Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by TheHardDriver , Jul 10 2010 12:05 PM

  • This topic is locked This topic is locked

#1
TheHardDriver
Posted 10 July 2010 - 12:05 PM

TheHardDriver

    Member

  • Member
  • PipPip
  • 34 posts
Google searches produce results that when clicked are redirected to other sites. The sites are typically other search engines or business sites that have some of the search words displayed in them. The problem occurs on all of the accounts on the infected PC. Initially, only the first four clicked links from a Google search would be redirected; any returned link that is clicked gets redirected.

Note that if I use the Norton Safe Search toolbar I am able to access any of the returned links without a redirection.

I have downloaded and independently run the following programs to correct the problem(s). Spyware Doctor, SuperAntiSpyware, StopZilla, the ATF Cleaner and the Norton Security Suite. Initially, all of them found issues on my PC but none fixed the browser redirect problem.

Here are the contents of my mbam log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4299

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2010 7:25:52 AM
mbam-log-2010-07-10 (07-25-52).txt

Scan type: Quick scan
Objects scanned: 184585
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected

Here is the GMER log.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 12:10:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\fgloapow.sys


---- System - GMER 1.0.15 ----

SSDT 895C5180 ZwAlertResumeThread
SSDT 895C8058 ZwAlertThread
SSDT 89609868 ZwAllocateVirtualMemory
SSDT 895F2120 ZwAssignProcessToJobObject
SSDT 8A1F53C0 ZwConnectPort
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xBA630AC2]
SSDT 895E26D0 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6852D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6854C8]
SSDT 8960E148 ZwCreateSymbolicLinkObject
SSDT 89D61610 ZwCreateThread
SSDT 895F21E0 ZwDebugActiveProcess
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xBA630CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xBA630D5C]
SSDT 895CBA68 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT 8960BAC8 ZwFreeVirtualMemory
SSDT 895E27C0 ZwImpersonateAnonymousToken
SSDT 895C50A0 ZwImpersonateThread
SSDT 89B3FC60 ZwLoadDriver
SSDT 89D608C8 ZwMapViewOfSection
SSDT 8960F1E0 ZwOpenEvent
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xBA6309B2]
SSDT 895C6840 ZwOpenProcess
SSDT 895CB9A8 ZwOpenProcessToken
SSDT 895EF008 ZwOpenSection
SSDT 895CBB38 ZwOpenThread
SSDT 8960E008 ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6A7020]
SSDT 895C8138 ZwResumeThread
SSDT 896221E0 ZwSetContextThread
SSDT 895E90B0 ZwSetInformationProcess
SSDT 895EF0D0 ZwSetSystemInformation
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xBA630EF8]
SSDT 8960F100 ZwSuspendProcess
SSDT 895C8008 ZwSuspendThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xBA632BD6]
SSDT 89622100 ZwTerminateThread
SSDT 895E91A0 ZwUnmapViewOfSection
SSDT 89609778 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 3A0 804E2A0C 2 Bytes [E0, 21] {LOOPNZ 0x23}
.text ntoskrnl.exe!_abnormal_termination + 3A3 804E2A0F 1 Byte [89]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B83AA8AC 5 Bytes JMP 8A0F6770
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B82684D0 48 Bytes [03, A8, 1B, 4C, 0A, 12, A0, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\bbdd.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 026A003A

---- Devices - GMER 1.0.15 ----

Device 8A7391E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device 895BA790
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBPDO-0 8A0F01E8
Device \Driver\usbuhci \Device\USBPDO-1 8A0F01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7C31E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7C31E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7C31E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7C31E8
Device \Driver\usbuhci \Device\USBPDO-2 8A0F01E8
Device \Driver\usbuhci \Device\USBPDO-3 8A0F01E8
Device \Driver\usbehci \Device\USBPDO-4 8A0C11E8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7571E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7571E8
Device \Driver\Cdrom \Device\CdRom0 8A0B31E8
Device \Driver\iaStor \Device\Ide\iaStor0 8A7551E8
Device \Driver\atapi \Device\Ide\IdePort0 8A7C21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A7C21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A7C21E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 8A7551E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7571E8
Device \Driver\Cdrom \Device\CdRom1 8A0B31E8
Device \Driver\Cdrom \Device\CdRom2 8A0B31E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7571E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A7571E8
Device \Driver\Cdrom \Device\CdRom3 8A0B31E8
Device \Driver\Cdrom \Device\CdRom4 8A0B31E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89624790
Device \Driver\Cdrom \Device\CdRom5 8A0B31E8
Device \Driver\sbp2port \Device\Sbp2Port0 8A7381E8
Device \Driver\sbp2port \Device\Sbp2Port1 8A7381E8
Device \Driver\NetBT \Device\NetbiosSmb 89624790

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBFDO-0 8A0F01E8
Device \Driver\usbuhci \Device\USBFDO-1 8A0F01E8
Device \Driver\sbp2port \Device\Sbp2\Seagate &ST3750640A &0&00101003_0000b7c7_Instance00 8A7381E8
Device \Driver\sbp2port \Device\Sbp2\Initio &ST3400832A &0&000bc203_0002e97c_Instance00 8A7381E8
Device \Driver\usbuhci \Device\USBFDO-2 8A0F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895DF790
Device \Driver\usbuhci \Device\USBFDO-3 8A0F01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{63CCF9AD-65D4-452A-BD79-9BB2C4A17929} 89624790
Device \Driver\Ftdisk \Device\FtControl 8A7571E8
Device \Driver\usbehci \Device\USBFDO-4 8A0C11E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8A083588
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 8A083588
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target2Lun0 8A083588
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target1Lun0 8A083588
Device \Driver\PCI_NTPNP5698 \Device\0000008d sptd.sys
Device \Driver\PCI_NTPNP5698 \Device\0000008d sptd.sys

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device 89D73790
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\bbdd@DependOnGroup
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x47 0x4B 0x3A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xE3 0x6E 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x18 0x8F 0xCD 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0x44 0xA1 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3B 0x6D 0x1D 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x47 0x4B 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xE3 0x6E 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x18 0x8F 0xCD 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -630215157
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -914281752
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x47 0x4B 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xE3 0x6E 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x18 0x8F 0xCD 0xF8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----


