trojan.dnschanger

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

2 Pages
1
2
→

trojan.dnschanger

#1 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 05 July 2010 - 09:26 PM

Hi,
I got a virus today and its being pretty resistant to removal

Unfortunately my antivirus isnt seeing anything, but its obviously there.

OTL.txt:

OTL logfile created on: 7/5/2010 11:12:43 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Lugnutz87\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.00 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 26.26 Gb Free Space | 11.28% Space Free | Partition Type: FAT32
Drive E: | 630.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN
Current User Name: Lugnutz87
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/05 23:12:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lugnutz87\My Documents\Downloads\OTL.exe
PRC - [2010/06/28 18:29:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Firefox\firefox.exe
PRC - [2010/06/02 18:28:35 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 18:28:30 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 18:28:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 18:28:02 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 18:28:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/16 17:49:16 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/03/24 19:47:07 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

========== Modules (SafeList) ==========

MOD - [2010/07/05 23:12:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lugnutz87\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/24 00:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/16 17:49:16 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/13 17:04:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys -- (bDMusicb)
DRV - [2010/06/02 18:28:30 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 18:28:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/04 22:45:04 | 004,807,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/03/16 17:48:40 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/02 20:43:06 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/02 20:43:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/19 08:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/04 14:26:20 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2008/10/06 15:20:09 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2003/10/13 01:29:00 | 000,066,688 | R--- | M] (NETGEAR ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Firefox\components [2010/06/28 18:29:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Firefox\plugins [2010/06/28 18:29:54 | 000,000,000 | ---D | M]

[2009/07/27 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Extensions
[2010/07/05 04:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions
[2010/04/26 21:58:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 09:25:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/23 22:10:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/05 15:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [EPSON Stylus CX9400Fax Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EWABQAF7KL] C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\Vtl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1260314066921 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212451221434 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1212451414981 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Justin.tv Publisher http://www.justin.tv...v_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40 213.109.75.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.228,93.188.166.208
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/20 10:17:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/05/06 08:36:00 | 000,000,059 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/05/08 05:18:48 | 000,491,520 | R--- | M] () - E:\AutorunArcanum.exe -- [ CDFS ]
O33 - MountPoints2\{f91a33bb-c7fb-11de-82e4-00146ccbc7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{f91a33bb-c7fb-11de-82e4-00146ccbc7e5}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71226779859156992)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 19:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Malwarebytes
[2010/07/05 19:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 19:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/05 19:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 19:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 19:38:38 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lugnutz87\Desktop\bubba.exe
[2010/06/25 19:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/06/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2010/06/22 18:15:00 | 000,000,000 | ---D | C] -- C:\DSAVANT
[2010/06/22 18:13:37 | 000,000,000 | ---D | C] -- C:\WIZARD15
[2010/06/07 19:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/07 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade Savegames
[2010/06/07 17:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Mount&Blade
[2010/06/05 17:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\bios
[2010/06/05 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\memcards
[2010/06/03 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Media Player Classic
[2010/05/31 21:15:30 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/05/31 21:15:30 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/05/31 21:15:30 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/05/31 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/05/31 21:11:21 | 016,418,083 | ---- | C] ( ) -- C:\Documents and Settings\Lugnutz87\My Documents\K-Lite_Codec_Pack_600_Full.exe
[2010/05/28 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Procaster
[2010/05/28 19:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2010/05/27 21:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2010/05/27 21:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/27 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/05/27 21:27:25 | 000,000,000 | ---D | C] -- C:\ATI
[2010/05/27 21:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/05/27 20:51:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/05/27 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/27 20:50:56 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/27 20:35:13 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/05/27 20:35:13 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/05/27 20:35:13 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/05/27 20:35:12 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/05/27 20:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\ATI
[2010/05/27 20:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\ATI
[2010/05/15 20:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/15 20:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/15 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta
[2010/05/15 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2008/06/02 20:24:29 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/05 23:08:46 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\09ee8110.job
[2010/07/05 23:03:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/07/05 23:03:46 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/05 23:03:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 23:03:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 19:51:30 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/05 19:51:30 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/05 19:51:30 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/05 19:51:08 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Lugnutz87\NTUSER.DAT
[2010/07/05 19:51:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lugnutz87\ntuser.ini
[2010/07/05 19:50:34 | 000,227,452 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\screenshot.JPG
[2010/07/05 19:38:22 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lugnutz87\Desktop\bubba.exe
[2010/07/05 19:26:40 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\hook.ini
[2010/07/05 19:16:21 | 002,105,572 | -H-- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\IconCache.db
[2010/07/05 18:15:27 | 061,665,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/05 18:04:51 | 000,179,200 | ---- | M] () -- C:\WINDOWS\Vmifua.exe
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Application Data\09ee8110.exe
[2010/07/05 17:18:29 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/07/05 17:18:29 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/07/05 17:18:29 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/07/05 16:14:33 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 11:53:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 21:22:22 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Arcanum.lnk
[2010/07/02 16:10:48 | 000,000,295 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2010/07/02 13:09:17 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Master of Orion II.lnk
[2010/07/01 22:58:24 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 19:48:31 | 000,000,410 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Dragon Age Origins.lnk
[2010/06/24 23:17:15 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 23:17:15 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 23:17:15 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 23:11:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/23 23:11:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/23 22:42:32 | 000,014,372 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean2.SGM
[2010/06/23 22:36:24 | 000,014,372 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean1.SGM
[2010/06/23 18:31:26 | 000,001,043 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2010/06/22 19:12:57 | 000,106,279 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\gh.JPG
[2010/06/22 18:50:30 | 000,000,094 | ---- | M] () -- C:\WIZ.INI
[2010/06/22 18:50:18 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Wizardry Gold.lnk
[2010/06/12 19:09:38 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 18:30:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 17:29:18 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade.lnk
[2010/06/05 17:42:53 | 000,791,582 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\PSX1.7.zip
[2010/06/02 18:28:30 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:28:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 21:13:25 | 016,418,083 | ---- | M] ( ) -- C:\Documents and Settings\Lugnutz87\My Documents\K-Lite_Codec_Pack_600_Full.exe
[2010/05/28 14:58:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/28 14:58:41 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\ZoneAlarm Security.lnk
[2010/05/28 14:58:38 | 000,420,890 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/27 21:02:24 | 000,021,432 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 21:02:16 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Driver Sweeper.lnk
[2010/05/27 20:28:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/27 16:15:11 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/27 04:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/27 04:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/05/23 18:05:22 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta.lnk
[2010/05/15 19:59:28 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Majesty 2.doc
[2010/05/04 21:27:02 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/05/04 21:26:52 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/05/04 21:26:46 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/05/04 21:26:42 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/05/04 21:24:28 | 000,479,664 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/04 21:24:22 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/05/04 21:24:22 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/05/04 21:23:52 | 000,042,640 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 14:55:28 | 000,021,290 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010/04/13 13:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/13 09:02:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders (2).lnk
[2010/04/13 09:02:51 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders.lnk

========== Files Created - No Company Name ==========

[2010/07/05 20:45:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\gmer.exe
[2010/07/05 19:50:34 | 000,227,452 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\screenshot.JPG
[2010/07/05 19:26:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\hook.ini
[2010/07/05 19:26:15 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\D3dHook.dll
[2010/07/05 19:26:15 | 000,755,712 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\D3DWindower-English.exe
[2010/07/05 18:04:59 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/05 18:04:58 | 000,179,200 | ---- | C] () -- C:\WINDOWS\Vmifua.exe
[2010/07/05 18:04:50 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Application Data\09ee8110.exe
[2010/07/05 18:04:49 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\09ee8110.job
[2010/07/02 21:07:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/02 16:10:48 | 000,000,295 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/07/02 13:09:17 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Master of Orion II.lnk
[2010/06/22 21:50:00 | 000,014,372 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean2.SGM
[2010/06/22 20:51:16 | 000,014,372 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean1.SGM
[2010/06/22 19:12:57 | 000,106,279 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\gh.JPG
[2010/06/22 18:50:30 | 000,000,094 | ---- | C] () -- C:\WIZ.INI
[2010/06/22 18:50:18 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Wizardry Gold.lnk
[2010/06/07 17:22:58 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade.lnk
[2010/06/05 17:42:53 | 000,791,582 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\PSX1.7.zip
[2010/05/31 21:15:31 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/31 21:15:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/31 21:15:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/05/31 21:15:29 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/31 21:15:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/31 21:15:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/31 21:15:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/27 21:02:16 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Driver Sweeper.lnk
[2010/05/27 20:35:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/05/27 20:35:13 | 000,479,664 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/27 20:35:13 | 000,042,640 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/05/27 20:35:13 | 000,021,290 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/05/27 20:35:11 | 000,203,331 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/05/27 20:35:11 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/05/27 16:15:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/15 19:56:29 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta.lnk
[2010/05/02 00:22:11 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Majesty 2.doc
[2010/04/13 09:02:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders (2).lnk
[2010/04/13 09:02:51 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders.lnk
[2010/01/12 05:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/02 20:43:05 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/02 20:43:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/17 19:48:45 | 000,007,200 | ---- | C] () -- C:\WINDOWS\OUTHELP.DLL
[2009/08/17 19:33:57 | 000,000,177 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/06/19 15:04:44 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/19 15:04:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/19 15:04:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/04/02 17:47:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2009/04/02 17:46:51 | 000,001,043 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2009/04/02 17:42:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/01/25 14:05:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/05 23:20:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/04 14:26:20 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2008/10/10 08:33:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/03 12:03:32 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/07/11 16:50:28 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/10 11:36:25 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/06/11 22:30:10 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/06/02 20:25:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/08/24 11:50:24 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2007/08/24 11:50:24 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/24 01:00:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/07/26 17:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/11/06 14:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
[2009/12/01 14:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/11/04 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BioWare
[2010/01/27 18:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2008/08/11 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2008/06/02 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/05/06 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/02/20 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Paradox Interactive
[2008/11/03 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
[2010/02/13 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010/04/03 16:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/11/06 14:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2008/11/22 11:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/06/02 20:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\acccore
[2008/08/13 19:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\fltk.org
[2008/10/25 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Leadertech
[2010/06/07 19:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mount&Blade
[2009/05/06 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\NCH Swift Sound
[2010/02/19 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Tilted Mill
[2010/07/04 00:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\uTorrent
[2010/07/05 23:08:46 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\Tasks\09ee8110.job
[2010/07/05 23:03:46 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/06/20 10:17:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/06/22 20:49:17 | 000,042,768 | -H-- | M] () -- C:\BEDBBBDA
[2000/07/31 13:28:00 | 000,286,208 | ---- | M] () -- C:\binkw32.dll
[2008/06/02 21:32:27 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/06/20 10:17:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/17 22:34:10 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin
[2004/06/20 10:17:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/06 14:20:56 | 000,001,991 | -H-- | M] () -- C:\IPH.PH
[2005/12/11 13:20:09 | 000,000,355 | ---- | M] () -- C:\mmcInst.log
[2007/09/23 18:12:10 | 000,001,414 | ---- | M] () -- C:\moduleName.txt
[2004/06/20 10:17:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/06/02 21:26:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/02 23:08:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/05 23:03:29 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/03/24 07:34:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/10/17 23:02:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/10/18 22:47:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/10/19 00:49:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/03/24 07:34:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/10/17 23:02:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/10/18 22:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/10/19 00:49:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/22 18:50:30 | 000,000,094 | ---- | M] () -- C:\WIZ.INI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/06/02 20:33:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1c9s17.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1oCEIQ.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1sK317.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7q3wSK3.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ931o.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\k93gMY3.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\uO5o5.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 21:39:32 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/01/01 21:01:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/01 21:01:56 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/01 21:01:56 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-25 03:18:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
< End of report >

Extras.txt:

OTL Extras logfile created on: 7/5/2010 11:12:43 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Lugnutz87\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.00 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 26.26 Gb Free Space | 11.28% Space Free | Partition Type: FAT32
Drive E: | 630.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN
Current User Name: Lugnutz87
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\DS2\DungeonSiege2.exe" = D:\DS2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"D:\Neverwinter Nights 2\nwn2main.exe" = D:\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"D:\Neverwinter Nights 2\nwn2main_amdxp.exe" = D:\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"D:\Neverwinter Nights 2\nwupdate.exe" = D:\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"D:\Neverwinter Nights 2\nwn2server.exe" = D:\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Vent\Ventrilo.exe" = C:\Vent\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"D:\Civ 4\Beyond the Sword\Civ4BeyondSword.exe" = D:\Civ 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\Civ 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\Civ 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"D:\Mass Effect\Binaries\MassEffect.exe" = D:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\Mass Effect\MassEffectLauncher.exe" = D:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Mass Effect 2\Binaries\MassEffect2.exe" = D:\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"D:\Mass Effect 2\MassEffect2Launcher.exe" = D:\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"D:\Majesty 2\Majesty2.exe" = D:\Majesty 2\Majesty2.exe:*:Enabled:Majesty 2 -- (1C:Ino-Co)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"D:\Dragon Age\bin_ship\daorigins.exe" = D:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"D:\Dragon Age\DAOriginsLauncher.exe" = D:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"D:\Dragon Age\bin_ship\daupdatersvc.service.exe" = D:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04F4C024-355B-78A1-E9FE-B336F60C174E}" = Catalyst Control Center Core Implementation
"{052A55B1-0182-4551-93CD-2D078A120CAB}" = TurboTax 2008 wnciper
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08AF4562-BD24-4346-8151-3FEA0F6DDD17}" = ATI AVIVO Codecs
"{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}" = Arcanum
"{0A849254-606B-0ED5-1CAD-2E29664ED33C}" = CCC Help Polish
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{210A1E11-CF35-FC2F-0471-0590CC61AA67}" = Catalyst Control Center Localization All
"{211A6C97-75F0-3107-5AF2-A902A87B28A5}" = CCC Help Swedish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C63E16-5CB9-16E5-A931-8963E5DE8421}" = Catalyst Control Center HydraVision Full
"{261F1198-0B68-9702-8055-9A6CC05E7D85}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29A0F20B-51B5-F6C5-6FAE-4187774382C1}" = Catalyst Control Center Graphics Light
"{2C288961-5ABA-3D23-490F-902F9F11D440}" = Catalyst Control Center Graphics Light
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{320A3D65-8444-A6ED-8148-D900D1A8ECE6}" = CCC Help Czech
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{40CE1868-D853-FC79-C128-32C23A848415}" = CCC Help Japanese
"{41C0A86B-67BB-BA58-5086-26D8C419CFA0}" = ATI Catalyst Install Manager
"{44ABD326-3F24-7241-73BF-6B663FD7F6A5}" = Catalyst Control Center HydraVision Full
"{458207CA-1B0C-4A35-AEDF-9C9D5B0579C5}" = Livestream Procaster
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD1CD43-097C-6390-CF29-F8582EE32AF2}" = CCC Help German
"{4F73512F-90DF-4BF2-FCF9-0E5C83996136}" = ccc-core-preinstall
"{5155D224-5E7C-95B9-63CC-CD4786802744}" = CCC Help Italian
"{56D1E9E5-204A-E468-DAC1-644C9CB2DC65}" = Catalyst Control Center Core Implementation
"{57A1744C-01CC-C376-889C-D9F03162352E}" = Catalyst Control Center Graphics Full Existing
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68714F44-295D-7F81-233A-A81701695635}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7600B3FE-F267-D350-3BA1-9E6874B8E536}" = ccc-utility
"{7603844A-9A26-9F5B-A226-2CE30B122768}" = CCC Help Finnish
"{76D8C2AA-3EC9-D5D0-F6D0-F6DC77D8A322}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779E908A-E96C-7855-1AA1-A1F2899F273C}" = Catalyst Control Center Graphics Full New
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81D8048B-5900-526C-4443-8290C5D76759}" = CCC Help English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{928E3203-C6A3-3610-7C68-8C7AEBF7871A}" = CCC Help Chinese Traditional
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1640B9F-A286-814D-52FC-E36CB6C48E8E}" = ccc-utility
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A309442C-54E5-0DE0-27CA-58C1917606A0}" = Skins
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B70BC4-F2F1-741B-4620-0AAC0BBAAAF7}" = Catalyst Control Center Graphics Previews Common
"{AC50CB60-7D5A-5953-6A38-496E08B9433C}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF2BD69D-F818-B34B-0F3F-CC93B353FC87}" = CCC Help Russian
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B6CE2F00-A7C2-2ED9-4691-9FACBDE24C2B}" = CCC Help Korean
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF493FC0-48B9-45C1-A482-EF04813926BB}" = Point 6.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C1D0BA92-553C-4F9E-6ECE-D03AA8626710}" = CCC Help English
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C56C4023-6B2E-7F8A-C72F-655089BFEA81}" = Catalyst Control Center Graphics Previews Common
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75C6783-CD7D-AF45-43B4-2885A3948318}" = Catalyst Control Center Graphics Full New
"{CA4E4EB6-55D1-FD77-8B09-84A1403F502D}" = CCC Help Hungarian
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAF3507-FCB3-11D2-850C-00C0F01410B1}" = Majesty
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0EEC1CF-2E65-A9A6-723E-824F1AD2E2F5}" = CCC Help Spanish
"{D499EFEF-0C5E-406B-30CB-D25D377A3FAA}" = CCC Help Dutch
"{D7577D02-110A-81AC-8D08-5EB7C8C2A18B}" = CCC Help Portuguese
"{DAA4730F-507F-FE2F-BC20-8884190C3C56}" = ccc-core-preinstall
"{DACDED72-9648-D967-A7B8-3C6EB55F2BFE}" = CCC Help French
"{E08612D5-B4F9-6E99-0598-03888ABAEF98}" = ccc-core-static
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E29A9DF4-ED20-E721-5B90-8472913AFB36}" = CCC Help Chinese Standard
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB12C674-4AA0-765E-C318-2BAE54DEA723}" = CCC Help Thai
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC98ABD5-58BB-3D49-BBBF-78AC39D23BA0}" = CCC Help Norwegian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8B743FD-0C42-441E-8C22-70435C53C60B}" = Majesty - The Northern Expansion
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FEC00C30-FDB6-F83F-FE95-B6CDD266776D}" = CCC Help Danish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AudioCS" = Creative Audio Control Panel
"AVG9Uninstall" = AVG Free 9.0
"Baldur's Gate" = Baldur's Gate
"Battle for Wesnoth 1.6.5" = Battle for Wesnoth 1.6.5
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup.divx.com" = DivX Setup
"Dungeon Keeper II" = Dungeon Keeper 2
"DungeonSiege2" = Dungeon Siege 2
"EA Installer.-1079369317" = EA Installer
"EADM" = EA Download Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"Fraps" = Fraps (remove only)
"Hinterland" = Hinterland
"ie8" = Windows Internet Explorer 8
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Full)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myst 1.3" = Myst
"Network MagicUninstall" = Network Magic
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"OpenAL" = OpenAL
"Orion2DeinstKey" = Master of Orion II
"PSXMemTool" = PSXMemTool 1.19b (remove only)
"RealPlayer 6.0" = RealPlayer
"Sacred_is1" = Sacred
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"SysInfo" = Creative System Information
"Temple of Elemental Evil Circle of Eight Mod Pack_is1" = Temple of Elemental Evil - Circle of Eight Mod Pack 5.0.0 FINAL
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"VH Toolkit_is1" = VH Toolkit 1.0.44.0
"WavePad" = WavePad Sound Editor
"WaveStudio 7" = Creative WaveStudio 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wizardry Gold" = Wizardry Gold
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2010 9:08:55 PM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application Arcanum.exe, version 1.0.7.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/2/2010 9:40:02 PM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application Arcanum.exe, version 1.0.7.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/3/2010 12:56:41 AM | Computer Name = SEAN | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.1.0.432, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 7/5/2010 4:16:05 PM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application Arcanum.exe, version 1.0.7.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2010 5:58:23 PM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application Arcanum.exe, version 1.0.7.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2010 5:58:29 PM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application Arcanum.exe, version 1.0.7.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2010 6:20:22 PM | Computer Name = SEAN | Source = Windows Live Messenger | ID = 1000
Description =

Error - 7/5/2010 7:16:27 PM | Computer Name = SEAN | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2010 8:05:20 PM | Computer Name = SEAN | Source = ESENT | ID = 490
Description = svchost (1104) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/5/2010 8:05:20 PM | Computer Name = SEAN | Source = ESENT | ID = 470
Description = Catalog Database (1104) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

[ System Events ]
Error - 7/5/2010 7:28:10 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/5/2010 7:28:10 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7034
Description = The Creative Audio Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/5/2010 7:28:10 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/5/2010 7:28:10 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/5/2010 7:28:10 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/5/2010 7:28:10 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 7/5/2010 8:58:16 PM | Computer Name = SEAN | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 00030030, parameter3
884f9b94, parameter4 00000000.

