\Bill.docx
[2010/03/22 20:48:50 | 000,248,227 | ---- | C] () -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers.htm
[2010/03/09 22:20:28 | 000,166,719 | ---- | C] () -- F:\My Documents\print.aw3.htm
[2010/03/09 19:52:02 | 000,923,136 | ---- | C] () -- F:\My Documents\Percy Bysshe Shelley.ppt
[2010/03/09 19:27:58 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/02/06 06:09:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 06:09:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/23 02:39:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/12/23 00:15:27 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Drums
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Distortion
[2009/02/15 23:04:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/02/15 23:04:48 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laserjet
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Documentation
[2009/02/15 23:04:16 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Mail
[2009/02/15 22:52:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/31 21:36:50 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/11/25 15:56:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/10/01 23:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/02 16:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/02 16:49:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/08/02 16:42:47 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/02 16:42:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/02 16:41:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/02 16:41:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/02 16:41:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/05/31 14:43:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\.mpid
[2007/05/21 20:45:59 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/24 19:38:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2007/04/24 19:37:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/24 04:25:50 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/27 14:19:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/12/22 21:17:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HOTWHEEL.INI
[2006/12/21 15:42:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/12/10 01:51:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2006/10/19 00:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/09/02 23:26:21 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\P2k.sys
[2006/08/01 11:02:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2006/07/24 12:53:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/07/23 19:18:42 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/23 14:38:02 | 000,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 17:57:06 | 000,073,814 | ---- | C] () -- C:\WINDOWS\System32\cw.dll
[2006/06/11 01:46:03 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini
[2006/03/06 22:52:49 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2006/03/04 20:39:32 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C0EC55B373.sys
[2006/01/27 17:09:57 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/30 20:33:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/25 15:49:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2005/12/03 21:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/27 01:14:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2005/11/26 18:45:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\fdmc.ini
[2005/11/13 20:17:52 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\FASTWiz.log
[2005/11/04 19:40:39 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/02 22:12:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\copmn.ini
[2005/11/01 18:22:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 22:26:13 | 000,037,198 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2005/10/31 16:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/29 20:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/28 15:38:29 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/10/28 15:35:30 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/27 23:27:28 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/27 23:27:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\73B355ECC0.sys
[2005/10/27 21:40:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/27 21:40:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/27 20:43:12 | 000,004,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/27 20:16:09 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\fusioncache.dat
[2005/10/26 14:18:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 14:07:11 | 000,003,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 14:04:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 14:01:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/26 14:01:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/26 13:36:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/26 13:35:30 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:49:36 | 000,016,161 | ---- | C] () -- C:\WINDOWS\System32\ngjcpb9f.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\msdfmap32.ini
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\aclui32.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

Edited by K1500, 08 April 2010 - 05:09 PM.

#41
hammerman

Posted 09 April 2010 - 01:37 PM

Member 4k

Member
4,183 posts

Hi,

Double click on AVZ.exe
Click File > Custom scripts

Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('0.exe');
BC_DeleteFile('0.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\WOW\boot','previousProjectorProcessID');
DeleteFile('C:\WINDOWS\System32\Drivers\au9s2lsy.SYS');
BC_DeleteFile('C:\WINDOWS\System32\Drivers\au9s2lsy.SYS');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Note: When you run the script, your PC will be restarted
Click Run
Restart your PC if it doesn't do it automatically.

Then...

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach virusinfo_syscheck.zip to your next post

#42
K1500

Posted 09 April 2010 - 04:21 PM

Member

Topic Starter
Member
68 posts

virusinfo_syscheck.zip 29.75KB 182 downloads

#43
hammerman

Posted 10 April 2010 - 03:06 AM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps.