Here is the OTL log text file.
OTL logfile created on: 7/10/2010 12:13:48 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.28 Gb Total Space | 23.61 Gb Free Space | 10.30% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 6.75 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 698.64 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1KHH461
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 07:16:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2010/07/06 21:11:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/16 13:27:09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/17 00:18:36 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/05 04:59:00 | 000,569,344 | ---- | M] ( ) -- C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
PRC - [2008/06/24 15:53:13 | 000,586,408 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\LMabcoms.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/05 16:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\SYSTEM32\Tablet.exe
PRC - [2005/12/05 15:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
PRC - [2005/06/08 11:00:16 | 000,983,040 | ---- | M] (Premiere Radio Networks, Inc.) -- C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
PRC - [2004/06/29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/10 20:50:00 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/06/24 01:31:35 | 000,442,368 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2000/06/29 18:15:10 | 000,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2000/01/21 04:18:00 | 000,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/10 07:16:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
MOD - [2010/05/14 00:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/11/13 05:19:00 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL
MOD - [2003/05/16 01:01:51 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/06/24 15:53:13 | 000,586,408 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)
SRV - [2008/03/23 11:07:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/12/05 16:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\Tablet.exe -- (TabletService)
SRV - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Marnell\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - [2010/07/06 21:23:01 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100710.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/06 21:23:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/06 21:23:01 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 21:23:01 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100710.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/06 21:19:42 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 20:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/06/12 07:04:28 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\bbdd.sys -- (bbdd)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/12/05 17:53:58 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/09/16 08:03:40 | 000,005,632 | ---- | M] (DVD neXt COPY) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iTurnsDriver.sys -- (iTurns)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/21 23:07:44 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007/08/04 21:15:34 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/09/02 13:11:21 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2006/03/10 15:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fantom.sys -- (FANTOM)
DRV - [2005/12/31 20:59:36 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/11/29 16:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys -- (MarvinBus)
DRV - [2004/11/19 14:01:20 | 000,013,184 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB)
DRV - [2004/08/12 08:31:27 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 08:30:27 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 08:30:27 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 08:30:26 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 08:30:26 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 08:29:29 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 08:26:47 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 08:26:47 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 08:26:46 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 08:22:31 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:18:30 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:17:45 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:17:24 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:17:24 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:17:21 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/12 02:40:00 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/11 18:54:00 | 002,463,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/06 04:29:00 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/05 21:43:00 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/12 21:15:00 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/12 21:13:00 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/12 21:12:00 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/12 21:11:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/12 21:11:00 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/12 21:09:00 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/06/28 14:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2003/12/04 12:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/11/12 07:11:00 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/09/26 04:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/23 14:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcgame.sys -- (bcgame)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [1999/11/05 19:43:24 | 000,036,404 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local.,;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/06 22:06:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/07/06 21:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 21:11:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 21:11:22 | 000,000,000 | ---D | M]

[2008/09/07 17:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/07/10 07:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions
[2010/03/27 16:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/30 23:09:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/14 22:15:41 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/03/20 18:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\[email protected]
[2009/01/23 06:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\z4pz9rvy.John Dykes\extensions
[2009/01/23 06:51:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\z4pz9rvy.John Dykes\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/10 07:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 06:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/07/29 21:08:39 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/07/29 21:08:40 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/07/29 21:08:39 | 000,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/17 06:06:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/04/04 21:00:35 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/03/18 21:31:51 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/06/23 18:19:29 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03050024.dll