Error - 7/5/2010 8:59:19 PM | Computer Name = SEAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00146CCBC7E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/5/2010 10:20:16 PM | Computer Name = SEAN | Source = Service Control Manager | ID = 7022
Description = The TrueVector Internet Monitor service hung on starting.

Error - 7/5/2010 10:21:57 PM | Computer Name = SEAN | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f62ad56e, parameter2 00000008, parameter3
f62ad56e, parameter4 00000002.

< End of report >

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-05 23:00:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\pxtdypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA8856782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA88756DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA8857398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA8876FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA887693C]
SSDT spij.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT spij.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA887793C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA8877B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA8856FAA]
SSDT spij.sys ZwOpenKey [0xB9EAB0C0]
SSDT spij.sys ZwQueryKey [0xB9EC9108]
SSDT spij.sys ZwQueryValueKey [0xB9EC8F88]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA88788D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA8878208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA88792A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA885775C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA8878E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA88760C4]

INT 0x73 ? 8AF48BF8
INT 0x73 ? 8AF48BF8
INT 0x73 ? 8AF48BF8
INT 0x73 ? 8AF48BF8
INT 0x73 ? 8ACC5BF8
INT 0x73 ? 8AF48BF8
INT 0x84 ? 8ACC5BF8
INT 0xA4 ? 8ACC5BF8
INT 0xA4 ? 8ACC5BF8
INT 0xA4 ? 8ACC5BF8
INT 0xA4 ? 8ACC5BF8
INT 0xB4 ? 8ACC5BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!MmIsThisAnNtAsSystem + 1FE 80517600 22 Bytes [2A, 2A, 2A, 2A, 2A, 2A, 2A, ...]
.text ntkrnlpa.exe!MmIsThisAnNtAsSystem + 215 80517617 98 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!MmIsThisAnNtAsSystem + 278 8051767A 41 Bytes [06, 8B, 5D, 08, 89, 4D, F8, ...]
.text ntkrnlpa.exe!MmIsThisAnNtAsSystem + 2A2 805176A4 61 Bytes [50, FF, 45, 08, 83, C6, 1C, ...]
.text ntkrnlpa.exe!MmIsThisAnNtAsSystem + 2E0 805176E2 43 Bytes CALL 8052B5E8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 62 8051976A 5 Bytes [3B, 05, C0, 1B, 56]
.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + 68 80519770 68 Bytes [74, 36, BB, E0, 1B, 56, 80, ...]
.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + AD 805197B5 4 Bytes [B8, 44, 1D, 55]
.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + B2 805197BA 36 Bytes [83, C9, FF, F0, 0F, C1, 08, ...]
.text ntkrnlpa.exe!MmTrimAllSystemPagableMemory + D7 805197DF 6 Bytes [00, 83, 0D, E8, 1E, 56] {ADD [EBX+0x561ee80d], AL}
.text ...
.text ntkrnlpa.exe!ZwGetWriteWatch 80521196 39 Bytes [68, 88, 04, 00, 00, 68, 18, ...]
.text ntkrnlpa.exe!ZwGetWriteWatch + 28 805211BE 27 Bytes [8B, 48, 44, 89, 4D, B4, 8A, ...]
.text ntkrnlpa.exe!ZwGetWriteWatch + 44 805211DA 1 Byte [00]
.text ntkrnlpa.exe!ZwGetWriteWatch + 47 805211DD 4 Bytes [A1, 3C, 21, 56]
.text ntkrnlpa.exe!ZwGetWriteWatch + 4C 805211E2 51 Bytes [8D, 88, 00, 00, FF, FF, 3B, ...]
.text ...
.text ntkrnlpa.exe!ZwResetWriteWatch + D 8052168B 6 Bytes [57, 8B, 7D, 0C, 8D, 88]
.text ntkrnlpa.exe!ZwResetWriteWatch + 14 80521692 15 Bytes [00, FF, FF, 3B, F9, 76, 0A, ...]
.text ntkrnlpa.exe!ZwResetWriteWatch + 24 805216A2 19 Bytes [00, 2B, C7, 56, 8B, 75, 10, ...]
.text ntkrnlpa.exe!ZwResetWriteWatch + 38 805216B6 50 Bytes JMP 80521947 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ZwResetWriteWatch + 6B 805216E9 27 Bytes [6A, 08, FF, 75, 08, E8, 8F, ...]
.text ...
.text ntkrnlpa.exe!ObReferenceObjectByPointer + 2F 8052646D 38 Bytes [00, 74, 08, 6A, 01, 56, E8, ...]
.text ntkrnlpa.exe!ObReferenceObjectByPointer + 56 80526494 2 Bytes [56, 57] {PUSH ESI; PUSH EDI}
.text ntkrnlpa.exe!ObReferenceObjectByPointer + 59 80526497 14 Bytes [0D, 30, 2F, 56, 80, 89, 4A, ...]
.text ntkrnlpa.exe!ObReferenceObjectByPointer + 69 805264A7 174 Bytes [C1, F0, 0F, B1, 37, 3B, C1, ...]
.text ntkrnlpa.exe!ObfReferenceObject + 8C 80526556 71 Bytes [00, CC, 4F, 62, 70, 52, 65, ...]
.text ntkrnlpa.exe!ObfReferenceObject + D4 8052659E 106 Bytes [FF, 84, C0, 0F, 84, AB, 00, ...]
.text ntkrnlpa.exe!ObfReferenceObject + 13F 80526609 1 Byte [E8]
.text ntkrnlpa.exe!ObfReferenceObject + 13F 80526609 154 Bytes CALL 8052B87E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ObfDereferenceObject + A 805266A4 30 Bytes CALL 80BC6F1D
.text ntkrnlpa.exe!ObfDereferenceObject + 29 805266C3 28 Bytes [84, C0, 75, 23, 38, 05, D8, ...]
.text ntkrnlpa.exe!ObfDereferenceObject + 46 805266E0 14 Bytes CALL 805BB375 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ObfDereferenceObject + 56 805266F0 121 Bytes [8B, C7, 5F, 5E, 5B, C3, CC, ...]
.text ntkrnlpa.exe!ObDereferenceObject + 6E 8052676A 15 Bytes [B0, 01, EB, F7, CC, CC, CC, ...]
.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 7 8052677B 112 Bytes CALL 8053BBA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 78 805267EC 19 Bytes [53, 8D, 45, E0, 50, FF, 75, ...]
.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + 8C 80526800 29 Bytes [09, 00, 8B, F0, 3B, F3, 0F, ...]
.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + AB 8052681F 75 Bytes [C0, 8B, 4D, DC, 8B, 41, F0, ...]
.text ntkrnlpa.exe!ZwSignalAndWaitForSingleObject + F7 8052686B 43 Bytes [3B, 05, E4, 46, 56, 80, 75, ...]
.text ...
.text ntkrnlpa.exe!ObIsDosDeviceLocallyMapped + 21 80526961 32 Bytes [83, 3C, BD, 60, 21, 56, 80, ...]
.text ntkrnlpa.exe!ObIsDosDeviceLocallyMapped + 42 80526982 86 Bytes [C0, 5F, 5D, C2, 08, 00, CC, ...]
.text ntkrnlpa.exe!ObIsDosDeviceLocallyMapped + 99 805269D9 36 Bytes [FF, 55, 8B, EC, 8B, 15, B8, ...]
.text ntkrnlpa.exe!ObIsDosDeviceLocallyMapped + BE 805269FE 27 Bytes [49, 08, 3B, 4D, 0C, 74, 08, ...]
.text ntkrnlpa.exe!ObIsDosDeviceLocallyMapped + DA 80526A1A 14 Bytes [55, 8B, EC, 51, 51, A1, 6C, ...] {PUSH EBP; MOV EBP, ESP; PUSH ECX; PUSH ECX; MOV EAX, [0x8056466c]; TEST EAX, EAX; PUSH EBX; PUSH ESI}
.text ...
.text ntkrnlpa.exe!PoStartNextPowerIrp + 41 80526BEB 13 Bytes [3D, 24, 33, 56, 80, 01, 7E, ...]
.text ntkrnlpa.exe!PoStartNextPowerIrp + 4F 80526BF9 12 Bytes [6A, 01, FF, 75, F8, E8, D5, ...] {PUSH 0x1; PUSH DWORD [EBP-0x8]; CALL 0xfffffffffffffddf; MOV ESI, EAX}
.text ntkrnlpa.exe!PoStartNextPowerIrp + 5C 80526C06 19 Bytes [F6, 74, 2B, 8B, 7E, 60, 8B, ...] {DIV BYTE [EBX+EBP-0x75]; JLE 0x66; MOV EAX, [EDI-0x20]; SUB EDI, 0x24; AND EAX, 0x5; CMP AL, 0x5; JZ 0x26}
.text ntkrnlpa.exe!PoStartNextPowerIrp + 70 80526C1A 74 Bytes [46, 58, 8B, 4E, 5C, 89, 01, ...]
.text ntkrnlpa.exe!PoStartNextPowerIrp + BB 80526C65 71 Bytes [FF, 8B, F8, 85, FF, 0F, 84, ...]
.text ...
.text ntkrnlpa.exe!PoCallDriver + 2 80526E9E 59 Bytes [55, 8B, EC, 51, 53, 56, 57, ...]
.text ntkrnlpa.exe!PoCallDriver + 3E 80526EDA 1 Byte [63]
.text ntkrnlpa.exe!PoCallDriver + 3E 80526EDA 22 Bytes [63, 1C, 00, 32, D2, 8B, CB, ...]
.text ntkrnlpa.exe!PoCallDriver + 55 80526EF1 41 Bytes JMP 8052702F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!PoCallDriver + 7F 80526F1B 57 Bytes [00, 80, F9, 02, 0F, 85, 97, ...]
.text ...
.text ntkrnlpa.exe!PoRequestPowerIrp + 30 805270A8 6 Bytes [00, C0, E9, F8, 00, 00]
.text ntkrnlpa.exe!PoRequestPowerIrp + 37 805270AF 29 Bytes [33, D2, 57, 42, 8B, CE, E8, ...]
.text ntkrnlpa.exe!PoRequestPowerIrp + 55 805270CD 95 Bytes CALL 80546A00 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!PoRequestPowerIrp + B5 8052712D 19 Bytes [40, 50, 89, 47, E4, 89, 57, ...]
.text ntkrnlpa.exe!PoRequestPowerIrp + C9 80527141 57 Bytes CALL 80528D2A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntkrnlpa.exe!PoCancelDeviceNotify + 34 805271E6 44 Bytes [C9, 7C, 57, 49, 89, 48, 04, ...]
.text ntkrnlpa.exe!PoCancelDeviceNotify + 61 80527213 10 Bytes [49, 04, 89, 09, 38, 50, 20, ...] {DEC ECX; ADD AL, 0x89; OR [EAX], EDI; PUSH EAX; AND [ESI+0x74], BL; PUSH ES}
.text ntkrnlpa.exe!PoCancelDeviceNotify + 6C 8052721E 11 Bytes [0D, 68, 30, 56, 80, 52, 50, ...]
.text ntkrnlpa.exe!PoCancelDeviceNotify + 78 8052722A 28 Bytes [8A, 55, FF, 8B, CF, FF, 15, ...]
.text ntkrnlpa.exe!PoCancelDeviceNotify + 95 80527247 13 Bytes [8A, 55, FF, 8B, CF, FF, 15, ...]
.text ...
.text ntkrnlpa.exe!PoRegisterDeviceNotify + 11 805277AD 10 Bytes [00, 00, 39, 45, 14, 0F, 84, ...]
.text ntkrnlpa.exe!PoRegisterDeviceNotify + 1C 805277B8 31 Bytes [39, 45, 1C, 0F, 84, 82, 00, ...]
.text ntkrnlpa.exe!PoRegisterDeviceNotify + 3C 805277D8 17 Bytes [00, 39, 41, 14, 74, 65, 6A, ...]
.text ntkrnlpa.exe!PoRegisterDeviceNotify + 4F 805277EB 41 Bytes CALL 805279CF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!PoRegisterDeviceNotify + 7A 80527816 31 Bytes [85, C0, 7C, 1C, C7, 06, 50, ...]
.text ...
.text ntkrnlpa.exe!PoRegisterDeviceForIdleDetection + 2D 80527A8F 51 Bytes [00, 8B, 70, 0C, 3B, F7, 74, ...]
.text ntkrnlpa.exe!PoRegisterDeviceForIdleDetection + 61 80527AC3 35 Bytes [33, C0, 89, 46, 04, 89, 46, ...]
.text ntkrnlpa.exe!PoRegisterDeviceForIdleDetection + 85 80527AE7 1 Byte [4D]
.text ntkrnlpa.exe!PoRegisterDeviceForIdleDetection + 85 80527AE7 13 Bytes [4D, 08, 89, 7D, FC, 75, 1A, ...] {DEC EBP; OR [ECX+0x1a75fc7d], CL; CMP DWORD [EBP+0x10], -0x1; JNZ 0x21}
.text ntkrnlpa.exe!PoRegisterDeviceForIdleDetection + 93 80527AF5 85 Bytes [41, 2C, 83, F8, 07, 74, 05, ...]
.text ...
.text ntkrnlpa.exe!PoSetSystemState + 28 80527CCC 71 Bytes [00, 5D, C2, 04, 00, CC, CC, ...]
.text ntkrnlpa.exe!PoRegisterSystemState + 3E 80527D14 63 Bytes [06, B9, 00, 00, 00, 80, 0B, ...]
.text ntkrnlpa.exe!PoUnregisterSystemState + 14 80527D54 81 Bytes CALL 8054B2DD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!PoUnregisterSystemState + 66 80527DA6 29 Bytes [87, 01, 85, C0, 75, 1C, 21, ...]
.text ntkrnlpa.exe!PoUnregisterSystemState + 84 80527DC4 147 Bytes [1E, 08, 01, 00, C2, 04, 00, ...]
.text ntkrnlpa.exe!PoUnregisterSystemState + 118 80527E58 21 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ntkrnlpa.exe!PoUnregisterSystemState + 12E 80527E6E 48 Bytes [C1, 74, 1F, 8B, 08, 8B, 55, ...]
.text ...
.text ntkrnlpa.exe!PoSetPowerState + AE 8052800E 58 Bytes [FF, 15, 24, 81, 4D, 80, 83, ...]
.text ntkrnlpa.exe!PoSetPowerState + EA 8052804A 2 Bytes [20, 81]
.text ntkrnlpa.exe!PoSetPowerState + EE 8052804E 52 Bytes [8B, 4D, 08, 8B, 71, 08, C1, ...]
.text ntkrnlpa.exe!PoSetPowerState + 123 80528083 28 Bytes [A3, 20, 64, 55, 80, A3, 28, ...]
.text ntkrnlpa.exe!PoSetPowerState + 140 805280A0 9 Bytes [10, C3, CC, CC, CC, CC, CC, ...]
.text ...
.text ntkrnlpa.exe!PsReturnPoolQuota + 59 8052A933 129 Bytes [74, 50, 8B, 45, 0C, 8B, 4D, ...]
.text ntkrnlpa.exe!PsReturnPoolQuota + DC 8052A9B6 25 Bytes [00, F0, 0F, C1, 01, 29, 55, ...]
.text ntkrnlpa.exe!PsReturnPoolQuota + F6 8052A9D0 71 Bytes [8B, 1E, 89, 45, F4, EB, B4, ...]
.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 30 8052AA18 42 Bytes [3B, C7, 89, 75, F4, 89, 4D, ...]
.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 5B 8052AA43 57 Bytes [FC, 2B, 4D, FC, 8B, 45, F8, ...]
.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 95 8052AA7D 3 Bytes [C9, EB, 04] {LEAVE ; JMP 0x7}
.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + 9A 8052AA82 5 Bytes [2B, CA, 8B, 7D, F4] {SUB ECX, EDX; MOV EDI, [EBP-0xc]}
.text ntkrnlpa.exe!PsReturnProcessNonPagedPoolQuota + A0 8052AA88 85 Bytes [C3, F0, 0F, B1, 0F, 3B, C3, ...]
.text ntkrnlpa.exe!PsReturnProcessPagedPoolQuota + 10 8052AADE 222 Bytes [0F, 84, C8, 00, 00, 00, 8B, ...]
.text ntkrnlpa.exe!PsReturnProcessPagedPoolQuota + EF 8052ABBD 62 Bytes [08, 3B, 05, B4, 39, 56, 80, ...]
.text ntkrnlpa.exe!PsReturnProcessPagedPoolQuota + 12E 8052ABFC 11 Bytes [C1, 98, 00, 00, 00, F0, 0F, ...] {RCR DWORD [EAX-0x10000000], 0xf; ROL DWORD [ECX], 0x2b; POP EBP}
.text ntkrnlpa.exe!PsReturnProcessPagedPoolQuota + 13A 8052AC08 16 Bytes [74, 1C, B8, 60, 39, 56, 80, ...]
.text ntkrnlpa.exe!PsReturnProcessPagedPoolQuota + 14B 8052AC19 25 Bytes [8B, F8, BE, 80, 39, 56, 80, ...]
.text ...
.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 11 8052ACFF 26 Bytes JMP 8052ADCE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 2C 8052AD1A 7 Bytes [F8, 8D, 7E, 04, 8B, 07, 89]
.text ntkrnlpa.exe!PsChargeProcessPoolQuota + 34 8052AD22 130 Bytes [FC, 8B, 4D, 10, 03, CB, 3B, ...]
.text ntkrnlpa.exe!PsChargeProcessPoolQuota + B7 8052ADA5 74 Bytes [94, 82, 9C, 00, 00, 00, 8B, ...]
.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 16 8052ADF0 1 Byte [00]
.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 16 8052ADF0 8 Bytes [00, 00, 53, 56, 8B, B0, 40, ...]
.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 1F 8052ADF9 95 Bytes [00, 57, 8B, 3E, 87, 45, FC, ...]
.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 7F 8052AE59 5 Bytes [EB, 06, 8B, F2, F0]
.text ntkrnlpa.exe!PsChargeProcessNonPagedPoolQuota + 85 8052AE5F 171 Bytes [B1, 31, 3B, D0, 77, F6, 8B, ...]
.text ntkrnlpa.exe!PsChargeProcessPagedPoolQuota + 69 8052AF0B 157 Bytes [75, 0C, 53, 56, 6A, 01, E8, ...]
.text ntkrnlpa.exe!PsChargeProcessPagedPoolQuota + 107 8052AFA9 17 Bytes [C6, 74, 18, 8D, 14, 18, 8B, ...]
.text ntkrnlpa.exe!PsChargeProcessPagedPoolQuota + 11A 8052AFBC 130 Bytes [C0, 5F, 5E, 5B, C9, C2, 08, ...]
.text ntkrnlpa.exe!PsGetCurrentThreadId + 3 8052B03F 17 Bytes [01, 00, 00, 8B, 80, F0, 01, ...] {ADD [EAX], EAX; ADD [EBX+0x1f080], CL; ADD BL, AL; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; MOV EDI, EDI}
.text ntkrnlpa.exe!PsGetVersion + 3 8052B051 32 Bytes [8B, EC, 8B, 45, 08, 85, C0, ...]
.text ntkrnlpa.exe!PsGetVersion + 24 8052B072 18 Bytes [45, 10, 85, C0, 74, 0E, 8B, ...] {INC EBP; ADC [EBP-0x74f18b40], AL; OR EAX, 0x8054d0e8; AND ECX, 0x3fff}
.text ntkrnlpa.exe!PsGetVersion + 37 8052B085 29 Bytes [08, 8B, 45, 14, 85, C0, 74, ...]
.text ntkrnlpa.exe!PsGetVersion + 55 8052B0A3 16 Bytes [25, 00, 00, 00, F0, 3D, 00, ...]
.text ntkrnlpa.exe!PsGetVersion + 66 8052B0B4 37 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ntkrnlpa.exe!PsGetJobSessionId + C 8052B0DA 5 Bytes [00, 00, 5D, C2, 04]
.text ntkrnlpa.exe!PsGetJobSessionId + 12 8052B0E0 67 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ntkrnlpa.exe!PsGetProcessDebugPort + E 8052B124 205 Bytes [5D, C2, 04, 00, CC, CC, CC, ...]
.text ntkrnlpa.exe!PsGetProcessPriorityClass + E 8052B1F2 46 Bytes [5D, C2, 04, 00, CC, CC, CC, ...]
.text ntkrnlpa.exe!PsGetProcessWin32Process + D 8052B221 4 Bytes [00, 5D, C2, 04]
.text ntkrnlpa.exe!PsGetProcessWin32Process + 12 8052B226 13 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ntkrnlpa.exe!PsGetThreadId + 8 8052B234 14 Bytes [8B, 80, F0, 01, 00, 00, 5D, ...] {MOV EAX, [EAX+0x1f0]; POP EBP; RET 0x4; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text ntkrnlpa.exe!PsGetThreadId + 17 8052B243 13 Bytes [CC, 8B, FF, 55, 8B, EC, 8B, ...]