-- Step 1 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

-- Step 2 --

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
0.exe
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\boot /s

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

#44
K1500

Posted 10 April 2010 - 08:08 AM

Member

Topic Starter
Member
68 posts

OTL logfile created on: 4/10/2010 9:03:45 AM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 12.65 Gb Free Space | 18.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 435.24 Gb Free Space | 93.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 64.34.161.90:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.26
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {1fe12979-ef26-4a7a-911a-ba0f596362bd}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.83.20100316
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {2e6959d0-3be5-11df-9879-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.90.179.108"
FF - prefs.js..network.proxy.gopher: "64.90.179.108"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.90.179.108"
FF - prefs.js..network.proxy.ssl: "64.90.179.108"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..splitbrowser.search.loadResultsIn: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 00:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 00:29:00 | 000,000,000 | ---D | M]

[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\[email protected]
[2010/04/10 09:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions
[2010/01/26 21:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{1fe12979-ef26-4a7a-911a-ba0f596362bd}
[2010/03/30 22:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{2e6959d0-3be5-11df-9879-0800200c9a66}
[2010/03/28 20:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/23 00:49:43 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/10/15 07:00:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/21 00:34:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/27 12:53:39 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/20 10:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 04:08:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/08 18:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/14 04:09:51 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/01/27 19:23:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/26 16:53:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/04/05 22:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/09/13 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\bug489729@alice0775
[2009/07/01 20:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/07/26 10:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/06/18 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2010/03/23 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/12/29 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/07/12 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/10/28 05:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\TFToolbarX@torrent-finder
[2009/11/11 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/01/06 00:33:16 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\searchplugins\userlogos.xml
[2010/04/10 09:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/01 21:55:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/22 03:01:25 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/04/02 06:27:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.1.74.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1187479030750 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase2213.cab (CwlscInstall Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130464946046 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131080027541 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://69.213.66.54/TSWEB/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/04/06 16:00:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/06 16:00:04 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 16:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/02 07:14:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 06:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/02 00:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/01 16:44:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 16:43:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 16:43:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 16:43:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 16:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 16:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 16:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 16:25:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 16:31:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Graham\Recent
[2010/03/31 16:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Desktop\Alureon.G
[2010/03/30 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/28 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/28 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/01/06 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2010/01/06 06:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/23 15:11:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/12 01:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/10/08 17:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2009/07/31 17:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/07 01:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/25 15:56:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/07/13 20:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/07 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL

========== Files - Modified Within 14 Days ==========

[2010/04/10 00:31:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 18:53:21 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/04/09 18:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/09 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
[2010/04/09 17:11:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 17:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 17:11:26 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 17:10:01 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\vde0odcx.sys
[2010/04/09 02:47:25 | 016,252,928 | -H-- | M] () -- C:\Documents and Settings\Graham\NTUSER.DAT
[2010/04/07 16:42:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Graham\ntuser.ini
[2010/04/06 23:54:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/06 17:16:04 | 000,108,512 | ---- | M] () -- C:\VETlog.dmp
[2010/04/06 17:15:08 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/06 16:00:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 12:18:08 | 000,037,198 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2010/04/03 12:00:00 | 000,011,128 | ---- | M] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/02 09:01:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 06:28:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/02 06:27:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/01 16:45:00 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/01 15:11:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:35 | 000,335,856 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 23:38:19 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 22:49:14 | 049,852,416 | ---- | M] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 18:30:06 | 000,011,024 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:30:01 | 003,494,576 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/30 18:30:01 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 18:29:26 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 17:33:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 02:28:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:10:12 | 000,716,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 23:10:12 | 000,580,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 23:10:12 | 000,122,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/03/28 20:25:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\WinRAR.lnk