O1 HOSTS File: ([2010/07/09 22:51:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe (Premiere Radio Networks, Inc.)
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE ( )
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: dell4me.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: khow.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: runescape.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall32.cab (HPVirtualRooms32 Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1133020705028 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133025165375 (MUWebControl Class)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://mvt.mcafee.co...3,0,1,0/mvt.cab (McAfee Virtual Technician Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://xlonhcld.xlon...2ie05111501.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\xgusb.cpl (YAMAHA Corp.)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 07:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Geeks to Go
[2010/07/10 07:16:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/07/09 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\GooredFix Backups
[2010/07/09 22:44:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\John\Desktop\GooredFix.exe
[2010/07/09 22:31:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/09 22:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\erunt
[2010/07/06 21:41:03 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/07/06 21:41:03 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/07/06 21:41:03 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/07/06 21:41:03 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/07/06 21:41:03 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/07/06 21:41:02 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/07/06 21:41:02 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/07/06 21:41:02 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/07/06 21:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/07/06 21:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Tific
[2010/07/06 21:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Symantec
[2010/07/06 21:19:43 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/06 21:19:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/06 21:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/07/06 21:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/07/06 21:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/07/06 21:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Symantec
[2010/07/06 21:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/07/06 21:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/06 21:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/07/06 21:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/06/30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\John\Desktop\TDSSKiller.exe
[2010/06/24 12:00:16 | 000,000,000 | ---D | C] -- C:\19b8a8a6585d8dcefdcc
[2010/06/24 11:49:35 | 000,000,000 | ---D | C] -- C:\2b06d00645fb43155a5ed548
[2010/06/19 22:29:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/19 22:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Malware
[2010/06/19 17:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/06/19 17:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/06/19 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/06/19 11:20:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/19 11:15:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/19 11:15:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/19 11:15:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/19 11:15:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/19 11:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 11:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/19 09:05:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/19 09:05:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/19 09:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/18 17:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Threat Expert
[2010/06/17 18:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/17 01:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SUPERAntiSpyware.com
[2010/06/17 01:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/17 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/17 01:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Copy of Plugins
[2010/06/12 22:46:43 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/06/12 22:46:43 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/06/12 22:46:43 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/06/12 22:09:32 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/12 22:09:31 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/12 22:09:31 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/12 22:09:31 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/12 22:08:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/12 22:07:57 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/12 22:07:57 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/12 22:07:49 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\PC Tools
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/12 22:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/12 17:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2010/06/12 17:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/29 15:08:37 | 000,000,000 | ---D | C] -- C:\SMrpg
[2009/11/23 22:59:37 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2009/11/23 22:59:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabserv.dll
[2009/11/23 22:59:16 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabusb1.dll
[2009/11/23 22:59:16 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpmui.dll
[2009/11/23 22:59:16 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabiesc.dll
[2009/11/23 22:59:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabprox.dll
[2009/11/23 22:59:15 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\LMablmpm.dll
[2009/11/23 22:59:15 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpar1.dll
[2009/11/23 22:59:15 | 000,454,656 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabiobj.dll
[2009/11/23 22:59:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabinpa.dll
[2009/11/23 22:59:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpplc.dll
[2009/11/23 22:59:14 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabip1.dll
[2009/11/23 22:59:14 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabhcp.dll
[2009/11/23 22:59:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabcomm.dll
[2009/11/23 22:59:13 | 000,815,104 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabcomc.dll
[2005/02/19 22:15:43 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\John\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/10 11:32:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/10 08:01:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/10 07:50:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/10 07:50:30 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/07/10 07:50:25 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/10 07:50:15 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 07:50:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 07:50:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/10 07:50:04 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 07:48:31 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/10 07:48:31 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/10 07:48:31 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/10 07:48:31 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/10 07:48:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/07/10 07:48:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/07/10 07:48:31 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/07/10 07:48:31 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/07/10 07:48:08 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/07/10 07:48:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\NTUSER.INI
[2010/07/10 07:48:02 | 004,932,601 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/07/10 07:16:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\gmer.exe
[2010/07/10 07:16:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/07/09 22:51:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/07/09 22:47:12 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\John\Desktop\TDSSKiller.exe
[2010/07/09 22:44:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\John\Desktop\GooredFix.exe
[2010/07/08 23:58:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/08 17:51:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 21:47:19 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/07/06 21:46:39 | 000,015,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/06 21:33:51 | 000,000,759 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/06 21:33:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/06 21:33:51 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 21:20:21 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/06 21:19:42 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/06 21:19:42 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/06 21:19:42 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/06 21:19:42 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/06 21:15:58 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Norton Installation Files.lnk
[2010/07/05 18:46:41 | 000,003,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/24 16:52:25 | 000,536,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 16:52:25 | 000,465,250 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/24 16:52:25 | 000,081,298 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/22 00:51:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/19 17:14:49 | 000,020,480 | -H-- | M] () -- C:\SZKGFS.dat
[2010/06/18 17:45:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 18:06:00 | 000,102,640 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/12 07:04:28 | 000,080,896 | ---- | M] () -- C:\WINDOWS\System32\bbdd.sys
[2010/06/11 21:18:18 | 000,002,685 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/06/09 06:42:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/09 03:30:56 | 000,524,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 03:12:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 21:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/07 19:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/05/22 12:53:13 | 000,160,625 | ---- | M] () -- C:\Documents and Settings\John\Desktop\mosquito.mp3
[2010/05/18 20:58:56 | 000,002,781 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Omron Health Management Software.lnk
[2010/05/16 09:28:43 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 14:44:16 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/05 23:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/05 23:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/04 07:11:21 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/29 00:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/29 00:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/26 03:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/04/24 06:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/04/21 21:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/04/21 21:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/04/21 21:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/04/21 21:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[7 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\John\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 23:49:09 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/06 21:46:35 | 000,015,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/06 21:41:03 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/07/06 21:41:03 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/07/06 21:41:03 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/07/06 21:41:03 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/07/06 21:41:03 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/07/06 21:41:03 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/07/06 21:41:03 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/07/06 21:41:03 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/07/06 21:41:03 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/07/06 21:41:03 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/07/06 21:41:02 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/07/06 21:41:02 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/07/06 21:41:02 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/07/06 21:41:02 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/07/06 21:41:02 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/07/06 21:41:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/07/06 21:40:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/07/06 21:20:21 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/06 21:19:42 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/06 21:19:42 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/06 21:19:36 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/07/06 21:15:57 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Norton Installation Files.lnk
[2010/07/04 17:49:55 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/19 17:14:49 | 000,020,480 | -H-- | C] () -- C:\SZKGFS.dat
[2010/06/19 11:20:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/19 11:20:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/19 11:15:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/19 11:15:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/19 11:15:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/18 17:45:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 18:10:21 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 22:09:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/12 22:09:32 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/12 22:09:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/12 22:09:32 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/12 22:09:32 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/12 22:09:31 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/12 22:08:04 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/12 22:07:57 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/12 22:07:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/12 22:07:49 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/12 07:04:28 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\bbdd.sys
[2010/05/22 12:53:13 | 000,160,625 | ---- | C] () -- C:\Documents and Settings\John\Desktop\mosquito.mp3
[2010/05/16 09:28:43 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/16 07:47:50 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2009/05/16 07:47:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2009/05/16 07:47:38 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2009/05/16 07:47:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2009/05/16 07:47:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2009/05/16 07:47:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2009/05/16 07:47:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2009/05/16 07:47:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2008/07/29 21:08:54 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/09/26 17:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/09/24 18:57:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/21 23:07:44 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2007/08/10 18:59:25 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/31 23:29:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2006/11/26 00:47:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\FIOALL.INI
[2006/09/11 20:47:39 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/04/13 09:21:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/08 13:07:15 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/27 20:12:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\NS_Scan.ini
[2006/01/20 12:56:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
[2005/12/31 21:25:56 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/12/31 15:29:59 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/12/31 14:04:44 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2005/12/31 13:42:26 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2005/12/31 13:42:25 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2005/12/31 13:42:25 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2005/11/20 22:25:02 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/11/19 18:03:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/11/19 17:57:55 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson1240U.ini
[2005/11/19 17:32:08 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/19 16:56:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2005/11/19 16:55:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/11/19 16:55:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/11/19 16:09:08 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2005/11/19 16:06:41 | 000,001,056 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/11/19 16:06:38 | 000,000,683 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/11/19 14:08:59 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/09/01 19:09:49 | 000,000,881 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/21 08:17:49 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/03/20 19:40:06 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2005/02/19 22:16:35 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/19 22:16:00 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/02/19 22:16:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/19 22:15:50 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/23 11:13:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 11:12:44 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/23 11:04:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 11:01:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 06:55:04 | 000,000,460 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:25:56 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/09/24 18:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2006/09/02 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/12/31 14:04:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/31 09:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DShield
[2009/11/01 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDneXtCOPY
[2009/03/28 10:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2005/11/19 18:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/07/03 07:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2006/03/26 17:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/03/27 18:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2005/12/03 20:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/06/19 17:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/06 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/10 07:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/22 10:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yamaha
[2008/07/11 16:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/04/04 15:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 18:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/05/23 06:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{6AAC91C0-1AD0-4F12-9DD8-643304327374}
[2009/09/19 11:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 19:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/06/27 13:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A3C7B137-256A-456D-8167-80BD8B609851}
[2006/09/11 22:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ChessBase
[2009/04/17 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GARMIN
[2005/11/19 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\HotSync
[2009/06/29 20:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IObit
[2005/12/31 23:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\IsolatedStorage
[2004/12/02 20:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech
[2007/09/30 18:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OverDrive
[2006/03/26 17:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PACE Anti-Piracy
[2006/04/02 11:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Premiere
[2006/04/08 12:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Seven Zip
[2010/07/06 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Tific
[2008/06/23 18:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Viewpoint
[2008/07/29 21:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\webex
[2005/07/02 16:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\yamaha
[2006/05/23 06:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\{70FB0655-E21B-41AD-BF63-DA70B33B7138}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/04/05 17:17:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/06 21:33:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/19 11:31:17 | 000,023,632 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/16 21:27:01 | 000,000,431 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/06/16 21:27:00 | 000,000,102 | ---- | M] () -- C:\CybDefWebInstaller.log
[2006/09/02 13:10:54 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2004/11/22 06:58:24 | 000,004,840 | RH-- | M] () -- C:\DELL.SDR
[2010/03/20 09:57:20 | 000,000,026 | ---- | M] () -- C:\DVDPlayer.log
[2007/03/30 18:58:14 | 000,000,313 | ---- | M] () -- C:\fox.log
[2010/07/10 07:50:04 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/20 18:38:50 | 156,770,593 | ---- | M] () -- C:\HighLogging.log
[2005/12/31 21:00:50 | 003,901,280 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2005/11/28 06:44:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/09/18 16:51:05 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/12/02 19:38:01 | 000,019,259 | ---- | M] () -- C:\logfile
[2010/06/12 17:09:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 19:18:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 07:50:02 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/02/19 20:45:13 | 000,000,916 | ---- | M] () -- C:\remote_rocksim.version
[2005/07/02 19:04:17 | 000,001,326 | ---- | M] () -- C:\SearchIndex.edx
[2010/06/19 17:14:49 | 000,020,480 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/09 22:48:01 | 000,055,442 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_22.47.45_log.txt
[2010/07/09 22:57:42 | 000,055,442 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_22.57.28_log.txt
[2010/07/09 23:05:01 | 000,055,208 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_23.04.35_log.txt
[2006/10/01 13:04:38 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/11/28 07:11:09 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD64.DLL
[2005/04/15 00:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD78(2).DLL
[2005/04/15 00:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD78.DLL
[2004/04/23 00:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP64.DLL
[2005/04/15 00:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP78.DLL
[2008/08/21 03:34:00 | 000,061,952 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LMACAC4C.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.dat >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/11/28 00:40:14 | 000,524,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2005/11/28 06:31:00 | 000,323,584 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2005/11/28 00:40:14 | 025,690,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2005/11/28 00:40:14 | 005,767,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\SYSTEM32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 21:57:38

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1292 bytes -> C:\Program Files\WindowsUpdate:vOWxhw4XerRfzn0ANDJt51x5Vxo2h
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1144 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yr431n2EvaOLHbUdTQKIKBgkUl3
@Alternate Data Stream - 1126 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:XfxzVou5taFkxmUpfMze3njh
< End of report >