.text ntkrnlpa.exe!PsGetThreadFreezeCount + D 8052B251 8 Bytes [00, 5D, C2, 04, 00, CC, CC, ...] {ADD [EBP-0x3e], BL; ADD AL, 0x0; INT 3 ; INT 3 ; INT 3 }
.text ntkrnlpa.exe!PsGetThreadHardErrorsAreDisabled 8052B25C 5 Bytes [8B, FF, 55, 8B, EC] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text ntkrnlpa.exe!PsGetThreadHardErrorsAreDisabled + 6 8052B262 18 Bytes [45, 08, 0F, B6, 80, 48, 02, ...]
.text ntkrnlpa.exe!PsGetThreadHardErrorsAreDisabled + 19 8052B275 6 Bytes [CC, CC, CC, CC, CC, 8B]
.text ntkrnlpa.exe!PsGetThreadProcessId + 2 8052B27C 64 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]
.text ntkrnlpa.exe!IoIsSystemThread + 17 8052B2BD 12 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!PsSetThreadHardErrorsAreDisabled + 8 8052B2CA 39 Bytes [81, C1, 48, 02, 00, 00, 80, ...]
.text ntkrnlpa.exe!IoGetCurrentProcess + 4 8052B2F2 24 Bytes [00, 00, 8B, 40, 44, C3, CC, ...]
.text ntkrnlpa.exe!PsGetCurrentProcessSessionId + D 8052B30B 30 Bytes [FF, C3, CC, CC, CC, CC, CC, ...]
.text ntkrnlpa.exe!PsGetCurrentThreadStackBase + C 8052B32A 10 Bytes [C3, CC, CC, CC, CC, CC, 64, ...]
.text ntkrnlpa.exe!PsGetCurrentThreadStackLimit + 6 8052B336 40 Bytes [8B, 40, 1C, C3, CC, CC, CC, ...]
.text ntkrnlpa.exe!ExGetPreviousMode + 1F 8052B35F 3 Bytes [D7, 8B, 35]
.text ntkrnlpa.exe!ExGetPreviousMode + 23 8052B363 21 Bytes [39, 56, 80, 83, 25, 00, 39, ...]
.text ntkrnlpa.exe!ExGetPreviousMode + 39 8052B379 261 Bytes [33, C9, 41, FF, D7, 33, C9, ...]
.text ntkrnlpa.exe!PsIsThreadTerminating + 9D 8052B47F 29 Bytes [46, 04, 01, 88, 5D, FF, 74, ...]
.text ntkrnlpa.exe!PsIsThreadTerminating + BB 8052B49D 107 Bytes [7D, 0C, 53, 53, 53, 8D, 47, ...]
.text ntkrnlpa.exe!PsIsThreadTerminating + 127 8052B509 50 Bytes [8B, 75, 08, 8B, 46, 08, 33, ...]
.text ntkrnlpa.exe!PsIsThreadTerminating + 15A 8052B53C 151 Bytes [0A, 00, 8B, 46, 0C, 66, C7, ...]
.text ntkrnlpa.exe!PsIsThreadTerminating + 1F2 8052B5D4 7 Bytes [FF, FF, 56, E8, 16, 63, FC]
.text ...
.text ntkrnlpa.exe!vDbgPrintExWithPrefix + 7 8052B609 67 Bytes CALL 8053BB9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!vDbgPrintExWithPrefix + 4B 8052B64D 52 Bytes [C7, 8D, 48, 01, 8A, 10, 40, ...]
.text ntkrnlpa.exe!vDbgPrintExWithPrefix + 80 8052B682 17 Bytes [00, 2B, C6, 50, 8D, 84, 35, ...]
.text ntkrnlpa.exe!vDbgPrintExWithPrefix + 92 8052B694 61 Bytes [C4, 10, 03, F0, 89, B5, E0, ...]
.text ntkrnlpa.exe!vDbgPrintExWithPrefix + D1 8052B6D3 6 Bytes [75, 09, BE, 00, 02, 00]
.text ...
.text ntkrnlpa.exe!DbgPrintReturnControlC + 38 8052B760 32 Bytes [C6, 45, FB, 0A, 6A, 00, 66, ...]
.text ntkrnlpa.exe!DbgPrintReturnControlC + 59 8052B781 99 Bytes CALL 80531ED7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!DbgLoadImageSymbols + 9 8052B7E5 2 Bytes [45, 0C]
.text ntkrnlpa.exe!DbgLoadImageSymbols + C 8052B7E8 40 Bytes [4D, 10, 50, 89, 45, F0, 89, ...]
.text ntkrnlpa.exe!DbgLoadImageSymbols + 35 8052B811 63 Bytes [03, 8D, 45, F0, 50, FF, 75, ...]
.text ntkrnlpa.exe!DbgLoadImageSymbols + 76 8052B852 36 Bytes [C9, C2, 0C, 00, CC, CC, CC, ...]
.text ntkrnlpa.exe!DbgSetDebugFilterState + B 8052B877 71 Bytes [CC, 00, CC, CC, CC, CC, CC, ...]
.text ntkrnlpa.exe!DbgPrintEx + 1F 8052B8BF 35 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!vDbgPrintEx + 1F 8052B8E3 5 Bytes [CC, CC, CC, CC, CC] {INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text ntkrnlpa.exe!READ_REGISTER_UCHAR + 1 8052B8E9 11 Bytes [54, 24, 04, 8A, 02, C2, 04, ...] {PUSH ESP; AND AL, 0x4; MOV AL, [EDX]; RET 0x4; LEA ECX, [ECX+0x0]}
.text ntkrnlpa.exe!READ_REGISTER_USHORT + 1 8052B8F5 22 Bytes [54, 24, 04, 66, 8B, 02, C2, ...]
.text ntkrnlpa.exe!READ_REGISTER_BUFFER_UCHAR 8052B90C 4 Bytes [8B, C6, 8B, D7] {MOV EAX, ESI; MOV EDX, EDI}
.text ntkrnlpa.exe!READ_REGISTER_BUFFER_UCHAR + 5 8052B911 78 Bytes [4C, 24, 0C, 8B, 74, 24, 04, ...]
.text ntkrnlpa.exe!WRITE_REGISTER_UCHAR 8052B960 27 Bytes [8B, 54, 24, 04, 8A, 44, 24, ...]
.text ntkrnlpa.exe!WRITE_REGISTER_USHORT + 8 8052B97C 111 Bytes [66, 89, 02, F0, 09, 54, 24, ...]
.text ntkrnlpa.exe!WRITE_REGISTER_BUFFER_ULONG + 10 8052B9EC 64 Bytes [F3, A5, F0, 09, 4C, 24, 04, ...]
.text ntkrnlpa.exe!RtlCopyUnicodeString + 2D 8052BA2D 17 Bytes JMP 82DC2034
.text ntkrnlpa.exe!RtlCopyUnicodeString + 3F 8052BA3F 148 Bytes [0A, 66, 3B, 4A, 02, 5F, 5E, ...]
.text ntkrnlpa.exe!RtlAppendUnicodeToString + 6E 8052BAD4 95 Bytes [5E, C9, C2, 08, 00, CC, CC, ...]
.text ntkrnlpa.exe!RtlAppendUnicodeStringToString + 56 8052BB34 56 Bytes [73, 07, D1, EF, 66, 83, 24, ...]
.text ntkrnlpa.exe!RtlAppendUnicodeStringToString + 8F 8052BB6D 227 Bytes [6A, 02, 99, 5E, F7, FE, 85, ...]
.text ntkrnlpa.exe!RtlEqualString + 53 8052BC51 47 Bytes [0C, 3B, F0, 72, D3, B0, 01, ...]
.text ntkrnlpa.exe!RtlMapSecurityErrorToNtStatus + 9 8052BC81 17 Bytes [88, 00, FD, F6, 7F, 83, F9, ...] {MOV [EAX], AL; STD ; IDIV BYTE [EDI-0x7d]; STC ; AND AL, 0x77; OUTSB ; MOVZX ECX, BYTE [ECX-0x7fad42c7]}
.text ntkrnlpa.exe!RtlMapSecurityErrorToNtStatus + 1B 8052BC93 5 Bytes [24, 8D, FD, BC, 52]
.text ntkrnlpa.exe!RtlMapSecurityErrorToNtStatus + 21 8052BC99 2 Bytes [B8, 9A]
.text ntkrnlpa.exe!RtlMapSecurityErrorToNtStatus + 24 8052BC9C 41 Bytes [00, C0, EB, 59, B8, 08, 00, ...]
.text ntkrnlpa.exe!RtlMapSecurityErrorToNtStatus + 4E 8052BCC6 13 Bytes [00, C0, EB, 2F, B8, 0D, 01, ...]
.text ...
.text ntkrnlpa.exe!RtlClearBit + 12 8052BD76 69 Bytes [04, 83, E1, 07, B2, 01, D2, ...]
.text ntkrnlpa.exe!RtlTestBit + A 8052BDBC 69 Bytes [08, 8B, 52, 04, 8B, C1, C1, ...]
.text ntkrnlpa.exe!RtlClearAllBits + 28 8052BE02 4 Bytes [5D, C2, 04, 00] {POP EBP; RET 0x4}
.text ntkrnlpa.exe!RtlSetAllBits + 5 8052BE11 146 Bytes [8B, 45, 08, 8B, 08, 83, C1, ...]
.text ntkrnlpa.exe!RtlFindClearBits + 70 8052BEA4 34 Bytes [83, FE, 02, 73, 0B, 8D, 42, ...]
.text ntkrnlpa.exe!RtlFindClearBits + 93 8052BEC7 57 Bytes [45, FC, 76, 03, 89, 5D, FC, ...]
.text ntkrnlpa.exe!RtlFindClearBits + CD 8052BF01 9 Bytes [0F, B6, DA, 0F, BE, 83, A0, ...]
.text ntkrnlpa.exe!RtlFindClearBits + D7 8052BF0B 33 Bytes [03, C1, 3B, C6, 72, 11, 8B, ...]
.text ntkrnlpa.exe!RtlFindClearBits + F9 8052BF2D 32 Bytes [44, 01, 00, 00, 8B, 4D, FC, ...]
.text ...
.text ntkrnlpa.exe!RtlFindSetBits + 65 8052C0FB 14 Bytes CALL 78A04A03
.text ntkrnlpa.exe!RtlFindSetBits + 75 8052C10B 47 Bytes CALL 83514413
.text ntkrnlpa.exe!RtlFindSetBits + A5 8052C13B 19 Bytes [4D, 08, 8B, 79, 04, 03, F8, ...] {DEC EBP; OR [EBX-0x7fcfb87], CL; MOV CL, [EDI]; AND CL, [EBX-0x7fb24f54]; INC EDI; CMP ESI, 0x9}
.text ntkrnlpa.exe!RtlFindSetBits + B9 8052C14F 84 Bytes [7D, EC, 88, 4D, 0F, 77, 68, ...]
.text ntkrnlpa.exe!RtlFindSetBits + 10E 8052C1A4 17 Bytes [8B, 45, F8, 83, 45, 0C, 08, ...]
.text ...
.text ntkrnlpa.exe!RtlClearBits + 20 8052C368 24 Bytes [F8, 8D, 04, 37, 83, F8, 08, ...]
.text ntkrnlpa.exe!RtlClearBits + 39 8052C381 33 Bytes [76, 0C, 8A, 8F, A0, B0, 4D, ...]
.text ntkrnlpa.exe!RtlClearBits + 5B 8052C3A3 7 Bytes [C0, 8B, FA, F3, AB, 8B, CB] {ROR BYTE [EBX-0x74540c06], 0xcb}
.text ntkrnlpa.exe!RtlClearBits + 63 8052C3AB 28 Bytes [E1, 03, 03, D3, F3, AA, 83, ...]
.text ntkrnlpa.exe!RtlClearBits + 82 8052C3CA 81 Bytes [CC, CC, 8B, FF, 55, 8B, EC, ...]
.text ntkrnlpa.exe!RtlSetBits + 50 8052C41C 125 Bytes [4D, 10, 53, 8B, D9, C1, E9, ...]
.text ntkrnlpa.exe!RtlFindClearRuns + 4A 8052C49A 157 Bytes [39, 83, C1, 08, 4A, 75, F8, ...]
.text ntkrnlpa.exe!RtlFindClearRuns + E8 8052C538 4 Bytes [8B, 4D, F4, 2B]
.text ntkrnlpa.exe!RtlFindClearRuns + ED 8052C53D 23 Bytes [83, C1, 08, 89, 4D, E4, 0F, ...]
.text ntkrnlpa.exe!RtlFindClearRuns + 105 8052C555 44 Bytes [2B, D7, 0A, 0A, 0A, D9, 80, ...]
.text ntkrnlpa.exe!RtlFindClearRuns + 132 8052C582 17 Bytes [BE, 89, A0, AC, 4D, 80, 39, ...]
.text ...
.text ntkrnlpa.exe!RtlFindLongestRunClear + 11 8052C6A9 19 Bytes CALL 8052C44F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlFindLongestRunClear + 25 8052C6BD 158 Bytes [45, FC, EB, 05, 83, 20, 00, ...]
.text ntkrnlpa.exe!RtlNumberOfSetBits + 3F 8052C75F 33 Bytes [BE, 92, A0, AF, 4D, 80, 03, ...]
.text ntkrnlpa.exe!RtlAreBitsClear + 9 8052C781 63 Bytes [4D, 10, 53, 56, 57, 8B, 7D, ...]
.text ntkrnlpa.exe!RtlAreBitsClear + 49 8052C7C1 9 Bytes [EB, 22, 8A, 18, 40, 84, 9A, ...]
.text ntkrnlpa.exe!RtlAreBitsClear + 54 8052C7CC 50 Bytes [EB, 05, 8A, 10, 40, 84, D2, ...]
.text ntkrnlpa.exe!RtlAreBitsSet + 3 8052C7FF 164 Bytes [8B, EC, 8B, 55, 0C, 8B, 4D, ...]
.text ntkrnlpa.exe!RtlFindNextForwardRunClear + 1C 8052C8A4 192 Bytes [00, 00, 8B, 43, 04, 49, C1, ...]
.text ntkrnlpa.exe!RtlFindNextForwardRunClear + DD 8052C965 90 Bytes [F6, C3, 01, 75, 05, 40, 3B, ...]
.text ntkrnlpa.exe!RtlFindLastBackwardRunClear + 3E 8052C9C0 13 Bytes [FF, 75, 17, 2B, C1, 48, 83, ...]
.text ntkrnlpa.exe!RtlFindLastBackwardRunClear + 4C 8052C9CE 19 Bytes JMP 20E88304
.text ntkrnlpa.exe!RtlFindLastBackwardRunClear + 60 8052C9E2 138 Bytes [8B, 1C, BE, 8B, C8, 83, E1, ...]
.text ntkrnlpa.exe!RtlFindMostSignificantBit + 1B 8052CA6D 13 Bytes [FF, FF, 33, C9, 0B, CE, 8B, ...]
.text ntkrnlpa.exe!RtlFindMostSignificantBit + 29 8052CA7B 20 Bytes [00, FF, 33, C9, 0B, CE, 74, ...]
.text ntkrnlpa.exe!RtlFindMostSignificantBit + 3F 8052CA91 79 Bytes [33, C9, 0B, CE, 74, 04, B3, ...]
.text ntkrnlpa.exe!RtlFindMostSignificantBit + 8F 8052CAE1 22 Bytes [0B, CF, 00, 00, 0F, B6, C8, ...]
.text ntkrnlpa.exe!RtlFindMostSignificantBit + A6 8052CAF8 11 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...] {INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text ntkrnlpa.exe!RtlFindLeastSignificantBit + 6 8052CB04 110 Bytes [45, 08, 33, D2, 8B, C8, 53, ...]
.text ntkrnlpa.exe!RtlFindLeastSignificantBit + 75 8052CB73 111 Bytes [33, C9, 0B, CE, 74, 04, B3, ...]
.text ntkrnlpa.exe!RtlFindSetBitsAndClear + 8 8052CBE4 16 Bytes [10, FF, 75, 0C, FF, 75, 08, ...]
.text ntkrnlpa.exe!RtlFindSetBitsAndClear + 19 8052CBF5 238 Bytes [74, 0C, FF, 75, 0C, 56, FF, ...]
.text ntkrnlpa.exe!RtlFindFirstRunClear + D4 8052CCE4 23 Bytes [65, 20, 27, 2E, 63, 78, 72, ...]
.text ntkrnlpa.exe!RtlFindFirstRunClear + EC 8052CCFC 116 Bytes [65, 78, 74, 0A, 00, CC, CC, ...]
.text ntkrnlpa.exe!RtlFindFirstRunClear + 161 8052CD71 52 Bytes [75, 10, FF, B5, 24, FD, FF, ...]
.text ntkrnlpa.exe!RtlFindFirstRunClear + 196 8052CDA6 31 Bytes [F8, 62, 7F, 10, 74, 46, 83, ...]
.text ntkrnlpa.exe!RtlFindFirstRunClear + 1B6 8052CDC6 21 Bytes CALL F0D7DCCF
.text ...
.text ntkrnlpa.exe!RtlWalkFrameChain + C 8052CE62 51 Bytes [89, 6D, D8, 8B, 75, D8, 89, ...]
.text ntkrnlpa.exe!RtlWalkFrameChain + 40 8052CE96 7 Bytes [89, 45, D0, 8B, B0, 34, 01]
.text ntkrnlpa.exe!RtlWalkFrameChain + 48 8052CE9E 63 Bytes [00, 89, 75, CC, 8B, 78, 20, ...]
.text ntkrnlpa.exe!RtlWalkFrameChain + 88 8052CEDE 6 Bytes [47, 08, 89, 45, E0, 8B]
.text ntkrnlpa.exe!RtlWalkFrameChain + 8F 8052CEE5 22 Bytes [04, 89, 7D, DC, 8B, 76, 60, ...]
.text ...
.text ntkrnlpa.exe!RtlCaptureStackBackTrace + 8 8052CF90 99 Bytes [01, 00, 00, 56, 8B, 75, 08, ...]
.text ntkrnlpa.exe!RtlCaptureStackBackTrace + 6C 8052CFF4 41 Bytes [55, 08, 89, 11, 6A, 40, 8D, ...]
.text ntkrnlpa.exe!RtlCaptureStackBackTrace + 96 8052D01E 85 Bytes [45, 08, 56, 57, 8D, 78, 02, ...]
.text ntkrnlpa.exe!RtlCaptureStackBackTrace + EC 8052D074 65 Bytes [56, 6A, 09, 58, 33, F6, 56, ...]
.text ntkrnlpa.exe!RtlCaptureStackBackTrace + 12E 8052D0B6 72 Bytes [8D, 45, DC, 50, C7, 45, B4, ...]
.text ...
.text ntkrnlpa.exe!RtlSplay + 2 8052D136 26 Bytes [55, 8B, EC, 8B, 45, 08, 39, ...]
.text ntkrnlpa.exe!RtlSplay + 1D 8052D151 7 Bytes [00, 00, 3B, CA, 75, 18, 8B]
.text ntkrnlpa.exe!RtlSplay + 25 8052D159 10 Bytes [08, 85, C9, 89, 4A, 04, 74, ...] {OR [EBP+0x44a89c9], AL; JZ 0xa; MOV [ECX], EDX}
.text ntkrnlpa.exe!RtlSplay + 30 8052D164 40 Bytes [50, 08, 89, 02, 89, 00, E9, ...]
.text ntkrnlpa.exe!RtlSplay + 59 8052D18D 207 Bytes [31, 3B, F1, 75, 04, 89, 00, ...]
.text ...
.text ntkrnlpa.exe!RtlSubtreePredecessor + 16 8052D2DA 44 Bytes [48, 08, 85, C9, 75, F7, EB, ...]
.text ntkrnlpa.exe!RtlRealSuccessor + 1F 8052D307 163 Bytes [01, 39, 48, 08, 74, F7, 8B, ...]
.text ntkrnlpa.exe!RtlRealPredecessor + 85 8052D3AB 14 Bytes [10, 89, 30, 89, 11, 5B, EB, ...]
.text ntkrnlpa.exe!RtlRealPredecessor + 94 8052D3BA 2 Bytes [89, 0E] {MOV [ESI], ECX}
.text ntkrnlpa.exe!RtlRealPredecessor + 97 8052D3BD 73 Bytes [10, 89, 11, 89, 00, 8B, 71, ...]
.text ntkrnlpa.exe!RtlRealPredecessor + E1 8052D407 135 Bytes [50, 08, 89, 70, 08, 89, 51, ...]
.text ntkrnlpa.exe!RtlDelete + 45 8052D48F 34 Bytes [50, EB, 26, 85, C0, 75, 03, ...]
.text ntkrnlpa.exe!RtlDelete + 68 8052D4B2 14 Bytes [01, 8B, 36, 89, 30, 56, E8, ...]
.text ntkrnlpa.exe!RtlDelete + 77 8052D4C1 23 Bytes [00, CC, CC, CC, CC, CC, CC, ...]
.text ntkrnlpa.exe!RtlDeleteNoSplay + 11 8052D4D9 34 Bytes [7D, 0C, 74, 18, 39, 5E, 08, ...]
.text ntkrnlpa.exe!RtlDeleteNoSplay + 34 8052D4FC 70 Bytes [39, 5E, 08, 75, 18, 8B, 06, ...]
.text ntkrnlpa.exe!RtlDeleteNoSplay + 7B 8052D543 110 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!RtlInsertElementGenericTableFull + 2C 8052D5B2 48 Bytes [C0, EB, 76, 83, 63, 04, 00, ...]
.text ntkrnlpa.exe!RtlInsertElementGenericTableFull + 5D 8052D5E3 216 Bytes [8B, 45, 18, 75, 05, 89, 58, ...]
.text ntkrnlpa.exe!RtlGetElementGenericTable + 6C 8052D6BC 16 Bytes [40, 04, 75, FA, 89, 41, 0C, ...]
.text ntkrnlpa.exe!RtlGetElementGenericTable + 7D 8052D6CD 36 Bytes [5F, 5E, 5B, 5D, C2, 08, 00, ...]
.text ntkrnlpa.exe!RtlEnumerateGenericTableWithoutSplaying + 4 8052D6F2 45 Bytes [EC, 8B, 45, 08, 8B, 00, 85, ...]
.text ntkrnlpa.exe!RtlEnumerateGenericTableWithoutSplaying + 32 8052D720 47 Bytes [8B, C1, 8B, 48, 04, 85, C9, ...]
.text ntkrnlpa.exe!RtlEnumerateGenericTableWithoutSplaying + 62 8052D750 68 Bytes [46, 04, 85, C0, 74, 15, 8B, ...]
.text ntkrnlpa.exe!RtlInsertElementGenericTable + 13 8052D795 151 Bytes [FF, FF, 50, FF, 75, 08, FF, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTableFull + 21 8052D82D 182 Bytes [01, 75, 10, FF, 36, E8, FD, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTable + 46 8052D8E4 41 Bytes [51, 04, 85, D2, 89, 50, 08, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTable + 70 8052D90E 170 Bytes [8B, FF, 55, 8B, EC, 51, 53, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTable + 11B 8052D9B9 109 Bytes [DB, 56, 57, 74, 23, 8B, 41, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTable + 189 8052DA27 12 Bytes [8B, 3B, 8A, 47, 0C, 3A, C2, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTable + 196 8052DA34 18 Bytes [EB, 10, 84, C0, 74, 1C, 57, ...] {JMP 0x12; TEST AL, AL; JZ 0x22; PUSH EDI; CALL 0xfffffffffffffeda; TEST EAX, EAX; JNZ 0x30; MOV EDI, [EDI]}
.text ...
.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 35 8052DB49 22 Bytes [57, 33, C0, 8B, FB, AB, AB, ...]
.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 4C 8052DB60 13 Bytes [C7, 46, 1C, 01, 00, 00, 00, ...] {MOV DWORD [ESI+0x1c], 0x1; JMP 0x57; CMP DWORD [EBP+0x1c], 0x2}
.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 5A 8052DB6E 50 Bytes [45, 18, 8B, FB, 75, 05, 89, ...]
.text ntkrnlpa.exe!RtlInsertElementGenericTableFullAvl + 8D 8052DBA1 136 Bytes [0F, C6, 40, 0C, 00, 80, 7E, ...]
.text ntkrnlpa.exe!RtlGetElementGenericTableAvl + 1F 8052DC2B 52 Bytes [00, 8D, 53, 01, 3B, D7, 0F, ...]