========== Files Created - No Company Name ==========

[2010/04/09 18:53:21 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/04/09 17:10:01 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\vde0odcx.sys
[2010/04/06 16:00:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/06 16:00:11 | 000,011,128 | ---- | C] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/06 06:55:14 | 3756,167,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/01 16:45:00 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/01 16:44:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 16:43:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 16:43:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 16:43:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 16:43:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/01 15:11:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:15 | 000,335,856 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 22:46:34 | 049,852,416 | ---- | C] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 18:30:06 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:30:06 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:29:59 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 17:37:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/06 06:09:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 06:09:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/23 02:39:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/12/23 00:15:27 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Drums
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Distortion
[2009/02/15 23:04:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/02/15 23:04:48 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laserjet
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Documentation
[2009/02/15 23:04:16 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Mail
[2009/02/15 22:52:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/31 21:36:50 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/11/25 15:56:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/10/01 23:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/02 16:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/02 16:49:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/08/02 16:42:47 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/02 16:42:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/02 16:41:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/02 16:41:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/02 16:41:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/05/31 14:43:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\.mpid
[2007/05/21 20:45:59 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/24 19:38:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2007/04/24 19:37:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/24 04:25:50 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/27 14:19:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/12/22 21:17:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HOTWHEEL.INI
[2006/12/21 15:42:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/12/10 01:51:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2006/10/19 00:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/09/02 23:26:21 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\P2k.sys
[2006/08/01 11:02:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2006/07/24 12:53:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/07/23 19:18:42 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/23 14:38:02 | 000,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 17:57:06 | 000,073,814 | ---- | C] () -- C:\WINDOWS\System32\cw.dll
[2006/06/11 01:46:03 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini
[2006/03/06 22:52:49 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2006/03/04 20:39:32 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C0EC55B373.sys
[2006/01/27 17:09:57 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/30 20:33:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/25 15:49:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2005/12/03 21:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/27 01:14:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2005/11/26 18:45:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\fdmc.ini
[2005/11/13 20:17:52 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\FASTWiz.log
[2005/11/04 19:40:39 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/02 22:12:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\copmn.ini
[2005/11/01 18:22:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 22:26:13 | 000,037,198 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2005/10/31 16:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/29 20:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/28 15:38:29 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/10/28 15:35:30 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/27 23:27:28 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/27 23:27:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\73B355ECC0.sys
[2005/10/27 21:40:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/27 21:40:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/27 20:43:12 | 000,004,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/27 20:16:09 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\fusioncache.dat
[2005/10/26 14:18:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 14:07:11 | 000,003,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 14:04:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 14:01:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/26 14:01:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/26 13:36:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/26 13:35:30 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:49:36 | 000,016,161 | ---- | C] () -- C:\WINDOWS\System32\ngjcpb9f.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\msdfmap32.ini
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\aclui32.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/25 02:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/06/30 23:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2006/06/30 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/15 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/09/03 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/08 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 17:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/14 00:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Aim
[2005/12/03 00:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Allume Systems
[2007/11/13 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Amazon
[2010/03/30 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\BitTorrent
[2005/12/20 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Common Files
[2009/02/01 04:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DNA
[2007/11/14 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Earthsim
[2010/02/06 06:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\GetRightToGo
[2010/02/06 03:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HandBrake
[2009/11/18 19:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\iTSfv
[2009/04/01 17:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Kontiki
[2005/10/27 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Leadertech
[2010/01/17 04:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\LEGO Company
[2009/02/16 22:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MCMPEGEnc
[2009/02/16 05:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MPEG Streamclip
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\NetMedia Providers
[2009/02/15 23:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Nikon
[2009/04/01 17:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\OfficeUpdate12
[2005/12/10 01:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Opera
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Publish Providers
[2006/08/08 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sereniti
[2007/11/19 19:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Subversion
[2009/10/15 17:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\SystemRequirementsLab
[2009/04/07 18:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Viewpoint
[2009/10/23 14:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Desktop Search
[2009/10/25 03:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Search
[2010/04/09 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job

========== Purity Check ==========

< End of report >

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:07 on 10/04/2010 by Graham (Administrator - Elevation successful)

========== filefind ==========

Searching for "0.exe"
No files found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\boot]
"comm.drv"="comm.drv"
"display.drv"="vga.drv"
"drivers"="mmsystem.dll"
"fixedfon.fon"="vgafix.fon"
"fonts.fon"="vgasys.fon"
"keyboard.drv"="keyboard.drv"
"language.dll"=""
"mouse.drv"="mouse.drv"
"network.drv"="wfwnet.drv"
"oemfonts.fon"="vgaoem.fon"
"previousProjectorProcessID"="0"
"shell"="progman.exe"
"sound.drv"="sound.drv"
"system.drv"="system.drv"

-=End Of File=-

#45
hammerman

Posted 10 April 2010 - 02:58 PM

Member 4k

Member
4,183 posts

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2010/04/09 17:10:01 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\vde0odcx.sys
[2010/03/30 22:49:14 | 049,852,416 | ---- | M] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2006/12/10 01:51:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2006/03/04 20:39:32 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C0EC55B373.sys
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\msdfmap32.ini
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\aclui32.dll
[2004/08/19 15:49:36 | 000,016,161 | ---- | C] () -- C:\WINDOWS\System32\ngjcpb9f.dll

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

-- Step 2 --

Please run a SysProt scan and attach the log.

-- Step 3 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.