Here is the OTL extras log file.
OTL Extras logfile created on: 7/10/2010 12:13:48 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.28 Gb Total Space | 23.61 Gb Free Space | 10.30% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 6.75 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 698.64 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1KHH461
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LucasArts\SWKotOR\swupdate.exe" = C:\Program Files\LucasArts\SWKotOR\swupdate.exe:*:Enabled:Star Wars: Knights of the old Republic Update Program -- (BioWare Corp.)
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\SYSTEM32\LMabcoms.exe" = C:\WINDOWS\SYSTEM32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ( )
"C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE" = C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE:*:Enabled:Lexmark Status Messenger -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{0594472B-42DC-4E29-A161-2CCC011AE7DE}" = TurboTax 2008 wmniper
"{070E5D71-5806-46DE-A570-08F7AD1C868B}" = Fritz9
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{12B09031-A7E1-43B1-AC8C-A202B676B556}" = RemoteCapture 2.7.3
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2266EC3A-A00F-4912-952C-6CC0D4005446}" = TubeTilla
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34CFC77C-2584-409A-95D9-EC951251C098}" = Lemony Snicket's A Series of Unfortunate Events
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO® MINDSTORMS® NXT - English Language Pack
"{4246326C-E861-43CA-B47D-2357454385F9}" = LEGO® MINDSTORMS® NXT Software v1.0
"{43B94897-19CB-463F-832B-BA5E953DFA0E}" = Fritz9
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{49419AD6-0CBB-4B6E-80EB-4C13245F9D5A}" = Fritz9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C643986-DE3C-4737-8472-CCEC36CCC267}" = Studio Content CD
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5701A652-0DCF-40FE-8040-5C09368EEFD6}" = TubeTilla
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5F8434AA-E977-4A28-8D39-35969565DF53}" = MapSource - City Select North America v6
"{5F928EE1-ED35-4E6E-8FF8-325DD71927FD}" = PlexTools Professional V2.32a
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{646AE790-7D0B-417A-84B6-7C589C2BFB31}" = Fritz9
"{64967E3D-29C7-45C1-BF59-DDED52BC2D39}" = DVDneXtCOPY
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E1A25F0-B455-4A11-8E1E-4D3FC142164C}" = Fritz9
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = File Viewer Utility 1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban™
"{A7818C99-43F5-4573-B563-217F3EFBD07C}" =
"{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B9AD0-EBC3-4903-8A7A-BB9E40C28850}" = Xara Xtreme
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{E11A7A62-FBD9-4575-B874-B482DF213467}" = Fritz9
"{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO® MINDSTORMS® NXT Driver
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = OneTouch Software
"{F3BF1670-5541-45A2-AFD3-2AA2E9754EEE}" = Microsoft Picture It! Publishing Silver 2001
"{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Coast to Coast AM Media Center" = Coast to Coast AM Media Center
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVDneXtCOPY iTurns" = DVDneXtCOPY iTurns 1.5.4.2
"Easy-WebPrint" = Easy-WebPrint
"Etude Sight Reader 1.13_is1" = Etude Sight Reader 1.13
"Game Maker 7.0" = Game Maker 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{12B09031-A7E1-43B1-AC8C-A202B676B556}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{34CFC77C-2584-409A-95D9-EC951251C098}" = Lemony Snicket's A Series of Unfortunate Events
"InstallShield_{5F8434AA-E977-4A28-8D39-35969565DF53}" = MapSource - City Select North America v6
"InstallShield_{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Machinist2DLL" = Machinist2DLL
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mavis Beacon Teaches Typing Deluxe 17" = Mavis Beacon Teaches Typing Deluxe 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Panda ActiveScan" = Panda ActiveScan
"PhotoRecord" = Canon PhotoRecord
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RockSim9_is1" = RockSim 9.0.5f80
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"SMART PANEL for Scanner" = EPSON SMART PANEL for Scanner
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 420" = Half-Life 2: Episode Two
"Tablet Driver" = Tablet
"The Playroom" = The Playroom
"TroopMaster 2005" = TroopMaster 2005
"TroopMaster 2008" = TroopMaster 2008
"TurboTax 2005" = TurboTax 2005
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2007" = TurboTax Premier 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DVDneXtCOPY" = DVDneXtCOPY
"FamilySearch Indexing (www.familysearchindexing.org)" = FamilySearch Indexing (www.familysearchindexing.org)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2010 9:11:34 PM | Computer Name = D1KHH461 | Source = Bonjour Service | ID = 100
Description = 900: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/20/2010 9:11:34 PM | Computer Name = D1KHH461 | Source = Bonjour Service | ID = 100
Description = 912: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/20/2010 9:11:34 PM | Computer Name = D1KHH461 | Source = Bonjour Service | ID = 100
Description = 924: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/24/2010 5:57:08 PM | Computer Name = D1KHH461 | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070020

Error - 6/27/2010 12:39:44 AM | Computer Name = D1KHH461 | Source = Bonjour Service | ID = 100
Description = 888: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/27/2010 12:39:44 AM | Computer Name = D1KHH461 | Source = Bonjour Service | ID = 100
Description = 852: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/7/2010 12:00:53 PM | Computer Name = D1KHH461 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/7/2010 12:00:53 PM | Computer Name = D1KHH461 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/9/2010 11:41:03 PM | Computer Name = D1KHH461 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2010 8:58:05 AM | Computer Name = D1KHH461 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000cabd.

[ System Events ]
Error - 7/10/2010 7:58:59 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The IAA Event Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/10/2010 7:58:59 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/10/2010 7:58:59 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The lmab_device service terminated unexpectedly. It has done this
1 time(s).

Error - 7/10/2010 7:58:59 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/10/2010 7:59:00 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The TabletService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/10/2010 7:59:00 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/10/2010 7:59:00 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/10/2010 7:59:19 AM | Computer Name = D1KHH461 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume5'. It has
stopped monitoring the volume.

Error - 7/10/2010 8:01:34 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 7/10/2010 8:50:31 AM | Computer Name = D1KHH461 | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2


< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 10 July 2010 - 12:27 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Can you please post the 3 TDSSKiller logs?

[2010/07/09 22:48:01 | 000,055,442 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_22.47.45_log.txt
[2010/07/09 22:57:42 | 000,055,442 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_22.57.28_log.txt
[2010/07/09 23:05:01 | 000,055,208 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_23.04.35_log.txt
  • 0

#3
TheHardDriver
Posted 10 July 2010 - 12:35 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
They unfortunately are no longer on the PC. I suspect that I sloppily moved them to the recycle bin before taking the suggested steps to prepare for a an eventual post. Do you want me to re-run TDSSKiller then and post the files?
  • 0

#4
TheHardDriver
Posted 10 July 2010 - 12:38 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Disregard my previous comment. The 2nd search of my c:\ drive showed their location. Here they are.