.text ntkrnlpa.exe!RtlGetElementGenericTableAvl + 54 8052DC60 92 Bytes CALL 8052DAA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlGetElementGenericTableAvl + B1 8052DCBD 187 Bytes CALL 8052DAA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlEnumerateGenericTableWithoutSplayingAvl + 83 8052DD79 80 Bytes [46, 08, 85, C0, 75, F0, 6A, ...]
.text ntkrnlpa.exe!RtlInsertElementGenericTableAvl + 2E 8052DDCA 12 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...] {INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ESI}
.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 7 8052DDD7 1 Byte [75]
.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 7 8052DDD7 18 Bytes [75, 08, 8D, 45, 0C, 50, FF, ...] {JNZ 0xa; LEA EAX, [EBP+0xc]; PUSH EAX; PUSH DWORD [EBP+0xc]; PUSH ESI; CALL 0xffffffffffffff6b; CMP EAX, 0x1}
.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 1A 8052DDEA 2 Bytes [04, 32] {ADD AL, 0x32}
.text ntkrnlpa.exe!RtlDeleteElementGenericTableAvl + 1D 8052DDED 83 Bytes [EB, 2F, 57, 8B, 7D, 0C, 3B, ...]
.text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 1A 8052DE42 1 Byte [14]
.text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 1D 8052DE45 8 Bytes [74, 04, 33, C0, EB, 05, 8B, ...] {JZ 0x6; XOR EAX, EAX; JMP 0xb; MOV EAX, [ESI]}
.text ntkrnlpa.exe!RtlLookupElementGenericTableFullAvl + 26 8052DE4E 15 Bytes [C0, 10, 5E, 5D, C2, 10, 00, ...] {RCL BYTE [EAX], 0x5e; POP EBP; RET 0x10; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; MOV EDI, EDI; PUSH EBP}
.text ntkrnlpa.exe!RtlEnumerateGenericTableAvl + 4 8052DE5E 10 Bytes [EC, 80, 7D, 0C, 00, 8B, 45, ...] {IN AL, DX ; CMP BYTE [EBP+0xc], 0x0; MOV EAX, [EBP+0x8]; JZ 0xe}
.text ntkrnlpa.exe!RtlEnumerateGenericTableAvl + F 8052DE69 16 Bytes [60, 20, 00, 8D, 48, 20, 51, ...]
.text ntkrnlpa.exe!RtlEnumerateGenericTableAvl + 20 8052DE7A 7 Bytes [CC, CC, CC, CC, CC, CC, 8B]
.text ntkrnlpa.exe!RtlEnumerateGenericTableLikeADirectory + 2 8052DE82 9 Bytes [55, 8B, EC, 51, 8B, 45, 18, ...] {PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x18]; PUSH EBX; PUSH ESI}
.text ntkrnlpa.exe!RtlEnumerateGenericTableLikeADirectory + C 8052DE8C 36 Bytes [30, 57, 8B, 7D, 08, 33, DB, ...]
.text ntkrnlpa.exe!RtlEnumerateGenericTableLikeADirectory + 31 8052DEB1 137 Bytes [80, 8B, 45, 1C, 8B, 00, 3B, ...]
.text ntkrnlpa.exe!RtlEnumerateGenericTableLikeADirectory + BB 8052DF3B 6 Bytes [01, 0F, 85, 5B, FF, FF]
.text ntkrnlpa.exe!RtlEnumerateGenericTableLikeADirectory + C2 8052DF42 13 Bytes JMP 8052DE9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlLookupElementGenericTableAvl 8052DF50 62 Bytes [8B, FF, 55, 8B, EC, 8D, 45, ...]
.text ntkrnlpa.exe!RtlGetCallersAddress + 1B 8052DF8F 30 Bytes [00, 64, 89, 25, 00, 00, 00, ...]
.text ntkrnlpa.exe!RtlGetCallersAddress + 3A 8052DFAE 71 Bytes [72, 04, 8B, 12, 3B, D5, 76, ...]
.text ntkrnlpa.exe!RtlGetCallersAddress + 82 8052DFF6 17 Bytes [30, 00, 00, 3B, D0, 77, B0, ...]
.text ntkrnlpa.exe!RtlGetCallersAddress + 94 8052E008 11 Bytes [00, 8B, 64, 24, 08, EB, AF, ...]
.text ntkrnlpa.exe!RtlGetCallersAddress + A0 8052E014 7 Bytes [25, 64, 00, CC, CC, CC, CC] {AND EAX, 0xcccc0064; INT 3 ; INT 3 }
.text ...
.text ntkrnlpa.exe!VerSetConditionMask + 1E 8052E140 143 Bytes [8D, 4C, 40, FD, 0F, B6, 45, ...]
.text ntkrnlpa.exe!RtlVerifyVersionInfo + 70 8052E1D0 80 Bytes [66, 8B, 86, 18, 01, 00, 00, ...]
.text ntkrnlpa.exe!RtlVerifyVersionInfo + C1 8052E221 190 Bytes [75, 78, 0F, B7, 45, F8, 85, ...]
.text ntkrnlpa.exe!RtlVerifyVersionInfo + 180 8052E2E0 12 Bytes JMP 8052E50C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlVerifyVersionInfo + 18D 8052E2ED 69 Bytes [0F, 84, 28, 01, 00, 00, F6, ...]
.text ntkrnlpa.exe!RtlVerifyVersionInfo + 1D3 8052E333 19 Bytes CALL 0C52E336
.text ...
.text ntkrnlpa.exe!RtlImageNtHeader + 4C 8052E56E 81 Bytes [55, 8B, EC, 8B, 4D, 08, 0F, ...]
.text ntkrnlpa.exe!RtlImageNtHeader + 9E 8052E5C0 104 Bytes [FF, FF, FF, 8B, C8, 85, C9, ...]
.text ntkrnlpa.exe!RtlImageNtHeader + 107 8052E629 13 Bytes [0F, 3B, 41, 54, 72, 0A, 50, ...]
.text ntkrnlpa.exe!RtlImageNtHeader + 115 8052E637 89 Bytes [EB, 02, 03, C7, 5F, 5E, 5D, ...]
.text ntkrnlpa.exe!RtlImageNtHeader + 16F 8052E691 17 Bytes [75, 14, 89, 16, 75, 0F, 3B, ...]
.text ...
.text ntkrnlpa.exe!RtlImageDirectoryEntryToData + 53 8052E707 8 Bytes [EB, 02, 33, C0, 5B, 5D, C2, ...]
.text ntkrnlpa.exe!RtlImageDirectoryEntryToData + 5C 8052E710 16 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ntkrnlpa.exe!RtlInitString + 9 8052E721 58 Bytes [C7, 02, 00, 00, 00, 00, 89, ...]
.text ntkrnlpa.exe!RtlInitAnsiString + C 8052E75C 57 Bytes [00, 00, 00, 89, 7A, 04, 0B, ...]
.text ntkrnlpa.exe!RtlInitUnicodeString + E 8052E796 5 Bytes [00, 89, 7A, 04, 0B]
.text ntkrnlpa.exe!RtlInitUnicodeString + 14 8052E79C 30 Bytes [74, 22, 83, C9, FF, 33, C0, ...]
.text ntkrnlpa.exe!RtlInitUnicodeString + 33 8052E7BB 11 Bytes [49, 49, 66, 89, 0A, 5F, C2, ...] {DEC ECX; DEC ECX; MOV [EDX], CX; POP EDI; RET 0x8; ADD [EAX], AL}
.text ntkrnlpa.exe!RtlInitUnicodeString + 40 8052E7C8 92 Bytes [66, 66, 66, 66, 3A, 00, 00, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringA + B 8052E825 66 Bytes [08, 33, D2, 66, 39, 16, C7, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 4E 8052E868 12 Bytes [47, 66, 8B, 46, 0A, 66, 3B, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringA + 5B 8052E875 119 Bytes [FF, 75, 38, 66, 3B, C2, 75, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringA + D3 8052E8ED 27 Bytes [66, F7, 46, 08, FD, FF, 89, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringA + EF 8052E909 136 Bytes [00, 8B, 5D, F8, 3B, DA, 7E, ...]
.text ...
.text ntkrnlpa.exe!RtlIpv6AddressToStringExA + 39 8052EA3B 14 Bytes [8D, 45, B8, 74, 11, 68, EC, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringExA + 49 8052EA4B 16 Bytes [59, 59, 8D, 44, 05, B8, 50, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringExA + 5A 8052EA5C 46 Bytes [8B, F0, 74, 13, FF, 75, 0C, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringExA + 89 8052EA8B 25 Bytes CALL 8053AF87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlIpv6AddressToStringExA + A3 8052EAA5 55 Bytes JMP 0BF8DDAC
.text ...
.text ntkrnlpa.exe!RtlIpv4AddressToStringExA + 2 8052EB20 73 Bytes [55, 8B, EC, 83, EC, 1C, A1, ...]
.text ntkrnlpa.exe!RtlIpv4AddressToStringExA + 4C 8052EB6A 1 Byte [56]
.text ntkrnlpa.exe!RtlIpv4AddressToStringExA + 4C 8052EB6A 5 Bytes [56, E8, 18, C4, 00]
.text ntkrnlpa.exe!RtlIpv4AddressToStringExA + 52 8052EB70 20 Bytes [83, C4, 0C, 03, F0, 8D, 45, ...]
.text ntkrnlpa.exe!RtlIpv4AddressToStringExA + 67 8052EB85 93 Bytes [C0, EB, 15, 8B, CA, 8B, C1, ...]
.text ...
.text ntkrnlpa.exe!RtlIpv6AddressToStringW + 1E 8052EC64 56 Bytes [66, 39, 56, 02, 0F, 85, A9, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringW + 57 8052EC9D 52 Bytes [0B, 66, 3D, FF, FF, 75, 39, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringW + 8D 8052ECD3 50 Bytes CALL 8053B665 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlIpv6AddressToStringW + C0 8052ED06 32 Bytes CALL 8053B664 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlIpv6AddressToStringW + E1 8052ED27 14 Bytes [0F, 66, 81, 7E, 0A, 5E, FE, ...]
.text ...
.text ntkrnlpa.exe!RtlIpv6AddressToStringExW + 3 8052EE3D 53 Bytes [8B, EC, 81, EC, 88, 00, 00, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringExW + 39 8052EE73 2 Bytes [7D, 10] {JGE 0x12}
.text ntkrnlpa.exe!RtlIpv6AddressToStringExW + 3C 8052EE76 43 Bytes [8D, 85, 78, FF, FF, FF, 74, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringExW + 68 8052EEA2 111 Bytes [75, 0C, 68, 1E, EE, 52, 80, ...]
.text ntkrnlpa.exe!RtlIpv6AddressToStringExW + D8 8052EF12 5 Bytes [75, 00, 2E, 00, 25]
.text ...
.text ntkrnlpa.exe!RtlIpv4AddressToStringW + 1 8052EF29 31 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text ntkrnlpa.exe!RtlIpv4AddressToStringW + 21 8052EF49 32 Bytes [00, 50, 68, 0A, EF, 52, 80, ...]
.text ntkrnlpa.exe!RtlIpv4AddressToStringW + 42 8052EF6A 87 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ntkrnlpa.exe!RtlIpv4AddressToStringExW + 52 8052EFC2 94 Bytes [83, C4, 0C, 8D, 34, 46, 8D, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressA + 1D 8052F021 32 Bytes [89, 55, EC, 89, 55, F8, 89, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressA + 3E 8052F042 50 Bytes [48, 74, 0F, 48, 0F, 84, 13, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressA + 71 8052F075 4 Bytes CALL 8053A3DE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlIpv6StringToAddressA + 76 8052F07A 29 Bytes [00, 85, C0, 59, 74, 21, 56, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressA + 94 8052F098 93 Bytes JMP 8052F22F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntkrnlpa.exe!RtlIpv6StringToAddressExA + 77 8052F39B 42 Bytes [80, FB, 5D, 74, 50, 0F, BE, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExA + A2 8052F3C6 6 Bytes [C7, 99, 03, C8, 13, DA]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExA + A9 8052F3CD 42 Bytes [C1, D0, 83, D3, FF, 89, 5D, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExA + D5 8052F3F9 18 Bytes [80, 7D, 0B, 00, 74, 90, 46, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExA + E8 8052F40C 5 Bytes [00, 46, 80, 3E, 30]
.text ...
.text ntkrnlpa.exe!RtlIpv4StringToAddressA + 3D 8052F59F 53 Bytes [00, 85, C0, 59, 74, 09, C7, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressA + 73 8052F5D5 101 Bytes [00, 8A, 03, 84, C0, 0F, 84, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressA + D9 8052F63B 3 Bytes [85, C0, 59] {TEST EAX, EAX; POP ECX}
.text ntkrnlpa.exe!RtlIpv4StringToAddressA + DD 8052F63F 7 Bytes [04, 6A, 61, EB, 02, 6A, 41] {ADD AL, 0x6a; POPA ; JMP 0x7; PUSH 0x41}
.text ntkrnlpa.exe!RtlIpv4StringToAddressA + E5 8052F647 96 Bytes [4D, F8, 58, C1, E1, 04, 2B, ...]
.text ...
.text ntkrnlpa.exe!RtlIpv4StringToAddressExA + 3 8052F773 38 Bytes [8B, EC, 53, 56, 33, F6, 39, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExA + 2A 8052F79A 7 Bytes [10, 50, FF, 75, 0C, FF, 75]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExA + 32 8052F7A2 36 Bytes CALL 8052F562 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlIpv4StringToAddressExA + 57 8052F7C7 42 Bytes [C7, 45, 0C, 0A, 00, 00, 00, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExA + 82 8052F7F2 14 Bytes JMP 8052F8CE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntkrnlpa.exe!RtlIpv6StringToAddressW + 62 8052F96C 83 Bytes [00, 68, 80, 00, 00, 00, 56, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressW + B6 8052F9C0 59 Bytes [83, 7D, FC, 05, 0F, 87, 5D, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressW + F2 8052F9FC 93 Bytes [83, 7D, FC, 06, 0F, 87, 21, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressW + 150 8052FA5A 24 Bytes [C9, 00, 00, 00, 6A, 04, 56, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressW + 169 8052FA73 16 Bytes [89, 7D, EC, 89, 45, F0, 89, ...]
.text ...
.text ntkrnlpa.exe!RtlIpv6StringToAddressExW + 20 8052FC28 8 Bytes [00, 39, 5D, 10, 0F, 84, 28, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExW + 29 8052FC31 9 Bytes [00, 39, 5D, 14, 0F, 84, 1F, ...] {ADD [ECX], BH; POP EBP; ADC AL, 0xf; TEST [EDI], BL; ADD AL, [EAX]}
.text ntkrnlpa.exe!RtlIpv6StringToAddressExW + 33 8052FC3B 35 Bytes [66, 83, 38, 5B, 89, 5D, FC, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExW + 57 8052FC5F 75 Bytes [0F, 8C, F5, 01, 00, 00, 8B, ...]
.text ntkrnlpa.exe!RtlIpv6StringToAddressExW + A4 8052FCAC 53 Bytes CALL 8053C05D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntkrnlpa.exe!RtlIpv4StringToAddressW + 24 8052FE90 33 Bytes [75, 42, 47, 47, 33, C0, 66, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressW + 47 8052FEB3 36 Bytes [00, EB, 1E, 66, 8B, 07, 66, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressW + 6C 8052FED8 20 Bytes [74, 0A, 83, 7D, FC, 0A, 0F, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressW + 81 8052FEED 62 Bytes [73, 26, 6A, 04, 56, E8, 69, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressW + C0 8052FF2C 108 Bytes [85, C0, 59, 59, 74, 3D, 6A, ...]
.text ...
.text ntkrnlpa.exe!RtlIpv4StringToAddressExW + 40 805300BA 1 Byte [7D]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExW + 40 805300BA 63 Bytes [7D, 10, 66, 8B, 07, 66, 3D, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExW + 80 805300FA 15 Bytes [00, 00, 47, 33, F6, 66, 8B, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExW + 90 8053010A 8 Bytes [00, C6, 45, 13, 00, E9, B0, ...]
.text ntkrnlpa.exe!RtlIpv4StringToAddressExW + 99 80530113 51 Bytes [00, 47, 47, 66, 81, FE, 80, ...]
.text ...
.text ntkrnlpa.exe!RtlLargeIntegerDivide + 30 80530228 98 Bytes JMP 8C52054C
.text ntkrnlpa.exe!RtlNtStatusToDosErrorNoTeb + 13 8053028B 71 Bytes [57, 8B, C8, BF, 00, 00, FF, ...]
.text ntkrnlpa.exe!RtlNtStatusToDosErrorNoTeb + 5B 805302D3 19 Bytes [0F, B7, 1C, CD, EC, B9, 4D, ...]
.text ntkrnlpa.exe!RtlNtStatusToDosErrorNoTeb + 6F 805302E7 21 Bytes [72, D9, EB, 16, C1, E1, 03, ...]
.text ntkrnlpa.exe!RtlNtStatusToDosErrorNoTeb + 85 805302FD 11 Bytes [3B, D3, 72, 1A, 8B, C8, 23, ...]
.text ntkrnlpa.exe!RtlNtStatusToDosErrorNoTeb + 91 80530309 15 Bytes [01, C0, 75, 07, 25, FF, FF, ...]
.text ...
.text ntkrnlpa.exe!RtlRaiseException + 1F 8053037B 11 Bytes [8D, 85, 2C, FD, FF, FF, 89, ...]
.text ntkrnlpa.exe!RtlRaiseException + 2B 80530387 11 Bytes [89, 98, A4, 00, 00, 00, 89, ...]
.text ntkrnlpa.exe!RtlRaiseException + 37 80530393 42 Bytes [89, B0, A0, 00, 00, 00, 89, ...]
.text ntkrnlpa.exe!RtlRaiseException + 62 805303BE 1 Byte [00]
.text ntkrnlpa.exe!RtlRaiseException + 62 805303BE 13 Bytes [00, 00, 8C, 98, 98, 00, 00, ...]
.text ...
.text ntkrnlpa.exe!RtlRandomEx + 4E 80530468 42 Bytes [55, 8B, EC, 8B, 4D, 08, 53, ...]
.text ntkrnlpa.exe!RtlRandomEx + 79 80530493 80 Bytes [C1, 6B, C0, 64, 83, C0, 4B, ...]
.text ntkrnlpa.exe!RtlRandomEx + CA 805304E4 46 Bytes [EC, 51, 51, 56, 6A, 0D, FF, ...]
.text ntkrnlpa.exe!RtlRandomEx + F9 80530513 2 Bytes CALL 805467B1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlRandomEx + FE 80530518 1 Byte [4D]
.text ...
.text ntkrnlpa.exe!RtlTimeToTimeFields + 3F 805305B5 21 Bytes [F9, 69, FF, 93, FE, FF, FF, ...]
.text ntkrnlpa.exe!RtlTimeToTimeFields + 55 805305CB 31 Bytes [C1, F7, F3, 33, D2, BB, 90, ...]
.text ntkrnlpa.exe!RtlTimeToTimeFields + 75 805305EB 22 Bytes [F7, F3, 85, D2, 74, 1B, 8D, ...]
.text ntkrnlpa.exe!RtlTimeToTimeFields + 8C 80530602 30 Bytes [0F, BF, 04, 45, 10, C1, 4D, ...]
.text ntkrnlpa.exe!RtlTimeToTimeFields + AB 80530621 78 Bytes [45, FC, 33, D2, BB, E8, 03, ...]
.text ...
.text ntkrnlpa.exe!RtlTimeFieldsToTime + 1 80530677 171 Bytes [FF, 55, 8B, EC, 83, EC, 14, ...]
.text ntkrnlpa.exe!RtlTimeFieldsToTime + AD 80530723 89 Bytes [F6, 0F, BF, 86, 2E, C1, 4D, ...]
.text ntkrnlpa.exe!RtlTimeFieldsToTime + 108 8053077E 49 Bytes [F7, F6, 33, D2, 6A, 64, 5E, ...]
.text ntkrnlpa.exe!RtlTimeFieldsToTime + 13B 805307B1 36 Bytes [EC, F7, F3, 85, D2, 74, 14, ...]
.text ntkrnlpa.exe!RtlTimeFieldsToTime + 160 805307D6 20 Bytes [EB, 0A, 8B, 45, FC, 0F, BF, ...]