22:57:28:734 3616 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
22:57:28:734 3616 ================================================================================
22:57:28:734 3616 SystemInfo:

22:57:28:734 3616 OS Version: 5.1.2600 ServicePack: 3.0
22:57:28:734 3616 Product type: Workstation
22:57:28:734 3616 ComputerName: D1KHH461
22:57:28:734 3616 UserName: John
22:57:28:734 3616 Windows directory: C:\WINDOWS
22:57:28:734 3616 System windows directory: C:\WINDOWS
22:57:28:734 3616 Processor architecture: Intel x86
22:57:28:734 3616 Number of processors: 1
22:57:28:734 3616 Page size: 0x1000
22:57:28:734 3616 Boot type: Normal boot
22:57:28:734 3616 ================================================================================
22:57:29:515 3616 Initialize success
22:57:29:515 3616
22:57:29:515 3616 Scanning Services ...
22:57:29:765 3616 Raw services enum returned 422 services
22:57:29:781 3616
22:57:29:781 3616 Scanning Drivers ...
22:57:29:968 3616 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
22:57:30:062 3616 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:57:30:125 3616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:57:30:171 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:57:30:234 3616 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:57:30:312 3616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:57:30:359 3616 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:57:30:421 3616 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:57:30:421 3616 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:57:30:437 3616 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:57:30:453 3616 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:57:30:484 3616 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:57:30:515 3616 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:57:30:531 3616 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:57:30:531 3616 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:57:30:578 3616 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:57:30:593 3616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:57:30:656 3616 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
22:57:30:718 3616 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:57:30:750 3616 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:57:30:765 3616 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:57:30:812 3616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:57:30:890 3616 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:57:31:093 3616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:57:31:125 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:57:31:140 3616 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
22:57:31:187 3616 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:57:31:250 3616 bbdd (a165620cfe6adf2ac8e230eddec76017) C:\WINDOWS\system32\bbdd.sys
22:57:31:250 3616 Suspicious file (NoAccess): C:\WINDOWS\system32\bbdd.sys. md5: a165620cfe6adf2ac8e230eddec76017
22:57:31:296 3616 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
22:57:31:312 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:57:31:421 3616 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys
22:57:31:453 3616 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:57:31:468 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:57:31:531 3616 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:57:31:593 3616 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
22:57:31:640 3616 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:57:31:656 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:57:31:671 3616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:57:31:687 3616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:57:31:750 3616 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:57:31:796 3616 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:57:31:890 3616 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
22:57:32:031 3616 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
22:57:32:109 3616 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
22:57:32:140 3616 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
22:57:32:203 3616 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
22:57:32:312 3616 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:57:32:375 3616 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:57:32:421 3616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:57:32:531 3616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:57:32:640 3616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
22:57:32:734 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:57:32:765 3616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:57:32:781 3616 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:57:32:859 3616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:57:32:890 3616 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:57:33:156 3616 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:57:33:328 3616 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
22:57:33:406 3616 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:57:33:625 3616 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
22:57:33:796 3616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:57:33:812 3616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:57:33:828 3616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:57:33:890 3616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:57:33:953 3616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:57:34:109 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:57:34:125 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:57:34:140 3616 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:57:34:234 3616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:57:34:312 3616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:57:34:406 3616 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
22:57:34:546 3616 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
22:57:34:734 3616 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
22:57:34:796 3616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:57:34:875 3616 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:57:34:984 3616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:57:35:125 3616 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:57:35:140 3616 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:57:35:203 3616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:57:35:359 3616 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:57:35:812 3616 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSxpx86.sys
22:57:36:062 3616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:57:36:140 3616 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:57:36:234 3616 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:57:36:359 3616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:57:36:468 3616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:57:36:500 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:57:36:531 3616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:57:36:671 3616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:57:36:718 3616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:57:36:781 3616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:57:36:843 3616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:57:36:984 3616 iTurns (abfa55dbc3bf60fe2b7424ad8c0f5bb9) C:\WINDOWS\system32\DRIVERS\iTurnsDriver.sys
22:57:37:140 3616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:57:37:156 3616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:57:37:187 3616 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
22:57:37:218 3616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:57:37:265 3616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:57:37:312 3616 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:57:37:375 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:57:37:390 3616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:57:37:406 3616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:57:37:437 3616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:57:37:453 3616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:57:37:484 3616 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:57:37:515 3616 mrtRate (5300cb219dcfebc7540ce61532db329e) C:\WINDOWS\system32\drivers\mrtRate.sys
22:57:37:531 3616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:57:37:593 3616 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:57:37:625 3616 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
22:57:37:640 3616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:57:37:671 3616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:57:37:687 3616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:57:37:703 3616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:57:37:750 3616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:57:37:765 3616 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:57:37:796 3616 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:57:37:812 3616 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
22:57:37:843 3616 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:57:38:000 3616 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100709.024\NAVENG.SYS
22:57:38:140 3616 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100709.024\NAVEX15.SYS
22:57:38:234 3616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:57:38:281 3616 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:57:38:281 3616 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:57:38:328 3616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:57:38:343 3616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:57:38:390 3616 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:57:38:390 3616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:57:38:453 3616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:57:38:468 3616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:57:38:484 3616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:57:38:531 3616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:57:38:562 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:57:38:671 3616 nv (ff9e307577ef21af498fd00a38ea3ac4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:57:38:765 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:57:38:781 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:57:38:796 3616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:57:38:812 3616 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
22:57:38:843 3616 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
22:57:38:890 3616 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
22:57:39:000 3616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:57:39:109 3616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:57:39:140 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:57:39:156 3616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:57:39:187 3616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:57:39:218 3616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:57:39:265 3616 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
22:57:39:296 3616 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
22:57:39:343 3616 pctplsg (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
22:57:39:406 3616 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
22:57:39:437 3616 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:57:39:453 3616 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:57:39:500 3616 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
22:57:39:515 3616 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
22:57:39:531 3616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:57:39:546 3616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:57:39:562 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:57:39:656 3616 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:57:39:671 3616 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:57:39:687 3616 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:57:39:703 3616 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:57:39:703 3616 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:57:39:734 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:57:39:750 3616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:57:39:750 3616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:57:39:765 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:57:39:781 3616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:57:39:796 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:57:39:812 3616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:57:39:843 3616 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:57:39:859 3616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:57:39:937 3616 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:57:40:078 3616 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:57:40:171 3616 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
22:57:40:203 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:57:40:234 3616 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
22:57:40:250 3616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:57:40:265 3616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:57:40:296 3616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:57:40:312 3616 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:57:40:328 3616 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:57:40:359 3616 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:57:40:390 3616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:57:40:437 3616 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
22:57:40:437 3616 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
22:57:40:453 3616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:57:40:515 3616 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
22:57:40:546 3616 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
22:57:40:578 3616 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:57:40:609 3616 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:57:40:625 3616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:57:40:640 3616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:57:40:687 3616 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:57:40:718 3616 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:57:40:750 3616 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
22:57:40:796 3616 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
22:57:40:828 3616 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:57:40:875 3616 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
22:57:40:953 3616 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
22:57:41:015 3616 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:57:41:031 3616 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:57:41:062 3616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:57:41:109 3616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:57:41:140 3616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:57:41:156 3616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:57:41:203 3616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:57:41:218 3616 TfFsMon (d2a1cd31200a6c9d3dfad022503e4836) C:\WINDOWS\system32\drivers\TfFsMon.sys
22:57:41:250 3616 TfNetMon (3e3a544d10b0ac1c4c133048f84390ac) C:\WINDOWS\system32\drivers\TfNetMon.sys
22:57:41:265 3616 TfSysMon (706be7328a35c39dbe449e10c1ac6a38) C:\WINDOWS\system32\drivers\TfSysMon.sys
22:57:41:281 3616 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:57:41:312 3616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:57:41:375 3616 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:57:41:390 3616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:57:41:437 3616 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:57:41:468 3616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:57:41:484 3616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:57:41:500 3616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:57:41:500 3616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:57:41:515 3616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:57:41:531 3616 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22:57:41:546 3616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:57:41:562 3616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:57:41:593 3616 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:57:41:625 3616 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
22:57:41:625 3616 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
22:57:41:640 3616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:57:41:656 3616 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:57:41:671 3616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:57:41:703 3616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:57:41:718 3616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:57:41:750 3616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:57:41:781 3616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:57:41:796 3616 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:57:42:078 3616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:57:42:187 3616 YMIDUSB (b4646f077f587da29bb85660be74d653) C:\WINDOWS\system32\Drivers\ymidusb.sys
22:57:42:187 3616
22:57:42:187 3616 Completed
22:57:42:187 3616
22:57:42:187 3616 Results:
22:57:42:187 3616 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:57:42:187 3616 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:57:42:187 3616
22:57:42:187 3616 KLMD(ARK) unloaded successfully

22:47:45:293 3080 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
22:47:45:293 3080 ================================================================================
22:47:45:293 3080 SystemInfo:

22:47:45:293 3080 OS Version: 5.1.2600 ServicePack: 3.0
22:47:45:293 3080 Product type: Workstation
22:47:45:293 3080 ComputerName: D1KHH461
22:47:45:293 3080 UserName: John
22:47:45:293 3080 Windows directory: C:\WINDOWS
22:47:45:293 3080 System windows directory: C:\WINDOWS
22:47:45:293 3080 Processor architecture: Intel x86
22:47:45:293 3080 Number of processors: 1
22:47:45:293 3080 Page size: 0x1000
22:47:45:293 3080 Boot type: Normal boot
22:47:45:293 3080 ================================================================================
22:47:47:809 3080 Initialize success
22:47:47:809 3080
22:47:47:809 3080 Scanning Services ...
22:47:47:887 3080 Raw services enum returned 422 services
22:47:47:887 3080
22:47:47:887 3080 Scanning Drivers ...
22:47:48:309 3080 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
22:47:48:497 3080 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:47:48:575 3080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:48:637 3080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:47:48:700 3080 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:47:48:762 3080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:47:48:840 3080 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:47:48:903 3080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:47:48:918 3080 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:47:48:918 3080 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:47:48:934 3080 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:47:48:950 3080 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:47:49:043 3080 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:47:49:184 3080 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:47:49:215 3080 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:47:49:262 3080 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:47:49:309 3080 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:47:49:340 3080 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
22:47:49:403 3080 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:47:49:450 3080 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:47:49:450 3080 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:47:49:481 3080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:49:528 3080 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:49:559 3080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:49:575 3080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:49:606 3080 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
22:47:49:637 3080 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:47:49:700 3080 bbdd (a165620cfe6adf2ac8e230eddec76017) C:\WINDOWS\system32\bbdd.sys
22:47:49:700 3080 Suspicious file (NoAccess): C:\WINDOWS\system32\bbdd.sys. md5: a165620cfe6adf2ac8e230eddec76017
22:47:49:731 3080 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
22:47:49:762 3080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:47:49:887 3080 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys
22:47:49:903 3080 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:47:49:934 3080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:47:50:200 3080 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:47:50:340 3080 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
22:47:50:387 3080 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:47:50:418 3080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:47:50:450 3080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:47:50:465 3080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:47:50:497 3080 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:47:50:528 3080 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:47:50:590 3080 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
22:47:50:668 3080 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
22:47:50:715 3080 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
22:47:50:778 3080 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
22:47:50:809 3080 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
22:47:50:840 3080 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:47:50:903 3080 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:47:50:934 3080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:47:50:997 3080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:47:51:247 3080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
22:47:51:309 3080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:47:51:356 3080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:47:51:372 3080 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:47:51:403 3080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:47:51:434 3080 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:47:51:528 3080 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:47:51:606 3080 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
22:47:51:637 3080 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:47:51:700 3080 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
22:47:51:762 3080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:47:51:793 3080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:47:51:809 3080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:47:51:825 3080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:47:51:840 3080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:47:51:872 3080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:52:012 3080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:52:106 3080 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:47:52:200 3080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:47:52:309 3080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:52:387 3080 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
22:47:52:481 3080 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
22:47:52:559 3080 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
22:47:52:575 3080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:52:622 3080 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:47:52:668 3080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:52:700 3080 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:47:52:731 3080 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:47:52:762 3080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:52:825 3080 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:47:53:137 3080 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSxpx86.sys
22:47:53:247 3080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:47:53:293 3080 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:47:53:309 3080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:47:53:325 3080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:47:53:356 3080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:47:53:387 3080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:53:418 3080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:53:497 3080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:53:575 3080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:53:637 3080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:53:668 3080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:53:715 3080 iTurns (abfa55dbc3bf60fe2b7424ad8c0f5bb9) C:\WINDOWS\system32\DRIVERS\iTurnsDriver.sys
22:47:53:840 3080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:53:887 3080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:47:54:059 3080 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
22:47:54:106 3080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:47:54:184 3080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:54:262 3080 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:47:54:325 3080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:47:54:356 3080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:47:54:372 3080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:47:54:403 3080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:47:54:434 3080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:47:54:450 3080 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:47:54:512 3080 mrtRate (5300cb219dcfebc7540ce61532db329e) C:\WINDOWS\system32\drivers\mrtRate.sys
22:47:54:543 3080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:47:54:606 3080 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:47:54:747 3080 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
22:47:54:934 3080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:47:55:012 3080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:47:55:075 3080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:47:55:106 3080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:47:55:184 3080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:47:55:215 3080 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:47:55:231 3080 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:47:55:325 3080 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
22:47:55:387 3080 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:47:55:637 3080 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100709.024\NAVENG.SYS
22:47:55:731 3080 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100709.024\NAVEX15.SYS
22:47:55:793 3080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:47:55:825 3080 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:47:55:856 3080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:47:55:872 3080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:47:56:059 3080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:47:56:090 3080 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:47:56:106 3080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:47:56:137 3080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:47:56:168 3080 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:47:56:184 3080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:47:56:231 3080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:47:56:262 3080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:47:56:372 3080 nv (ff9e307577ef21af498fd00a38ea3ac4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:47:56:575 3080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:47:56:637 3080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:47:56:684 3080 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:47:56:715 3080 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
22:47:56:762 3080 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
22:47:56:809 3080 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
22:47:56:840 3080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:47:56:872 3080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:47:56:934 3080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:47:57:043 3080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:47:57:153 3080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:47:57:200 3080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:47:57:325 3080 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
22:47:57:403 3080 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
22:47:57:465 3080 pctplsg (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
22:47:57:575 3080 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
22:47:57:622 3080 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:47:57:653 3080 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:47:57:684 3080 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
22:47:57:747 3080 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
22:47:57:778 3080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:47:57:793 3080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:47:57:793 3080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:47:57:840 3080 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:47:57:856 3080 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:47:57:856 3080 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:47:57:872 3080 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:47:57:950 3080 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:47:57:981 3080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:47:58:059 3080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:47:58:059 3080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:47:58:075 3080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:47:58:122 3080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:47:58:184 3080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:47:58:200 3080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:47:58:262 3080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:47:58:293 3080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:47:58:403 3080 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:47:58:418 3080 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:47:58:450 3080 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
22:47:58:497 3080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:47:58:559 3080 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
22:47:58:590 3080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:47:58:606 3080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:47:58:622 3080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:47:58:653 3080 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:47:58:668 3080 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:47:58:684 3080 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:47:58:715 3080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:47:58:762 3080 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
22:47:58:762 3080 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
22:47:58:778 3080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:47:58:840 3080 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
22:47:58:872 3080 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
22:47:59:059 3080 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:47:59:215 3080 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:47:59:278 3080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:47:59:309 3080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:47:59:340 3080 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:47:59:372 3080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:47:59:481 3080 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
22:47:59:559 3080 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
22:47:59:606 3080 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:47:59:653 3080 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
22:47:59:700 3080 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
22:47:59:747 3080 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:47:59:778 3080 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:47:59:809 3080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:47:59:840 3080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:47:59:872 3080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:48:00:122 3080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:48:00:168 3080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:48:00:215 3080 TfFsMon (d2a1cd31200a6c9d3dfad022503e4836) C:\WINDOWS\system32\drivers\TfFsMon.sys
22:48:00:309 3080 TfNetMon (3e3a544d10b0ac1c4c133048f84390ac) C:\WINDOWS\system32\drivers\TfNetMon.sys
22:48:00:325 3080 TfSysMon (706be7328a35c39dbe449e10c1ac6a38) C:\WINDOWS\system32\drivers\TfSysMon.sys
22:48:00:356 3080 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:48:00:387 3080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:48:00:434 3080 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:48:00:465 3080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:48:00:528 3080 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:48:00:559 3080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:48:00:575 3080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:48:00:590 3080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:48:00:606 3080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:48:00:622 3080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:48:00:653 3080 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22:48:00:684 3080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:48:00:715 3080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:48:00:731 3080 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:48:00:793 3080 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
22:48:00:793 3080 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
22:48:00:809 3080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:48:00:825 3080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:48:00:840 3080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:48:00:856 3080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:48:00:950 3080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:48:01:012 3080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:48:01:200 3080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:48:01:309 3080 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:48:01:387 3080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:48:01:450 3080 YMIDUSB (b4646f077f587da29bb85660be74d653) C:\WINDOWS\system32\Drivers\ymidusb.sys
22:48:01:465 3080
22:48:01:465 3080 Completed
22:48:01:465 3080
22:48:01:465 3080 Results:
22:48:01:465 3080 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:48:01:465 3080 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:48:01:465 3080
22:48:01:481 3080 KLMD(ARK) unloaded successfully