.text ...
.text ntkrnlpa.exe!RtlTimeToSecondsSince1980 + 8 80530820 50 Bytes [6A, 17, FF, 35, 64, C1, 4D, ...]
.text ntkrnlpa.exe!RtlTimeToSecondsSince1980 + 3B 80530853 5 Bytes [B0, 01, 5D, C2, 08]
.text ntkrnlpa.exe!RtlTimeToSecondsSince1980 + 41 80530859 15 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!RtlSecondsSince1980ToTime + B 80530869 70 Bytes [8B, 45, 08, 33, C9, 03, C2, ...]
.text ntkrnlpa.exe!RtlTimeToSecondsSince1970 + 1A 805308B0 101 Bytes CALL 805467AF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlSecondsSince1970ToTime + 3A 80530916 9 Bytes [55, 8B, EC, 53, 56, 8B, 75, ...] {PUSH EBP; MOV EBP, ESP; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0x8]; PUSH EDI}
.text ntkrnlpa.exe!RtlSecondsSince1970ToTime + 44 80530920 38 Bytes [75, 10, 8B, 7D, 0C, 57, FF, ...]
.text ntkrnlpa.exe!RtlSecondsSince1970ToTime + 6B 80530947 5 Bytes [F6, 85, FF, 76, 17]
.text ntkrnlpa.exe!RtlSecondsSince1970ToTime + 71 8053094D 50 Bytes [45, 10, 8B, 4A, 1C, 2B, C8, ...]
.text ntkrnlpa.exe!RtlSecondsSince1970ToTime + A4 80530980 65 Bytes [8B, 45, 14, 85, C0, 74, 02, ...]
.text ...
.text ntkrnlpa.exe!RtlTraceDatabaseCreate + 2E 80530B70 1 Byte [8B]
.text ntkrnlpa.exe!RtlTraceDatabaseCreate + 2E 80530B70 58 Bytes [8B, 4D, 10, 83, C9, 02, 53, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseCreate + 69 80530BAB 30 Bytes CALL 80530A08 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlTraceDatabaseCreate + 88 80530BCA 187 Bytes [45, 18, 85, C0, 75, 09, C7, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseDestroy + 24 80530C86 97 Bytes CALL 805309EA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!RtlTraceDatabaseValidate + 26 80530CE8 1 Byte [D0]
.text ntkrnlpa.exe!RtlTraceDatabaseValidate + 26 80530CE8 274 Bytes [D0, 8B, 01, EB, 03, 8B, 40, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseFind + EF 80530DFB 50 Bytes [51, BE, 00, 10, 00, 00, 56, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseFind + 122 80530E2E 91 Bytes [08, 01, 77, 14, 89, 47, 0C, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseFind + 17E 80530E8A 33 Bytes [00, 83, C4, 0C, FF, 75, 10, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseFind + 1A0 80530EAC 1 Byte [00]
.text ntkrnlpa.exe!RtlTraceDatabaseFind + 1A0 80530EAC 41 Bytes [00, 8B, 4F, 44, 8B, C3, C1, ...]
.text ...
.text ntkrnlpa.exe!RtlTraceDatabaseUnlock + 1 80530EED 43 Bytes [FF, 55, 8B, EC, 5D, E9, 91, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseAdd + 1D 80530F19 49 Bytes [FF, FF, FF, 75, 08, 8A, D8, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseAdd + 50 80530F4C 112 Bytes [85, C0, 74, 3B, 8B, 75, 08, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseAdd + C1 80530FBD 45 Bytes [8B, D8, 83, FB, FF, 0F, 84, ...]
.text ntkrnlpa.exe!RtlTraceDatabaseAdd + EF 80530FEB 7 Bytes [FF, 73, 04, E8, 3F, FF, FF]
.text ntkrnlpa.exe!RtlTraceDatabaseAdd + F7 80530FF3 99 Bytes [84, C0, 0F, 84, 00, 01, 00, ...]
.text ...
.text ntkrnlpa.exe!RtlUnwind + 32 80531140 36 Bytes [45, 04, 8D, B5, 84, FC, FF, ...]
.text ntkrnlpa.exe!RtlUnwind + 57 80531165 25 Bytes [BD, 94, FC, FF, FF, 39, 7D, ...]
.text ntkrnlpa.exe!RtlUnwind + 72 80531180 204 Bytes [50, C7, 85, 30, FD, FF, FF, ...]
.text ntkrnlpa.exe!RtlUnwind + 140 8053124E 5 Bytes [FF, 01, 00, 00, 00]
.text ntkrnlpa.exe!RtlUnwind + 146 80531254 40 Bytes [B5, DC, FC, FF, FF, E8, FE, ...]
.text ...
.text ntkrnlpa.exe!VfIsVerificationEnabled + 31 8053322D 30 Bytes CALL 80662740 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!VfIsVerificationEnabled + 50 8053324C 19 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ntkrnlpa.exe!VfFailDeviceNode + F 80533261 152 Bytes [FF, 84, C0, 74, 21, 8D, 45, ...]
.text ntkrnlpa.exe!VfFailDriver + 30 805332FA 6 Bytes [C9, C3, CC, CC, CC, CC] {LEAVE ; RET ; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text ntkrnlpa.exe!VfFailDriver + 37 80533301 60 Bytes [CC, 8B, FF, 55, 8B, EC, 8B, ...]
.text ntkrnlpa.exe!VfFailDriver + 74 8053333E 9 Bytes [8B, 0F, EB, 0D, 0F, B7, 11, ...]
.text ntkrnlpa.exe!VfFailDriver + 7E 80533348 37 Bytes [3B, 55, 0C, 74, 21, 8B, 0E, ...]
.text ntkrnlpa.exe!VfFailDriver + A4 8053336E 89 Bytes JMP 4D20003F
.text ...
.text ntkrnlpa.exe!WmiGetClock + 35 80534857 8 Bytes [F7, 75, 0A, 64, A1, 24, 01, ...]
.text ntkrnlpa.exe!WmiGetClock + 3E 80534860 9 Bytes [8B, F0, EB, 07, 8B, CF, E8, ...]
.text ntkrnlpa.exe!WmiGetClock + 48 8053486A 34 Bytes [FF, 8B, 86, 44, 01, 00, 00, ...]
.text ntkrnlpa.exe!WmiGetClock + 6B 8053488D 76 Bytes [F7, 75, 0B, 64, A1, 24, 01, ...]
.text ntkrnlpa.exe!WmiGetClock + B8 805348DA 28 Bytes [68, 6C, 01, 00, 00, 68, F0, ...]
.text ...
.text ntkrnlpa.exe!WmiTraceMessageVa + 7 80534E39 82 Bytes CALL 8053BBA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!WmiTraceMessageVa + 5A 80534E8C 18 Bytes [45, CC, 8B, 48, FC, 89, 4D, ...] {INC EBP; INT 3 ; MOV ECX, [EAX-0x4]; MOV [EBP-0x48], ECX; CMP ECX, ESI; JZ 0x21; ADD EAX, 0x4; MOV [EBP-0x34], EAX}
.text ntkrnlpa.exe!WmiTraceMessageVa + 6D 80534E9F 85 Bytes [48, FC, 89, 4D, B4, 3B, CE, ...]
.text ntkrnlpa.exe!WmiTraceMessageVa + C4 80534EF6 92 Bytes [EB, 02, 33, C9, 89, 4D, C8, ...]
.text ntkrnlpa.exe!WmiTraceMessageVa + 121 80534F53 1 Byte [00]
.text ...
.text ntkrnlpa.exe!NtTraceEvent + 15 80535129 27 Bytes [00, 64, A1, 24, 01, 00, 00, ...]
.text ntkrnlpa.exe!NtTraceEvent + 31 80535145 30 Bytes [0F, 85, 0E, 01, 00, 00, 66, ...]
.text ntkrnlpa.exe!NtTraceEvent + 50 80535164 34 Bytes [FB, 40, 73, 70, 8D, 3C, 9D, ...]
.text ntkrnlpa.exe!NtTraceEvent + 73 80535187 27 Bytes [04, 8B, CA, EB, 02, 33, C9, ...]
.text ntkrnlpa.exe!NtTraceEvent + 8F 805351A3 144 Bytes [F8, 01, 75, 19, 83, C8, FF, ...]
.text ...
.text ntkrnlpa.exe!IoWMIWriteEvent + 9 8053529F 40 Bytes [42, 56, 80, 00, 75, 0A, B8, ...]
.text ntkrnlpa.exe!IoWMIWriteEvent + 32 805352C8 111 Bytes [46, 08, 66, 3D, FF, FF, 74, ...]
.text ntkrnlpa.exe!IoWMIWriteEvent + A2 80535338 49 Bytes [FF, 00, 00, 0F, 87, E2, 00, ...]
.text ntkrnlpa.exe!IoWMIWriteEvent + D4 8053536A 72 Bytes [74, 09, 32, D2, 8B, CE, E8, ...]
.text ntkrnlpa.exe!IoWMIWriteEvent + 11E 805353B4 8 Bytes [FF, 76, 04, 88, 45, 0B, E8, ...]
.text ...
.text ntkrnlpa.exe!IoWMIHandleToInstanceName + 3 80535437 120 Bytes [8B, EC, FF, 75, 10, 33, C0, ...]
.text ntkrnlpa.exe!IoWMIDeviceObjectToInstanceName + 5A 805354B0 1 Byte [10]
.text ntkrnlpa.exe!IoWMIDeviceObjectToInstanceName + 5A 805354B0 7 Bytes [10, FF, 36, E8, 4E, 00, 00]
.text ntkrnlpa.exe!IoWMIDeviceObjectToInstanceName + 62 805354B8 1 Byte [6A]
.text ntkrnlpa.exe!IoWMIDeviceObjectToInstanceName + 62 805354B8 6 Bytes [6A, 00, 6A, 00, 83, C6]
.text ntkrnlpa.exe!IoWMIDeviceObjectToInstanceName + 69 805354BF 106 Bytes CALL 804FA243 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntkrnlpa.exe!ExInitializeResourceLite + 27 8053572F 14 Bytes [BE, FF, FF, 0F, B7, C0, 89, ...]
.text ntkrnlpa.exe!ExInitializeResourceLite + 36 8053573E 18 Bytes [68, 80, 33, 55, 80, 8B, D6, ...] {PUSH 0x80553380; MOV EDX, ESI; MOV ECX, 0x80565d70; CALL 0x112c2; POP EDI}
.text ntkrnlpa.exe!ExInitializeResourceLite + 49 80535751 52 Bytes [C0, 5E, 5D, C2, 04, 00, CC, ...]
.text ntkrnlpa.exe!ExDisableResourceBoostLite + 2A 80535786 6 Bytes [CC, CC, CC, CC, CC, CC] {INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text ntkrnlpa.exe!ExReleaseResourceLite + 1 8053578D 93 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
.text ntkrnlpa.exe!ExReleaseResourceLite + 60 805357EC 2 Bytes [14, 81] {ADC AL, 0x81}
.text ntkrnlpa.exe!ExReleaseResourceLite + 64 805357F0 29 Bytes [53, 57, 53, FF, 76, 10, E8, ...]
.text ntkrnlpa.exe!ExReleaseResourceLite + 82 8053580E 16 Bytes [46, 0E, 8D, 4D, F4, FF, 15, ...] {INC ESI; PUSH CS; LEA ECX, [EBP-0xc]; CALL [0x804d8114]; POP EDI; POP ESI; POP EBX; LEAVE ; RET }
.text ntkrnlpa.exe!ExReleaseResourceLite + 93 8053581F 30 Bytes [46, 20, 39, 38, 74, 2B, 8D, ...]
.text ...
.text ntkrnlpa.exe!ExSetResourceOwnerPointer + 73 80535A77 4 Bytes [8D, 0C, D0, EB]
.text ntkrnlpa.exe!ExSetResourceOwnerPointer + 78 80535A7C 21 Bytes [39, 30, 74, E2, 83, C0, 08, ...]
.text ntkrnlpa.exe!ExSetResourceOwnerPointer + 8F 80535A93 34 Bytes [44, FC, FF, CC, CC, CC, CC, ...]
.text ntkrnlpa.exe!ExConvertExclusiveToSharedLite + 1A 80535AB6 162 Bytes [46, 2C, 80, 66, 0E, 7F, 66, ...]
.text ntkrnlpa.exe!ExDeleteResourceLite + 61 80535B59 153 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 21 80535BF3 95 Bytes [39, 7E, 18, 75, 05, 8B, 76, ...]
.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + 81 80535C53 65 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + C3 80535C95 4 Bytes [FF, 55, 8B, EC] {CALL [EBP-0x75]; IN AL, DX }
.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + C8 80535C9A 19 Bytes [EC, 14, 83, 4D, F0, FF, 56, ...]
.text ntkrnlpa.exe!ExIsResourceAcquiredSharedLite + DC 80535CAE 48 Bytes [46, 28, 52, 89, 55, F4, 89, ...]
.text ...
.text ntkrnlpa.exe!ExReinitializeResourceLite + 4 805360AC 17 Bytes [EC, 56, 8B, 75, 08, 8B, 46, ...]
.text ntkrnlpa.exe!ExReinitializeResourceLite + 16 805360BE 37 Bytes [33, C9, 41, 3B, D1, 76, 0C, ...]
.text ntkrnlpa.exe!ExReinitializeResourceLite + 3C 805360E4 63 Bytes CALL 804FCEDB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ExReinitializeResourceLite + 7D 80536125 28 Bytes [5F, 33, C0, 5E, 5D, C2, 04, ...]
.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 12 80536144 73 Bytes [75, 08, 8D, 4E, 34, 8D, 55, ...]
.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + 5C 8053618E 69 Bytes [8A, D8, 8D, 4D, F4, FF, 15, ...]
.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + A2 805361D4 26 Bytes [55, 8B, EC, 83, EC, 0C, 53, ...]
.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + BE 805361F0 1 Byte [10]
.text ntkrnlpa.exe!ExAcquireResourceExclusiveLite + C3 805361F5 64 Bytes [DB, 66, 39, 5E, 0C, 75, 15, ...]
.text ntkrnlpa.exe!ExAcquireResourceSharedLite 80536238 6 Bytes [8B, FF, 55, 8B, EC, 83]
.text ntkrnlpa.exe!ExAcquireResourceSharedLite + 7 8053623F 136 Bytes [0C, 53, 56, 57, 64, A1, 24, ...]
.text ntkrnlpa.exe!ExAcquireResourceSharedLite + 90 805362C8 24 Bytes [40, 04, EB, F7, 33, DB, 43, ...]
.text ntkrnlpa.exe!ExAcquireResourceSharedLite + A9 805362E1 22 Bytes [EB, 1F, 33, DB, 43, 89, 38, ...]
.text ntkrnlpa.exe!ExAcquireResourceSharedLite + C0 805362F8 18 Bytes [8B, 56, 10, 8B, CE, E8, 92, ...]
.text ...
.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 4 80536314 71 Bytes [EC, 83, EC, 0C, 53, 56, 57, ...]
.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 4C 8053635C 9 Bytes [5E, 10, 75, 3C, 8D, 45, F4, ...] {POP ESI; ADC [EBP+0x3c], DH; LEA EAX, [EBP-0xc]; PUSH EAX; PUSH ESI}
.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 56 80536366 2 Bytes CALL 80535697 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 5B 8053636B 12 Bytes [C8, 8D, 45, F4, 50, 8B, D7, ...]
.text ntkrnlpa.exe!ExAcquireSharedStarveExclusive + 68 80536378 29 Bytes [FF, 3B, C3, 74, B7, 39, 38, ...]
.text ...
.text ntkrnlpa.exe!ExAcquireSharedWaitForExclusive + 29 80536409 63 Bytes [0C, 0F, 84, 8B, 00, 00, 00, ...]
.text ntkrnlpa.exe!ExAcquireSharedWaitForExclusive + 69 80536449 20 Bytes [4D, F4, FF, 15, 14, 81, 4D, ...]
.text ntkrnlpa.exe!ExAcquireSharedWaitForExclusive + 7E 8053645E 64 Bytes [00, 00, 66, 39, 46, 2E, 74, ...]
.text ntkrnlpa.exe!ExAcquireSharedWaitForExclusive + BF 8053649F 2 Bytes [7E, 20] {JLE 0x22}
.text ntkrnlpa.exe!ExAcquireSharedWaitForExclusive + C2 805364A2 37 Bytes [5E, 24, 66, 89, 5E, 0C, EB, ...]
.text ...
.text ntkrnlpa.exe!ExQueryPoolBlockSize + B 80536723 42 Bytes [20, 56, 8B, 75, 08, 74, 18, ...]
.text ntkrnlpa.exe!ExQueryPoolBlockSize + 36 8053674E 5 Bytes [00, B8, 00, 10, 00]
.text ntkrnlpa.exe!ExQueryPoolBlockSize + 3C 80536754 23 Bytes [EB, 27, 8B, 55, 0C, 33, C0, ...]
.text ntkrnlpa.exe!ExQueryPoolBlockSize + 54 8053676C 21 Bytes [8D, 04, C5, F8, FF, FF, FF, ...]
.text ntkrnlpa.exe!ExQueryPoolBlockSize + 6A 80536782 86 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
.text ...
.text ntkrnlpa.exe!ExAllocatePool + E 80537022 152 Bytes CALL 8054B966 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 25 805370BB 7 Bytes [75, 11, F6, 05, ED, A7, 55]
.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 2D 805370C3 61 Bytes [20, 75, 08, 0F, B6, DB, 83, ...]
.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 6B 80537101 24 Bytes [00, 8B, 78, 44, 83, 66, FC, ...]
.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + 84 8053711A 70 Bytes [25, FF, 01, 00, 00, C1, E0, ...]
.text ntkrnlpa.exe!ExAllocatePoolWithQuotaTag + CB 80537161 6 Bytes [00, C0, E8, E4, FE, 00]
.text ...
.text ntkrnlpa.exe!ExAllocatePoolWithQuota + D 805371E7 12 Bytes CALL 80537093 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text ntkrnlpa.exe!ExAllocatePoolWithQuota + 1C 805371F6 175 Bytes [CC, CC, 8B, FF, 55, 8B, EC, ...]
.text ntkrnlpa.exe!ExNotifyCallback + AE 805372A6 1 Byte [CC] {INT 3 }
.text ntkrnlpa.exe!ExNotifyCallback + AE 805372A6 346 Bytes [CC, CC, CC, CC, CC, CC, 8B, ...]
? spij.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB92E6000, 0x239517, 0xE8000020]
.text USBPORT.SYS!DllUnload B929D8AC 5 Bytes JMP 8ACC51D8
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA5625300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3D8300, 0x1BCE, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AF471F8
Device \FileSystem\Fastfat \FatCdrom 89686500
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-0 8ACC6500
Device \Driver\usbuhci \Device\USBPDO-1 8ACC6500
Device \Driver\usbuhci \Device\USBPDO-2 8ACC6500
Device \Driver\usbehci \Device\USBPDO-3 8AD5B500
Device \Driver\usbuhci \Device\USBPDO-4 8ACC6500
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-5 8ACC6500
Device \Driver\usbuhci \Device\USBPDO-6 8ACC6500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEDA1F8
Device \Driver\usbehci \Device\USBPDO-7 8AD5B500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AEDA1F8
Device \Driver\Cdrom \Device\CdRom0 8AC88500
Device \Driver\atapi \Device\Ide\IdePort0 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1d [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8985F500
Device \Driver\NetBT \Device\NetbiosSmb 8985F500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\NetBT \Device\NetBT_Tcpip_{A46A49E2-33DE-405E-BD43-EC1D0A8F4773} 8985F500
Device \Driver\usbuhci \Device\USBFDO-0 8ACC6500
Device \Driver\usbuhci \Device\USBFDO-1 8ACC6500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896AE1F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 8ACC6500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896AE1F8
Device \Driver\usbehci \Device\USBFDO-3 8AD5B500
Device \Driver\usbuhci \Device\USBFDO-4 8ACC6500
Device \Driver\Ftdisk \Device\FtControl 8AEDA1F8
Device \Driver\usbuhci \Device\USBFDO-5 8ACC6500
Device \Driver\usbuhci \Device\USBFDO-6 8ACC6500
Device \Driver\usbehci \Device\USBFDO-7 8AD5B500
Device \FileSystem\Fastfat \Fat 89686500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89670500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0xC8 0x8A 0xB1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0xC8 0x8A 0xB1 ...

---- EOF - GMER 1.0.15 ----

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2010 7:50:43 PM
mbam-log-2010-07-05 (19-50-43).txt

Scan type: Quick scan
Objects scanned: 148886
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.228,93.188.166.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a46a49e2-33de-405e-bd43-ec1d0a8f4773}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.228,93.188.166.208 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Any help you could give would be greatly appreciated

#2 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 06 July 2010 - 01:06 AM

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [EWABQAF7KL] C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\Vtl.exe File not found
[2010/07/05 23:08:46 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\09ee8110.job
[2010/07/05 23:03:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/07/05 23:03:46 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/05 18:04:51 | 000,179,200 | ---- | M] () -- C:\WINDOWS\Vmifua.exe
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Application Data\09ee8110.exe
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1c9s17.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1oCEIQ.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1sK317.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\7q3wSK3.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ931o.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\k93gMY3.dll
[2010/07/05 18:04:49 | 000,050,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\uO5o5.dll

:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Post the log it creates.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log x 2
Combofix log

Ron

#3 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 06 July 2010 - 04:42 PM

Hi,
OTL only gave out one log after doing the run you described above. I've attached it and the ComboFix log here:

OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EWABQAF7KL deleted successfully.
C:\WINDOWS\tasks\09ee8110.job moved successfully.
C:\WINDOWS\system32\ernel32.dll moved successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\WINDOWS\Vmifua.exe moved successfully.
C:\Documents and Settings\Lugnutz87\Application Data\09ee8110.exe moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1c9s17.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1oCEIQ.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\1sK317.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7q3wSK3.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ931o.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\k93gMY3.dll moved successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\uO5o5.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lugnutz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lugnutz87
->Temp folder emptied: 1030408 bytes
->Temporary Internet Files folder emptied: 353278 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15840486 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1392 bytes

Total Files Cleaned = 17.00 mb

OTL by OldTimer - Version 3.2.7.1 log created on 07062010_175115

Files\Folders moved on Reboot...
C:\Documents and Settings\Lugnutz87\Local Settings\Temp\~DFD81.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT03d9d.TMP not found!

Registry entries deleted on Reboot...

ComboFix:

ComboFix 10-07-06.02 - Lugnutz87 07/06/2010 18:26:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2792 [GMT -4:00]
Running from: c:\documents and settings\Lugnutz87\Desktop\george.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\spool\prtprocs\w32x86\31qGMY7c.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 22:18 . 2010-07-06 22:18 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\AVG9
2010-07-06 21:51 . 2010-07-06 21:51 -------- d-----w- C:\_OTL
2010-07-05 23:43 . 2010-07-05 23:43 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\Malwarebytes
2010-07-05 23:39 . 2010-07-05 23:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-05 23:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 23:39 . 2010-07-06 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 23:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 20:10 . 2010-07-02 20:10 295 ----a-w- c:\windows\EReg072.dat
2010-07-02 02:21 . 2010-07-02 02:21 47364 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-06-25 23:49 . 2010-06-25 23:49 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-24 02:10 . 2010-06-24 02:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-06-24 02:10 . 2010-06-24 02:10 -------- d-----w- c:\program files\NOS
2010-06-24 02:10 . 2010-03-29 12:53 32576 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-06-24 02:10 . 2010-03-29 12:53 29984 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-22 22:50 . 1994-09-21 04:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-06-22 22:50 . 1994-09-21 04:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-06-22 22:50 . 1994-09-21 04:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-06-22 22:50 . 1994-08-24 04:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-06-22 22:15 . 2010-06-22 22:15 -------- d-----w- C:\DSAVANT
2010-06-22 22:13 . 2010-06-22 22:13 -------- d-----w- C:\WIZARD15
2010-06-12 22:06 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 23:33 . 2010-06-07 23:33 503808 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c5e8b47-n\msvcp71.dll
2010-06-07 23:33 . 2010-06-07 23:33 61440 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-63a4cf84-n\decora-sse.dll
2010-06-07 23:33 . 2010-06-07 23:33 499712 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c5e8b47-n\jmc.dll
2010-06-07 23:33 . 2010-06-07 23:33 348160 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c5e8b47-n\msvcr71.dll
2010-06-07 23:33 . 2010-06-07 23:33 12800 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-63a4cf84-n\decora-d3d.dll
2010-06-07 23:30 . 2010-06-07 23:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 21:26 . 2010-06-07 23:27 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\Mount&Blade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 03:27 . 2009-06-19 19:04 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-06 03:27 . 2009-06-19 19:04 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-06 03:27 . 2009-06-19 19:04 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-06 01:04 . 2010-07-06 03:03 3782144 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-07-06 01:03 . 2010-07-06 03:03 3098624 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-07-04 15:53 . 2008-10-10 14:29 24723233 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-04 04:56 . 2008-09-03 14:45 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\uTorrent
2010-06-25 23:48 . 2007-12-11 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-22 22:48 . 2010-02-12 22:15 -------- d-----w- c:\program files\DOSBox-0.73
2010-06-07 23:33 . 2004-09-02 21:14 -------- d-----w- c:\program files\Common Files\Java
2010-06-07 23:30 . 2004-09-02 21:14 -------- d-----w- c:\program files\Java
2010-06-04 02:41 . 2010-06-04 02:41 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\Media Player Classic
2010-06-03 22:47 . 2008-08-14 00:37 -------- d-----w- c:\program files\PSXMemTool
2010-06-02 22:28 . 2009-03-14 18:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 22:28 . 2008-06-05 21:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 01:16 . 2010-06-01 01:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-28 23:14 . 2010-05-28 23:14 -------- d-----w- c:\program files\Livestream Procaster
2010-05-28 18:58 . 2008-06-03 01:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-28 18:39 . 2008-03-11 01:44 -------- d-----w- c:\program files\uTorrent
2010-05-28 01:34 . 2010-05-28 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-05-28 01:34 . 2010-05-28 00:21 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\ATI
2010-05-28 01:29 . 2010-05-28 01:28 -------- d-----w- c:\program files\ATI Technologies
2010-05-28 01:28 . 2010-05-28 01:28 -------- d-----w- c:\program files\ATI
2010-05-28 01:02 . 2008-06-03 02:15 21432 ----a-w- c:\documents and settings\Lugnutz87\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-28 01:02 . 2010-05-28 01:02 -------- d-----w- c:\program files\Phyxion.net
2010-05-28 00:51 . 2010-05-28 00:51 -------- d-----w- c:\program files\Intel
2010-05-28 00:06 . 2005-12-11 17:22 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-27 08:00 . 2010-06-01 01:15 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-26 17:03 . 2008-12-07 03:50 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 17:03 . 2009-03-25 21:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 17:03 . 2009-03-25 21:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-21 22:19 . 2010-05-15 23:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
2010-05-16 01:26 . 2008-07-18 05:12 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\DivX
2010-05-16 00:40 . 2010-05-16 00:40 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-16 00:40 . 2010-05-16 00:40 56766 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-16 00:40 . 2010-05-16 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-05-16 00:40 . 2004-07-03 12:59 -------- d-----w- c:\program files\DivX
2010-05-16 00:40 . 2010-05-16 00:40 56978 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-16 00:40 . 2010-05-16 00:40 57679 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Player\Uninstaller.exe
2010-05-16 00:40 . 2010-05-16 00:40 53600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
2010-05-16 00:38 . 2010-05-16 00:38 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-16 00:34 . 2010-05-16 00:34 144696 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-16 00:34 . 2010-05-16 00:40 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-05-16 00:34 . 2010-05-16 00:40 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-05-15 23:59 . 2004-12-18 15:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-06 10:41 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 02:45 . 2007-10-16 14:40 4807680 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-05-05 01:55 . 2010-05-21 21:51 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-05-05 01:55 . 2010-05-21 21:51 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-05-05 01:53 . 2010-05-21 21:51 3997696 ----a-w- c:\windows\system32\aticaldd.dll
2010-05-05 01:48 . 2010-05-28 00:35 15056896 ----a-w- c:\windows\system32\atioglxx.dll
2010-05-05 01:43 . 2010-05-28 00:35 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-05-05 01:39 . 2010-05-28 00:35 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-05 01:38 . 2007-10-16 14:04 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-05-05 01:37 . 2007-10-16 13:44 3693696 ----a-w- c:\windows\system32\ati3duag.dll
2010-05-05 01:27 . 2010-05-28 00:35 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-05-05 01:26 . 2009-09-19 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-05-05 01:26 . 2010-05-28 00:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-05-05 01:26 . 2010-05-28 00:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-05-05 01:26 . 2009-09-19 02:10 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-05-05 01:25 . 2010-05-28 00:35 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-05-05 01:24 . 2007-10-16 13:33 2250880 ----a-w- c:\windows\system32\ativvaxx.dll
2010-05-05 01:24 . 2010-05-28 00:35 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-05-05 01:24 . 2010-05-28 00:35 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-05-05 01:24 . 2010-05-28 00:35 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-05-05 01:23 . 2010-05-21 21:51 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-05 01:20 . 2010-05-28 00:35 593920 ----a-w- c:\windows\system32\atikvmag.dll
2010-05-05 01:19 . 2010-05-28 00:35 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-05-05 01:19 . 2009-09-19 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-05-05 01:18 . 2010-05-28 00:35 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-05-05 01:14 . 2007-10-16 13:11 708608 ----a-w- c:\windows\system32\ati2cqag.dll
2010-05-05 01:12 . 2010-05-21 21:51 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-05-05 01:12 . 2009-09-19 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-05-05 01:12 . 2010-05-28 00:35 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 102400]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 21:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\DS2\\DungeonSiege2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Neverwinter Nights 2\\nwn2main.exe"=
"d:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"d:\\Neverwinter Nights 2\\nwupdate.exe"=
"d:\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Vent\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"d:\\Mass Effect 2\\MassEffect2Launcher.exe"=
"d:\\Majesty 2\\Majesty2.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/14/2009 2:56 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/14/2009 2:56 PM 242896]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [11/4/2008 2:26 PM 120320]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 5:49 PM 308064]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72728]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/13/2010 5:04 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/3/2008 12:03 PM 716272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: intuit.com\ttlc
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
FF - ProfilePath - c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HydraVisionDesktopManager - c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-2146939123-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f2,66,70,5a,aa,ff,b0,62,7f,30,d4,34,9c,26,b2,8e,e1,81,58,31,18,a2,49,
12,9d,fd,9c,e3,e0,d6,03,a6,31,38,8f,86,2b,87,40,20,45,2a,fd,53,48,8a,d6,52,\
"??"=hex:85,b6,f8,64,73,7e,2b,69,cb,83,2f,61,19,37,81,62

[HKEY_USERS\S-1-5-21-1708537768-2146939123-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:d1,75,5c,f7,24,9b,24,ab,ac,60,6e,7b,7d,8f,34,a7,f5,47,b4,de,c1,
e7,91,67,c0,1f,2b,a0,d9,89,af,04,b7,86,f6,e4,32,d4,a0,40,ca,72,c1,6f,1d,77,\
"rkeysecu"=hex:71,29,4a,77,f1,75,42,39,eb,03,63,bc,f9,56,31,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2010-07-06 18:37:07
ComboFix-quarantined-files.txt 2010-07-06 22:37

Pre-Run: 5,051,355,136 bytes free
Post-Run: 6,175,485,952 bytes free

- - End Of File - - B94388287FF2CDC20157A59B734CC64E

Thanks again for your help!

#4 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 06 July 2010 - 06:04 PM

Yes, Sorry. I left out this part:

Copy the following Text:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Run OTL and paste it into the Custom Scan box then hit Quick Scan.