23:04:35:468 1220 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
23:04:35:468 1220 ================================================================================
23:04:35:468 1220 SystemInfo:

23:04:35:468 1220 OS Version: 5.1.2600 ServicePack: 3.0
23:04:35:468 1220 Product type: Workstation
23:04:35:468 1220 ComputerName: D1KHH461
23:04:35:468 1220 UserName: John
23:04:35:468 1220 Windows directory: C:\WINDOWS
23:04:35:468 1220 System windows directory: C:\WINDOWS
23:04:35:468 1220 Processor architecture: Intel x86
23:04:35:468 1220 Number of processors: 1
23:04:35:468 1220 Page size: 0x1000
23:04:35:468 1220 Boot type: Safe boot
23:04:35:468 1220 ================================================================================
23:04:37:796 1220 Initialize success
23:04:37:796 1220
23:04:37:796 1220 Scanning Services ...
23:04:48:031 1220 Raw services enum returned 422 services
23:04:48:046 1220
23:04:48:046 1220 Scanning Drivers ...
23:04:49:546 1220 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
23:04:49:718 1220 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:04:49:875 1220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:04:50:046 1220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:04:50:140 1220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:04:50:359 1220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:04:50:437 1220 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:04:50:484 1220 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:04:50:562 1220 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:04:50:687 1220 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:04:50:843 1220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:04:50:906 1220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:04:51:015 1220 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:04:51:125 1220 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:04:51:187 1220 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:04:51:250 1220 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:04:51:312 1220 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:04:51:468 1220 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
23:04:51:562 1220 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:04:51:625 1220 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:04:51:640 1220 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:04:51:703 1220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:04:51:812 1220 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:04:51:906 1220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:04:51:921 1220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:04:52:000 1220 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
23:04:52:062 1220 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:04:52:156 1220 bbdd (a165620cfe6adf2ac8e230eddec76017) C:\WINDOWS\system32\bbdd.sys
23:04:52:250 1220 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
23:04:52:312 1220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:04:52:703 1220 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys
23:04:53:859 1220 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:04:53:953 1220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:04:53:984 1220 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:04:54:078 1220 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
23:04:54:125 1220 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:04:54:156 1220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:04:54:171 1220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:04:54:187 1220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:04:54:218 1220 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:04:54:234 1220 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:04:54:296 1220 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
23:04:54:343 1220 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
23:04:54:390 1220 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
23:04:54:421 1220 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
23:04:54:453 1220 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
23:04:54:468 1220 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:04:54:515 1220 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:04:54:546 1220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:04:54:656 1220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:04:54:765 1220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
23:04:54:796 1220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:04:54:812 1220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:04:54:828 1220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:04:54:859 1220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:04:54:890 1220 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:04:54:968 1220 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:04:55:015 1220 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
23:04:55:031 1220 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:04:55:078 1220 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
23:04:55:109 1220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:04:55:125 1220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:04:55:140 1220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:04:55:156 1220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:04:55:187 1220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:04:55:203 1220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:04:55:234 1220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:04:55:250 1220 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:04:55:281 1220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:04:55:296 1220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:04:55:328 1220 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
23:04:55:375 1220 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
23:04:55:437 1220 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
23:04:55:453 1220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:04:55:468 1220 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:04:55:500 1220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:04:55:531 1220 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:04:55:546 1220 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:04:55:562 1220 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:04:55:687 1220 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:04:55:796 1220 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSxpx86.sys
23:04:55:828 1220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:04:55:843 1220 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:04:55:843 1220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:04:55:875 1220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:04:55:890 1220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:04:55:921 1220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:04:55:953 1220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:04:55:984 1220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:04:56:093 1220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:04:56:109 1220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:04:56:187 1220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:04:56:218 1220 iTurns (abfa55dbc3bf60fe2b7424ad8c0f5bb9) C:\WINDOWS\system32\DRIVERS\iTurnsDriver.sys
23:04:56:234 1220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:04:56:281 1220 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:04:56:328 1220 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
23:04:56:343 1220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:04:56:390 1220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:04:56:484 1220 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
23:04:56:515 1220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:04:56:546 1220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:04:56:562 1220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:04:56:640 1220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:04:56:656 1220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:04:56:703 1220 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:04:56:796 1220 mrtRate (5300cb219dcfebc7540ce61532db329e) C:\WINDOWS\system32\drivers\mrtRate.sys
23:04:56:812 1220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:04:56:859 1220 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:04:56:890 1220 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
23:04:56:906 1220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:04:56:937 1220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:04:56:953 1220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:04:56:968 1220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:04:57:015 1220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:04:57:046 1220 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:04:57:062 1220 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:04:57:093 1220 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
23:04:57:109 1220 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:04:57:187 1220 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100709.024\NAVENG.SYS
23:04:57:265 1220 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100709.024\NAVEX15.SYS
23:04:57:343 1220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:04:57:375 1220 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:04:57:390 1220 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:04:57:406 1220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:04:57:421 1220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:04:57:468 1220 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:04:57:468 1220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:04:57:500 1220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:04:57:515 1220 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:04:57:546 1220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:04:57:609 1220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:04:57:750 1220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:04:57:859 1220 nv (ff9e307577ef21af498fd00a38ea3ac4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:04:57:937 1220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:04:57:968 1220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:04:57:984 1220 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:04:58:015 1220 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
23:04:58:046 1220 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
23:04:58:093 1220 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
23:04:58:109 1220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:04:58:125 1220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:04:58:156 1220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:04:58:171 1220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:04:58:203 1220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:04:58:250 1220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:04:58:296 1220 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
23:04:58:328 1220 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
23:04:58:375 1220 pctplsg (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
23:04:58:437 1220 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
23:04:58:453 1220 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:04:58:484 1220 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:04:58:531 1220 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
23:04:58:546 1220 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
23:04:58:562 1220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:04:58:703 1220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:04:58:765 1220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:04:58:812 1220 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:04:58:828 1220 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:04:58:843 1220 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:04:58:859 1220 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:04:58:859 1220 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:04:58:890 1220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:04:58:921 1220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:04:58:937 1220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:04:58:937 1220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:04:58:968 1220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:04:58:984 1220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:04:58:984 1220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:04:59:015 1220 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:04:59:046 1220 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:04:59:109 1220 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:04:59:109 1220 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:04:59:140 1220 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
23:04:59:171 1220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:04:59:218 1220 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
23:04:59:234 1220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:04:59:250 1220 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:04:59:265 1220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:04:59:296 1220 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:04:59:312 1220 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:04:59:328 1220 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:04:59:359 1220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:04:59:390 1220 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
23:04:59:390 1220 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
23:04:59:406 1220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:04:59:468 1220 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
23:04:59:500 1220 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
23:04:59:531 1220 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
23:04:59:546 1220 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:04:59:562 1220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:04:59:609 1220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:04:59:687 1220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:04:59:718 1220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:04:59:781 1220 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
23:04:59:812 1220 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
23:04:59:890 1220 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:04:59:937 1220 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
23:04:59:968 1220 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
23:05:00:015 1220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:05:00:031 1220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:05:00:031 1220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:05:00:093 1220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:05:00:109 1220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:05:00:125 1220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:05:00:171 1220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:05:00:187 1220 TfFsMon (d2a1cd31200a6c9d3dfad022503e4836) C:\WINDOWS\system32\drivers\TfFsMon.sys
23:05:00:234 1220 TfNetMon (3e3a544d10b0ac1c4c133048f84390ac) C:\WINDOWS\system32\drivers\TfNetMon.sys
23:05:00:234 1220 TfSysMon (706be7328a35c39dbe449e10c1ac6a38) C:\WINDOWS\system32\drivers\TfSysMon.sys
23:05:00:265 1220 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:05:00:296 1220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:05:00:343 1220 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:05:00:390 1220 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:05:00:437 1220 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:05:00:453 1220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:05:00:468 1220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:05:00:484 1220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:05:00:484 1220 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:05:00:500 1220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:05:00:515 1220 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
23:05:00:546 1220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:05:00:562 1220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:05:00:640 1220 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:05:00:671 1220 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
23:05:00:671 1220 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
23:05:00:750 1220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:05:00:765 1220 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:05:00:781 1220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:05:00:812 1220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:05:00:843 1220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:05:00:859 1220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:05:00:875 1220 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:05:00:906 1220 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:05:00:921 1220 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:05:00:968 1220 YMIDUSB (b4646f077f587da29bb85660be74d653) C:\WINDOWS\system32\Drivers\ymidusb.sys
23:05:00:968 1220
23:05:00:968 1220 Completed
23:05:00:968 1220
23:05:00:968 1220 Results:
23:05:00:968 1220 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:05:00:968 1220 File objects infected / cured / cured on reboot: 0 / 0 / 0
23:05:00:968 1220
23:05:01:031 1220 KLMD(ARK) unloaded successfully
  • 0