Run MBAM again - the quick scan - just as before. Need to see if the malware returned.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\docume~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys

RenV::

Driver::
bDMusicb

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Copy the following bolded command
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
Start >All Programs> Accessories> Command Prompt.
Right click and select Paste then hit Enter.
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron

#5 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 06 July 2010 - 07:39 PM

Hi,
Here are the scans:

OTL:

OTL logfile created on: 7/6/2010 8:51:49 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Lugnutz87\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.92 Gb Free Space | 15.88% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 26.37 Gb Free Space | 11.33% Space Free | Partition Type: FAT32
Drive E: | 630.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN
Current User Name: Lugnutz87
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/05 23:12:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lugnutz87\My Documents\Downloads\OTL.exe
PRC - [2010/06/02 18:28:35 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 18:28:30 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 18:28:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 18:28:02 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 18:28:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/16 17:49:16 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/03/24 19:47:07 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/21 13:09:59 | 000,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/11/03 03:17:27 | 000,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

========== Modules (SafeList) ==========

MOD - [2010/07/05 23:12:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lugnutz87\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/24 00:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/16 17:49:16 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/13 17:04:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys -- (bDMusicb)
DRV - [2010/06/02 18:28:30 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 18:28:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/04 22:45:04 | 004,807,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/03/16 17:48:40 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/02 20:43:06 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/02 20:43:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/19 08:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/04 14:26:20 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2008/10/06 15:20:09 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2003/10/13 01:29:00 | 000,066,688 | R--- | M] (NETGEAR ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Firefox\components [2010/06/28 18:29:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Firefox\plugins [2010/06/28 18:29:54 | 000,000,000 | ---D | M]

[2009/07/27 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Extensions
[2010/07/06 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions
[2010/04/26 21:58:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 09:25:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/23 22:10:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/05 15:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv

O1 HOSTS File: ([2010/07/06 18:34:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1260314066921 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212451221434 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1212451414981 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Justin.tv Publisher http://www.justin.tv...v_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40 213.109.75.90
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/20 10:17:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/05/06 08:36:00 | 000,000,059 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/05/08 05:18:48 | 000,491,520 | R--- | M] () - E:\AutorunArcanum.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 18:22:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/06 18:22:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/06 18:22:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 18:22:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/06 18:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/06 18:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\AVG9
[2010/07/06 18:00:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/06 17:51:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/05 19:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Malwarebytes
[2010/07/05 19:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 19:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/05 19:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 19:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 19:38:38 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lugnutz87\Desktop\bubba.exe
[2010/06/25 19:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/06/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2010/06/22 18:15:00 | 000,000,000 | ---D | C] -- C:\DSAVANT
[2010/06/22 18:13:37 | 000,000,000 | ---D | C] -- C:\WIZARD15
[2010/06/07 19:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/07 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade Savegames
[2010/06/07 17:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Mount&Blade
[2010/06/05 17:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\bios
[2010/06/05 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\memcards
[2010/06/03 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Media Player Classic
[2010/05/31 21:15:30 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/05/31 21:15:30 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/05/31 21:15:30 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/05/31 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/05/31 21:11:21 | 016,418,083 | ---- | C] ( ) -- C:\Documents and Settings\Lugnutz87\My Documents\K-Lite_Codec_Pack_600_Full.exe
[2010/05/28 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Procaster
[2010/05/28 19:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2010/05/27 21:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2010/05/27 21:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/27 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/05/27 21:27:25 | 000,000,000 | ---D | C] -- C:\ATI
[2010/05/27 21:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/05/27 20:51:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/05/27 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/27 20:50:56 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/27 20:35:13 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/05/27 20:35:13 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/05/27 20:35:13 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/05/27 20:35:12 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/05/27 20:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\ATI
[2010/05/27 20:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\ATI
[2010/05/15 20:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/15 20:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/15 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta
[2010/05/15 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2008/06/02 20:24:29 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/06 19:18:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 19:18:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 19:17:42 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/06 19:17:42 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/06 19:17:42 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/06 19:17:19 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Lugnutz87\NTUSER.DAT
[2010/07/06 19:17:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lugnutz87\ntuser.ini
[2010/07/06 18:34:42 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 18:34:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/06 17:57:11 | 003,727,937 | R--- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\george.exe
[2010/07/05 23:27:58 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/07/05 23:27:58 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/07/05 23:27:58 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/07/05 19:50:34 | 000,227,452 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\screenshot.JPG
[2010/07/05 19:38:22 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lugnutz87\Desktop\bubba.exe
[2010/07/05 19:26:40 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\hook.ini
[2010/07/05 19:16:21 | 002,105,572 | -H-- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\IconCache.db
[2010/07/05 18:15:27 | 061,665,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/05 16:14:33 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 11:53:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 21:22:22 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Arcanum.lnk
[2010/07/02 16:10:48 | 000,000,295 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2010/07/02 13:09:17 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Master of Orion II.lnk
[2010/07/01 22:58:24 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 19:48:31 | 000,000,410 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Dragon Age Origins.lnk
[2010/06/24 23:17:15 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 23:17:15 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 23:17:15 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 23:11:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/23 23:11:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/23 22:42:32 | 000,014,372 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean2.SGM
[2010/06/23 22:36:24 | 000,014,372 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean1.SGM
[2010/06/23 18:31:26 | 000,001,043 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2010/06/22 19:12:57 | 000,106,279 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\gh.JPG
[2010/06/22 18:50:30 | 000,000,094 | ---- | M] () -- C:\WIZ.INI
[2010/06/22 18:50:18 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Wizardry Gold.lnk
[2010/06/12 19:09:38 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 18:30:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 17:29:18 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade.lnk
[2010/06/05 17:42:53 | 000,791,582 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\PSX1.7.zip
[2010/06/02 18:28:30 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:28:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 21:13:25 | 016,418,083 | ---- | M] ( ) -- C:\Documents and Settings\Lugnutz87\My Documents\K-Lite_Codec_Pack_600_Full.exe
[2010/05/28 14:58:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/28 14:58:41 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\ZoneAlarm Security.lnk
[2010/05/28 14:58:38 | 000,420,890 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/27 21:02:24 | 000,021,432 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 21:02:16 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Driver Sweeper.lnk
[2010/05/27 16:15:11 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/27 04:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/27 04:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/05/23 18:05:22 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta.lnk
[2010/05/15 19:59:28 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Majesty 2.doc
[2010/05/04 21:27:02 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/05/04 21:26:52 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/05/04 21:26:46 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/05/04 21:26:42 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/05/04 21:24:28 | 000,479,664 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/04 21:24:22 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/05/04 21:24:22 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/05/04 21:23:52 | 000,042,640 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 14:55:28 | 000,021,290 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010/04/13 13:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/13 09:02:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders (2).lnk
[2010/04/13 09:02:51 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders.lnk

========== Files Created - No Company Name ==========

[2010/07/06 18:22:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/06 18:22:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/06 18:22:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/06 18:22:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/06 18:22:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/06 17:57:10 | 003,727,937 | R--- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\george.exe
[2010/07/05 20:45:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\gmer.exe
[2010/07/05 19:50:34 | 000,227,452 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\screenshot.JPG
[2010/07/05 19:26:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\hook.ini
[2010/07/05 19:26:15 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\D3dHook.dll
[2010/07/05 19:26:15 | 000,755,712 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\D3DWindower-English.exe
[2010/07/02 21:07:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/02 16:10:48 | 000,000,295 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/07/02 13:09:17 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Master of Orion II.lnk
[2010/06/22 21:50:00 | 000,014,372 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean2.SGM
[2010/06/22 20:51:16 | 000,014,372 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean1.SGM
[2010/06/22 19:12:57 | 000,106,279 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\gh.JPG
[2010/06/22 18:50:30 | 000,000,094 | ---- | C] () -- C:\WIZ.INI
[2010/06/22 18:50:18 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Wizardry Gold.lnk
[2010/06/07 17:22:58 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade.lnk
[2010/06/05 17:42:53 | 000,791,582 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\PSX1.7.zip
[2010/05/31 21:15:31 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/31 21:15:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/31 21:15:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/05/31 21:15:29 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/31 21:15:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/31 21:15:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/31 21:15:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/27 21:02:16 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Driver Sweeper.lnk
[2010/05/27 20:35:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/05/27 20:35:13 | 000,479,664 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/27 20:35:13 | 000,042,640 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/05/27 20:35:13 | 000,021,290 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/05/27 20:35:11 | 000,203,331 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/05/27 20:35:11 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/05/27 16:15:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/15 19:56:29 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta.lnk
[2010/05/02 00:22:11 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Majesty 2.doc
[2010/04/13 09:02:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders (2).lnk
[2010/04/13 09:02:51 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders.lnk
[2010/01/12 05:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/02 20:43:05 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/02 20:43:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/17 19:48:45 | 000,007,200 | ---- | C] () -- C:\WINDOWS\OUTHELP.DLL
[2009/08/17 19:33:57 | 000,000,177 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/06/19 15:04:44 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/19 15:04:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/19 15:04:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/04/02 17:47:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2009/04/02 17:46:51 | 000,001,043 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2009/01/25 14:05:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/05 23:20:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/04 14:26:20 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2008/10/10 08:33:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/03 12:03:32 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/07/11 16:50:28 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/10 11:36:25 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/06/11 22:30:10 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/06/02 20:25:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/08/24 11:50:24 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2007/08/24 11:50:24 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/24 01:00:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/07/26 17:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/11/06 14:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
[2009/12/01 14:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/11/04 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BioWare
[2010/01/27 18:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2008/08/11 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2008/06/02 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/05/06 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/02/20 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Paradox Interactive
[2008/11/03 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
[2010/02/13 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010/04/03 16:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/11/06 14:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2008/11/22 11:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/06/02 20:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\acccore
[2010/07/06 18:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\AVG9
[2008/08/13 19:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\fltk.org
[2008/10/25 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Leadertech
[2010/06/07 19:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mount&Blade
[2009/05/06 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\NCH Swift Sound
[2010/02/19 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Tilted Mill
[2010/07/04 00:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/06/20 10:17:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/06/22 20:49:17 | 000,042,768 | -H-- | M] () -- C:\BEDBBBDA
[2000/07/31 13:28:00 | 000,286,208 | ---- | M] () -- C:\binkw32.dll
[2008/06/02 21:32:27 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/06 18:37:08 | 000,022,574 | ---- | M] () -- C:\ComboFix.txt
[2004/06/20 10:17:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/17 22:34:10 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin
[2004/06/20 10:17:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/06 14:20:56 | 000,001,991 | -H-- | M] () -- C:\IPH.PH
[2005/12/11 13:20:09 | 000,000,355 | ---- | M] () -- C:\mmcInst.log
[2007/09/23 18:12:10 | 000,001,414 | ---- | M] () -- C:\moduleName.txt
[2004/06/20 10:17:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/06/02 21:26:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/02 23:08:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/06 19:18:38 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/03/24 07:34:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/10/17 23:02:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/10/18 22:47:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/10/19 00:49:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/03/24 07:34:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/10/17 23:02:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/10/18 22:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/10/19 00:49:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/22 18:50:30 | 000,000,094 | ---- | M] () -- C:\WIZ.INI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/06/02 20:33:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 21:39:32 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/01/01 21:01:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/01 21:01:56 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/01 21:01:56 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-25 03:18:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
< End of report >

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2010 9:00:22 PM
mbam-log-2010-07-06 (21-00-22).txt

Scan type: Quick scan
Objects scanned: 147747
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 10-07-06.02 - Lugnutz87 07/06/2010 21:08:09.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2791 [GMT -4:00]
Running from: c:\documents and settings\Lugnutz87\Desktop\george.exe
Command switches used :: c:\documents and settings\Lugnutz87\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\docume~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDMUSICB
-------\Service_bDMusicb

((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-06 22:18 . 2010-07-06 22:18 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\AVG9
2010-07-06 21:51 . 2010-07-06 21:51 -------- d-----w- C:\_OTL
2010-07-05 23:43 . 2010-07-05 23:43 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\Malwarebytes
2010-07-05 23:39 . 2010-07-05 23:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-05 23:39 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 23:39 . 2010-07-06 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 23:39 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 20:10 . 2010-07-02 20:10 295 ----a-w- c:\windows\EReg072.dat
2010-06-25 23:49 . 2010-06-25 23:49 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-24 02:10 . 2010-06-24 02:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-06-24 02:10 . 2010-06-24 02:10 -------- d-----w- c:\program files\NOS
2010-06-22 22:50 . 1994-09-21 04:00 92208 ----a-w- c:\windows\system32\WING.DLL
2010-06-22 22:50 . 1994-09-21 04:00 6736 ----a-w- c:\windows\system32\WINGDIB.DRV
2010-06-22 22:50 . 1994-09-21 04:00 12800 ----a-w- c:\windows\system32\WING32.DLL
2010-06-22 22:50 . 1994-08-24 04:00 188960 ----a-w- c:\windows\system32\WINGDE.DLL
2010-06-22 22:15 . 2010-06-22 22:15 -------- d-----w- C:\DSAVANT
2010-06-22 22:13 . 2010-06-22 22:13 -------- d-----w- C:\WIZARD15
2010-06-12 22:06 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 23:30 . 2010-06-07 23:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 21:26 . 2010-06-07 23:27 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\Mount&Blade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 23:58 . 2010-07-06 23:58 47364 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-06 03:27 . 2009-06-19 19:04 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-06 03:27 . 2009-06-19 19:04 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-06 03:27 . 2009-06-19 19:04 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-04 04:56 . 2008-09-03 14:45 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\uTorrent
2010-06-25 23:48 . 2007-12-11 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-22 22:48 . 2010-02-12 22:15 -------- d-----w- c:\program files\DOSBox-0.73
2010-06-07 23:33 . 2004-09-02 21:14 -------- d-----w- c:\program files\Common Files\Java
2010-06-07 23:33 . 2010-06-07 23:33 503808 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c5e8b47-n\msvcp71.dll
2010-06-07 23:33 . 2010-06-07 23:33 61440 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-63a4cf84-n\decora-sse.dll
2010-06-07 23:33 . 2010-06-07 23:33 499712 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c5e8b47-n\jmc.dll
2010-06-07 23:33 . 2010-06-07 23:33 348160 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c5e8b47-n\msvcr71.dll
2010-06-07 23:33 . 2010-06-07 23:33 12800 ----a-w- c:\documents and settings\Lugnutz87\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-63a4cf84-n\decora-d3d.dll
2010-06-07 23:30 . 2004-09-02 21:14 -------- d-----w- c:\program files\Java
2010-06-04 02:41 . 2010-06-04 02:41 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\Media Player Classic
2010-06-03 22:47 . 2008-08-14 00:37 -------- d-----w- c:\program files\PSXMemTool
2010-06-02 22:28 . 2009-03-14 18:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 22:28 . 2008-06-05 21:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 01:16 . 2010-06-01 01:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-28 23:14 . 2010-05-28 23:14 -------- d-----w- c:\program files\Livestream Procaster
2010-05-28 18:58 . 2008-06-03 01:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-28 18:39 . 2008-03-11 01:44 -------- d-----w- c:\program files\uTorrent
2010-05-28 01:34 . 2010-05-28 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-05-28 01:34 . 2010-05-28 00:21 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\ATI
2010-05-28 01:29 . 2010-05-28 01:28 -------- d-----w- c:\program files\ATI Technologies
2010-05-28 01:28 . 2010-05-28 01:28 -------- d-----w- c:\program files\ATI
2010-05-28 01:02 . 2008-06-03 02:15 21432 ----a-w- c:\documents and settings\Lugnutz87\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-28 01:02 . 2010-05-28 01:02 -------- d-----w- c:\program files\Phyxion.net
2010-05-28 00:51 . 2010-05-28 00:51 -------- d-----w- c:\program files\Intel
2010-05-28 00:06 . 2005-12-11 17:22 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-27 08:00 . 2010-06-01 01:15 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-26 17:03 . 2008-12-07 03:50 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 17:03 . 2009-03-25 21:51 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 17:03 . 2009-03-25 21:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-21 22:19 . 2010-05-15 23:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
2010-05-16 01:26 . 2008-07-18 05:12 -------- d-----w- c:\documents and settings\Lugnutz87\Application Data\DivX
2010-05-16 00:40 . 2010-05-16 00:40 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-16 00:40 . 2010-05-16 00:40 56766 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-16 00:40 . 2010-05-16 00:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-05-16 00:40 . 2004-07-03 12:59 -------- d-----w- c:\program files\DivX
2010-05-16 00:40 . 2010-05-16 00:40 56978 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-16 00:40 . 2010-05-16 00:40 57679 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Player\Uninstaller.exe
2010-05-16 00:40 . 2010-05-16 00:40 53600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
2010-05-16 00:38 . 2010-05-16 00:38 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-16 00:34 . 2010-05-16 00:34 144696 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-16 00:34 . 2010-05-16 00:40 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-05-16 00:34 . 2010-05-16 00:40 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-05-15 23:59 . 2004-12-18 15:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-06 10:41 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 02:45 . 2007-10-16 14:40 4807680 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-05-05 01:55 . 2010-05-21 21:51 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-05-05 01:55 . 2010-05-21 21:51 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-05-05 01:53 . 2010-05-21 21:51 3997696 ----a-w- c:\windows\system32\aticaldd.dll
2010-05-05 01:48 . 2010-05-28 00:35 15056896 ----a-w- c:\windows\system32\atioglxx.dll
2010-05-05 01:43 . 2010-05-28 00:35 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-05-05 01:39 . 2010-05-28 00:35 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-05 01:38 . 2007-10-16 14:04 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-05-05 01:37 . 2007-10-16 13:44 3693696 ----a-w- c:\windows\system32\ati3duag.dll
2010-05-05 01:27 . 2010-05-28 00:35 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-05-05 01:26 . 2009-09-19 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-05-05 01:26 . 2010-05-28 00:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-05-05 01:26 . 2010-05-28 00:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-05-05 01:26 . 2009-09-19 02:10 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-05-05 01:25 . 2010-05-28 00:35 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-05-05 01:24 . 2007-10-16 13:33 2250880 ----a-w- c:\windows\system32\ativvaxx.dll
2010-05-05 01:24 . 2010-05-28 00:35 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-05-05 01:24 . 2010-05-28 00:35 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-05-05 01:24 . 2010-05-28 00:35 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-05-05 01:23 . 2010-05-21 21:51 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-05 01:20 . 2010-05-28 00:35 593920 ----a-w- c:\windows\system32\atikvmag.dll
2010-05-05 01:19 . 2010-05-28 00:35 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-05-05 01:19 . 2009-09-19 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-05-05 01:18 . 2010-05-28 00:35 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-05-05 01:14 . 2007-10-16 13:11 708608 ----a-w- c:\windows\system32\ati2cqag.dll
2010-05-05 01:12 . 2010-05-21 21:51 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-05-05 01:12 . 2009-09-19 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-05-05 01:12 . 2010-05-28 00:35 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----

---- Directory of c:\program files\Common ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-24 198160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 102400]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 21:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\DS2\\DungeonSiege2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Neverwinter Nights 2\\nwn2main.exe"=
"d:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"d:\\Neverwinter Nights 2\\nwupdate.exe"=
"d:\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Vent\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"d:\\Mass Effect 2\\MassEffect2Launcher.exe"=
"d:\\Majesty 2\\Majesty2.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/14/2009 2:56 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/14/2009 2:56 PM 242896]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [11/4/2008 2:26 PM 120320]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 5:49 PM 308064]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72728]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/13/2010 5:04 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/3/2008 12:03 PM 716272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: intuit.com\ttlc
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
FF - ProfilePath - c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 21:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-2146939123-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f2,66,70,5a,aa,ff,b0,62,7f,30,d4,34,9c,26,b2,8e,e1,81,58,31,18,a2,49,
12,9d,fd,9c,e3,e0,d6,03,a6,31,38,8f,86,2b,87,40,20,45,2a,fd,53,48,8a,d6,52,\
"??"=hex:85,b6,f8,64,73,7e,2b,69,cb,83,2f,61,19,37,81,62

[HKEY_USERS\S-1-5-21-1708537768-2146939123-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:d1,75,5c,f7,24,9b,24,ab,ac,60,6e,7b,7d,8f,34,a7,f5,47,b4,de,c1,
e7,91,67,c0,1f,2b,a0,d9,89,af,04,b7,86,f6,e4,32,d4,a0,40,ca,72,c1,6f,1d,77,\
"rkeysecu"=hex:71,29,4a,77,f1,75,42,39,eb,03,63,bc,f9,56,31,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Real\RealPlayer\RealPlay.exe
.
**************************************************************************
.
Completion time: 2010-07-06 21:27:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 01:27
ComboFix2.txt 2010-07-06 22:37

Pre-Run: 6,299,021,312 bytes free
Post-Run: 6,179,524,608 bytes free

- - End Of File - - 7128F9716820040DA98DC9CF9AA609AE

21:35:45:203 0136 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:35:45:203 0136 ================================================================================
21:35:45:203 0136 SystemInfo:

21:35:45:203 0136 OS Version: 5.1.2600 ServicePack: 3.0
21:35:45:203 0136 Product type: Workstation
21:35:45:203 0136 ComputerName: SEAN
21:35:45:203 0136 UserName: Lugnutz87
21:35:45:203 0136 Windows directory: C:\WINDOWS
21:35:45:203 0136 System windows directory: C:\WINDOWS
21:35:45:203 0136 Processor architecture: Intel x86
21:35:45:203 0136 Number of processors: 2
21:35:45:203 0136 Page size: 0x1000
21:35:45:218 0136 Boot type: Normal boot
21:35:45:218 0136 ================================================================================
21:35:45:875 0136 Initialize success
21:35:45:875 0136
21:35:45:875 0136 Scanning Services ...
21:35:46:328 0136 Raw services enum returned 343 services
21:35:46:343 0136
21:35:46:343 0136 Scanning Drivers ...
21:35:47:187 0136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:35:47:296 0136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:35:47:390 0136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:35:47:484 0136 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:35:47:906 0136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:35:47:984 0136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:35:48:281 0136 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:35:48:390 0136 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:35:48:468 0136 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:35:48:546 0136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:35:48:625 0136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:35:48:718 0136 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\System32\Drivers\avgldx86.sys
21:35:48:812 0136 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
21:35:48:890 0136 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\System32\Drivers\avgtdix.sys
21:35:48:984 0136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:35:49:046 0136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:35:49:171 0136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:35:49:218 0136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:35:49:281 0136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:35:49:484 0136 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
21:35:49:593 0136 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
21:35:49:671 0136 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
21:35:49:781 0136 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
21:35:49:890 0136 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
21:35:50:015 0136 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
21:35:50:187 0136 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
21:35:50:281 0136 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
21:35:50:375 0136 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
21:35:50:421 0136 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
21:35:50:468 0136 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
21:35:50:625 0136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:35:50:703 0136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:35:50:843 0136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:35:51:109 0136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:35:51:296 0136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:35:51:453 0136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:35:51:515 0136 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
21:35:51:578 0136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:35:51:671 0136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:35:51:718 0136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:35:51:765 0136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:35:51:843 0136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:35:51:937 0136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:35:52:000 0136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:35:52:046 0136 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:35:52:109 0136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:35:52:203 0136 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
21:35:52:296 0136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:35:52:359 0136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:35:52:484 0136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:35:52:640 0136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:35:52:687 0136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:35:52:843 0136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:35:52:890 0136 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:35:52:953 0136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:35:53:000 0136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:35:53:062 0136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:35:53:156 0136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:35:53:234 0136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:35:53:296 0136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:35:53:328 0136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:35:53:406 0136 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
21:35:53:500 0136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:35:53:593 0136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:35:53:703 0136 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:35:53:765 0136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:35:53:828 0136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:35:53:875 0136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:35:53:921 0136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:35:53:968 0136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:35:54:046 0136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:35:54:140 0136 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:35:54:234 0136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:35:54:281 0136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:35:54:312 0136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:35:54:359 0136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:35:54:406 0136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:35:54:453 0136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:35:54:500 0136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:35:54:562 0136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:35:54:593 0136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:35:54:640 0136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:35:54:687 0136 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:35:54:718 0136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:35:54:765 0136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:35:54:859 0136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:35:54:906 0136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:35:55:000 0136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:35:55:062 0136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:35:55:125 0136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:35:55:187 0136 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
21:35:55:250 0136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:35:55:312 0136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:35:55:375 0136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:35:55:421 0136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:35:55:546 0136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:35:55:578 0136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:35:55:906 0136 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
21:35:55:984 0136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:35:56:015 0136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:35:56:046 0136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:35:56:125 0136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:35:56:171 0136 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
21:35:56:234 0136 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:35:56:500 0136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:35:56:531 0136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:35:56:562 0136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:35:56:625 0136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:35:56:656 0136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:35:56:765 0136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:35:56:812 0136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:35:56:906 0136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:35:56:968 0136 RTL8023 (3dee06e12bac87168089040d3c86fbea) C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
21:35:57:046 0136 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:35:57:156 0136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:35:57:203 0136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:35:57:250 0136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:35:57:281 0136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:35:57:406 0136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:35:57:468 0136 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
21:35:57:562 0136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:35:57:718 0136 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:35:57:812 0136 SSHDRV65 (a322501277d7733f5266581b79b8cc79) C:\WINDOWS\system32\drivers\SSHDRV65.sys
21:35:57:890 0136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:35:57:937 0136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:35:58:203 0136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:35:58:250 0136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:35:58:343 0136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:35:58:390 0136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:35:58:421 0136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:35:58:515 0136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:35:58:625 0136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:35:58:734 0136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:35:58:796 0136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:35:58:843 0136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:35:58:921 0136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:35:58:968 0136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:35:59:031 0136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:35:59:062 0136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:35:59:140 0136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:35:59:203 0136 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
21:35:59:281 0136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:35:59:375 0136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:35:59:437 0136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:35:59:500 0136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:35:59:500 0136
21:35:59:500 0136 Completed
21:35:59:500 0136
21:35:59:500 0136 Results:
21:35:59:500 0136 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:35:59:500 0136 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:35:59:515 0136
21:35:59:515 0136 KLMD(ARK) unloaded successfully

That should be all of them.

#6 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 06 July 2010 - 08:05 PM

We are making progress. The only really bad thing I see now is:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40 213.109.75.90

The first IP address is your router. The next two are malware DNS in Russia. There is a possibility that your router has been infected. IF this line returns after the following then we will need to reset the router to factory defaults. What make and model is it and are you using it for encrypted wireless or as a DSL router?

Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys -- (bDMusicb)
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
[2009/12/05 15:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB  (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40 213.109.75.90
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

:Files
C:\WINDOWS\System32\appmgmts.dll
C:\WINDOWS\System32\hidserv.dll
C:\WINDOWS\System32\CTHWIUT.DLL
C:\WINDOWS\System32\CTEXFIFX.DLL
C:\WINDOWS\System32\CT20XUT.DLL 

:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

You have a few signs that you may have had a Conficker infection. Please use your browser to go to:
http://www.confickerworkinggroup.org/infec...cfeyechart.html

Can you see all six pictures in the top table?

Ron

#7 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 07 July 2010 - 03:25 PM

Hi,
I can see all 6 pictures on that site. The new OTL log follows:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll not found.
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File E:\INSTALL\GMSIPCI.SYS not found.
Service CTHWIUT.DLL stopped successfully!
Service CTHWIUT.DLL deleted successfully!
File C:\WINDOWS\System32\CTHWIUT.DLL not found.
Service CTEXFIFX.DLL stopped successfully!
Service CTEXFIFX.DLL deleted successfully!
File C:\WINDOWS\System32\CTEXFIFX.DLL not found.
Service CT20XUT.DLL stopped successfully!
Service CT20XUT.DLL deleted successfully!
File C:\WINDOWS\System32\CT20XUT.DLL not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\catchme.sys not found.
Error: No service named bDMusicb was found to stop!
Service\Driver key bDMusicb not found.
File C:\DOCUME~1\LUGNUT~1\LOCALS~1\Temp\bDMusicb.sys not found.
Prefs.js: justintvpublisher@justin.tv:3.1.5.5 removed from extensions.enabledItems
C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins folder moved successfully.
C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc folder moved successfully.
C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\platform folder moved successfully.
C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\META-INF folder moved successfully.
C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv\components folder moved successfully.
C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\justintvpublisher@justin.tv folder moved successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Justin.tv Publisher
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Justin.tv Publisher\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Justin.tv Publisher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Justin.tv Publisher\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
AppMgmt removed from NetSvcs value successfully!
HidServ removed from NetSvcs value successfully!
========== FILES ==========
File\Folder C:\WINDOWS\System32\appmgmts.dll not found.
File\Folder C:\WINDOWS\System32\hidserv.dll not found.
File\Folder C:\WINDOWS\System32\CTHWIUT.DLL not found.
File\Folder C:\WINDOWS\System32\CTEXFIFX.DLL not found.
File\Folder C:\WINDOWS\System32\CT20XUT.DLL not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lugnutz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lugnutz87
->Temp folder emptied: 197007 bytes
->Temporary Internet Files folder emptied: 4624206 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27773020 bytes
->Flash cache emptied: 1018 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb

OTL by OldTimer - Version 3.2.7.1 log created on 07072010_171712

Files\Folders moved on Reboot...
C:\Documents and Settings\Lugnutz87\Local Settings\Temp\~DFB9D8.tmp moved successfully.
C:\Documents and Settings\Lugnutz87\Local Settings\Temporary Internet Files\Content.IE5\YOE6ZGY9\index[1].htm moved successfully.
C:\Documents and Settings\Lugnutz87\Local Settings\Temporary Internet Files\Content.IE5\FLCQZU6J\iframe[1].htm moved successfully.
C:\Documents and Settings\Lugnutz87\Local Settings\Temporary Internet Files\Content.IE5\FLCQZU6J\like[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT0700e.TMP not found!

Registry entries deleted on Reboot...

Thanks again for your help!

#8 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 07 July 2010 - 04:16 PM

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ron

#9 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 07 July 2010 - 05:16 PM

Here is the latest (and hopefully last

) one:

OTL logfile created on: 7/7/2010 7:11:32 PM - Run 3
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Lugnutz87\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 6.51 Gb Free Space | 17.48% Space Free | Partition Type: NTFS
Drive D: | 232.83 Gb Total Space | 32.92 Gb Free Space | 14.14% Space Free | Partition Type: FAT32
Drive E: | 630.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN
Current User Name: Lugnutz87
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/05 23:12:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lugnutz87\My Documents\Downloads\OTL.exe
PRC - [2010/06/02 18:28:35 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 18:28:30 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 18:28:30 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 18:28:02 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 18:28:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/16 17:49:16 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/03/24 19:47:12 | 000,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2009/03/24 19:47:07 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/21 13:09:59 | 000,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/11/03 03:17:27 | 000,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

========== Modules (SafeList) ==========

MOD - [2010/07/05 23:12:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lugnutz87\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/24 00:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/16 17:49:16 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/13 17:04:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2010/06/02 18:28:30 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 18:28:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/04 22:45:04 | 004,807,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/03/16 17:48:40 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/09/02 20:43:06 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/02 20:43:03 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/19 08:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/11/04 14:26:20 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2008/10/06 15:20:09 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2003/10/13 01:29:00 | 000,066,688 | R--- | M] (NETGEAR ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Firefox\components [2010/06/28 18:29:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Firefox\plugins [2010/06/28 18:29:54 | 000,000,000 | ---D | M]

[2009/07/27 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Extensions
[2010/07/07 19:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions
[2010/04/26 21:58:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 09:25:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/23 22:10:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Lugnutz87\Application Data\Mozilla\Firefox\Profiles\po1ywmlp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

O1 HOSTS File: ([2010/07/06 21:17:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1260314066921 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212451221434 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1212451414981 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.65.40 213.109.75.90
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/20 10:17:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/05/06 08:36:00 | 000,000,059 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/05/08 05:18:48 | 000,491,520 | R--- | M] () - E:\AutorunArcanum.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 21:36:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/06 21:34:57 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lugnutz87\Desktop\TDSSKiller.exe
[2010/07/06 21:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Desktop\tdsskiller
[2010/07/06 21:15:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/06 18:22:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/06 18:22:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/06 18:22:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/06 18:22:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/06 18:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/06 18:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\AVG9
[2010/07/06 18:00:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/06 17:51:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/05 19:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Malwarebytes
[2010/07/05 19:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/05 19:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/05 19:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/05 19:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/05 19:38:38 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lugnutz87\Desktop\bubba.exe
[2010/06/25 19:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/06/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2010/06/22 18:15:00 | 000,000,000 | ---D | C] -- C:\DSAVANT
[2010/06/22 18:13:37 | 000,000,000 | ---D | C] -- C:\WIZARD15
[2010/06/07 19:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/07 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade Savegames
[2010/06/07 17:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Mount&Blade
[2010/06/05 17:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\bios
[2010/06/05 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\memcards
[2010/06/03 22:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\Media Player Classic
[2010/05/31 21:15:30 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/05/31 21:15:30 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/05/31 21:15:30 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/05/31 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/05/31 21:11:21 | 016,418,083 | ---- | C] ( ) -- C:\Documents and Settings\Lugnutz87\My Documents\K-Lite_Codec_Pack_600_Full.exe
[2010/05/28 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\Procaster
[2010/05/28 19:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2010/05/27 21:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2010/05/27 21:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/27 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/05/27 21:27:25 | 000,000,000 | ---D | C] -- C:\ATI
[2010/05/27 21:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/05/27 20:51:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/05/27 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/27 20:50:56 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/27 20:35:13 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/05/27 20:35:13 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/05/27 20:35:13 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/05/27 20:35:12 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/05/27 20:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\ATI
[2010/05/27 20:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\Application Data\ATI
[2010/05/15 20:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/15 20:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/15 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lugnutz87\My Documents\StarCraft II Beta
[2010/05/15 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard Entertainment
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2008/06/02 20:24:29 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/07 18:00:24 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/07/07 18:00:24 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/07/07 18:00:23 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/07/07 17:27:44 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Lugnutz87\NTUSER.DAT
[2010/07/07 17:19:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 17:19:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 17:18:01 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/07 17:18:01 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/07 17:18:01 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/07/07 17:17:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lugnutz87\ntuser.ini
[2010/07/07 17:13:51 | 061,711,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 21:34:37 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\tdsskiller.zip
[2010/07/06 21:17:37 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 21:17:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/06 17:57:11 | 003,727,937 | R--- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\george.exe
[2010/07/05 19:50:34 | 000,227,452 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\screenshot.JPG
[2010/07/05 19:38:22 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lugnutz87\Desktop\bubba.exe
[2010/07/05 19:26:40 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\hook.ini
[2010/07/05 19:16:21 | 002,105,572 | -H-- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\IconCache.db
[2010/07/05 16:14:33 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/07/04 11:53:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 21:22:22 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Arcanum.lnk
[2010/07/02 16:10:48 | 000,000,295 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2010/07/02 13:09:17 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Master of Orion II.lnk
[2010/07/01 22:58:24 | 000,208,896 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lugnutz87\Desktop\TDSSKiller.exe
[2010/06/25 19:48:31 | 000,000,410 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Dragon Age Origins.lnk
[2010/06/24 23:17:15 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 23:17:15 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 23:17:15 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 23:11:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/06/23 23:11:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/06/23 22:42:32 | 000,014,372 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean2.SGM
[2010/06/23 22:36:24 | 000,014,372 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean1.SGM
[2010/06/23 18:31:26 | 000,001,043 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2010/06/22 19:12:57 | 000,106,279 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\gh.JPG
[2010/06/22 18:50:30 | 000,000,094 | ---- | M] () -- C:\WIZ.INI
[2010/06/22 18:50:18 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Wizardry Gold.lnk
[2010/06/12 19:09:38 | 000,126,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 18:30:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 17:29:18 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade.lnk
[2010/06/05 17:42:53 | 000,791,582 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\PSX1.7.zip
[2010/06/02 18:28:30 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 18:28:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 21:13:25 | 016,418,083 | ---- | M] ( ) -- C:\Documents and Settings\Lugnutz87\My Documents\K-Lite_Codec_Pack_600_Full.exe
[2010/05/28 14:58:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/28 14:58:41 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\ZoneAlarm Security.lnk
[2010/05/28 14:58:38 | 000,420,890 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/27 21:02:24 | 000,021,432 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 21:02:16 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Driver Sweeper.lnk
[2010/05/27 16:15:11 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/27 04:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/27 04:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/05/23 18:05:22 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\Desktop\StarCraft II Beta.lnk
[2010/05/15 19:59:28 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Majesty 2.doc
[2010/05/04 21:27:02 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/05/04 21:26:52 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/05/04 21:26:46 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/05/04 21:26:42 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/05/04 21:24:28 | 000,479,664 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/04 21:24:22 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/05/04 21:24:22 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/05/04 21:23:52 | 000,042,640 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 14:55:28 | 000,021,290 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010/04/13 13:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/13 09:02:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders (2).lnk
[2010/04/13 09:02:51 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders.lnk

========== Files Created - No Company Name ==========

[2010/07/06 21:34:36 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\tdsskiller.zip
[2010/07/06 18:22:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/06 18:22:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/06 18:22:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/06 18:22:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/06 18:22:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/06 17:57:10 | 003,727,937 | R--- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\george.exe
[2010/07/05 20:45:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\gmer.exe
[2010/07/05 19:50:34 | 000,227,452 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\screenshot.JPG
[2010/07/05 19:26:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\hook.ini
[2010/07/05 19:26:15 | 000,787,456 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\D3dHook.dll
[2010/07/05 19:26:15 | 000,755,712 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\D3DWindower-English.exe
[2010/07/02 21:07:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010/07/02 16:10:48 | 000,000,295 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/07/02 13:09:17 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Master of Orion II.lnk
[2010/06/22 21:50:00 | 000,014,372 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean2.SGM
[2010/06/22 20:51:16 | 000,014,372 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\sean1.SGM
[2010/06/22 19:12:57 | 000,106,279 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\gh.JPG
[2010/06/22 18:50:30 | 000,000,094 | ---- | C] () -- C:\WIZ.INI
[2010/06/22 18:50:18 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Wizardry Gold.lnk
[2010/06/07 17:22:58 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Mount&Blade.lnk
[2010/06/05 17:42:53 | 000,791,582 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\PSX1.7.zip
[2010/05/31 21:15:31 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/31 21:15:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/31 21:15:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/05/31 21:15:29 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/31 21:15:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/31 21:15:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/31 21:15:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/27 21:02:16 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Driver Sweeper.lnk
[2010/05/27 20:35:13 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/05/27 20:35:13 | 000,479,664 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/27 20:35:13 | 000,042,640 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/05/27 20:35:13 | 000,021,290 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/05/27 20:35:11 | 000,203,331 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/05/27 20:35:11 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/05/27 16:15:09 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/05/15 19:56:29 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\Desktop\StarCraft II Beta.lnk
[2010/05/02 00:22:11 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Majesty 2.doc
[2010/04/13 09:02:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders (2).lnk
[2010/04/13 09:02:51 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lugnutz87\My Documents\Network Magic Folders.lnk
[2010/01/12 05:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/02 20:43:05 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/09/02 20:43:03 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/17 19:48:45 | 000,007,200 | ---- | C] () -- C:\WINDOWS\OUTHELP.DLL
[2009/08/17 19:33:57 | 000,000,177 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/06/19 15:04:44 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/19 15:04:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/19 15:04:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/04/02 17:47:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2009/04/02 17:46:51 | 000,001,043 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2009/01/25 14:05:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/05 23:20:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/04 14:26:20 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2008/10/10 08:33:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/03 12:03:32 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/07/11 16:50:28 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/10 11:36:25 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/06/11 22:30:10 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/06/02 20:25:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/08/24 11:50:24 | 000,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2007/08/24 11:50:24 | 000,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2006/05/24 01:00:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/07/26 17:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/11/06 14:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
[2009/12/01 14:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/11/04 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BioWare
[2010/01/27 18:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
[2008/08/11 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2008/06/02 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/05/06 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/02/20 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Paradox Interactive
[2008/11/03 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
[2010/02/13 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
[2010/04/03 16:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/11/06 14:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2008/11/22 11:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/06/02 20:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\acccore
[2010/07/06 18:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\AVG9
[2008/08/13 19:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\fltk.org
[2008/10/25 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Leadertech
[2010/06/07 19:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Mount&Blade
[2009/05/06 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\NCH Swift Sound
[2010/02/19 18:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\Tilted Mill
[2010/07/04 00:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lugnutz87\Application Data\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
< End of report >

#10 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 07 July 2010 - 06:01 PM

It came back again. What make and model router do you have? Is there a separate DSL or Cable modem? Are you using Wireless with encryption? Who is your ISP?

Ron

#11 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 07 July 2010 - 06:33 PM

I have a Linksys Wireless-N router. Model wrt160n v3. Separate cable modem. The computer is hard wired into the router since they are right next to each other and the other devices are in the other room. WPA2 is the encrytpion? ISP is Time Warner.

#12 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 07 July 2010 - 06:41 PM

Look on the back of the router. There should be a button Called RESET. Push it and hold it for about 10 seconds then let go. Now go to the PC. Open a Command Prompt. (Start, All Programs, Accessories, Command Prompt)

Type (with an Enter after each line. I use 2 spaces where one space belongs so you can see it) :

ipconfig  /release

ipconfig  /renew

ipconfig  /all

After the last one inspect the results. It really should not have anything but 192.168.1.1 where it says DNS Servers.

Ron

#13 Rolph

Group: Member
Posts: 13
Joined: 05-July 10

Posted 07 July 2010 - 07:00 PM

It has 209.18.47.61 and .62 listed after the 192.168.1.1

#14 RKinner

Group: Expert
Posts: 8,273
Joined: 19-April 05

Posted 07 July 2010 - 09:25 PM

Let's see if we can manually fix it.

1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 192.168.1.1 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Close the windows then run the same ipconfig commands as last time.

Ron