#5
SweetTech
Posted 10 July 2010 - 12:38 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local.,;*.local
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://xlonhcld.xlontech.net/100348/qmpbet...2ie05111501.cab (Reg Error: Key error.)
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1292 bytes -> C:\Program Files\WindowsUpdate:vOWxhw4XerRfzn0ANDJt51x5Vxo2h
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1144 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yr431n2EvaOLHbUdTQKIKBgkUl3
@Alternate Data Stream - 1126 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:XfxzVou5taFkxmUpfMze3njh
:Files
flushdns /c
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



NEXT:



Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Edited by SweetTech, 10 July 2010 - 12:40 PM.

  • 0

#6
TheHardDriver
Posted 10 July 2010 - 07:55 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I ran OTL, GMER and JavaRe as you requested. The respective log files appear below.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E473A65C-8087-49A3-AFFD-C5BC4A10669B}
C:\WINDOWS\Downloaded Program Files\qsp2ie05111501.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Program Files\WindowsUpdate:vOWxhw4XerRfzn0ANDJt51x5Vxo2h deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:yr431n2EvaOLHbUdTQKIKBgkUl3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:XfxzVou5taFkxmUpfMze3njh deleted successfully.
========== FILES ==========
< flushdns /c >
C:\Documents and Settings\John\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\John\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Annelise
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Chandler
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jenna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 148084 bytes
->Temporary Internet Files folder emptied: 34391 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35202389 bytes
->Flash cache emptied: 1348 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marnell
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Annelise
->Flash cache emptied: 0 bytes

User: Chandler
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jenna
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Marnell
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07102010_134146

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_520.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_590.dat not found!

Registry entries deleted on Reboot...


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 20:44:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\fgloapow.sys


---- System - GMER 1.0.15 ----

SSDT 89602158 ZwAlertResumeThread
SSDT 89602008 ZwAlertThread
SSDT 8961DA78 ZwAllocateVirtualMemory
SSDT 895DB108 ZwAssignProcessToJobObject
SSDT 89E24308 ZwConnectPort
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xBA630AC2]
SSDT 88F2D0B0 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6852D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6854C8]
SSDT 896018C0 ZwCreateSymbolicLinkObject
SSDT 89D6CA98 ZwCreateThread
SSDT 895DB1E8 ZwDebugActiveProcess
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xBA630CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xBA630D5C]
SSDT 88F2A300 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT 895D04B8 ZwFreeVirtualMemory
SSDT 88F2D1A0 ZwImpersonateAnonymousToken
SSDT 89602078 ZwImpersonateThread
SSDT 89995D30 ZwLoadDriver
SSDT 89D58370 ZwMapViewOfSection
SSDT 88EB21A0 ZwOpenEvent
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xBA6309B2]
SSDT 88EB1618 ZwOpenProcess
SSDT 8961DB48 ZwOpenProcessToken
SSDT 89C2D1E0 ZwOpenSection
SSDT 88F2A3D0 ZwOpenThread
SSDT 896019B0 ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6A7020]
SSDT 895D7120 ZwResumeThread
SSDT 895F91A0 ZwSetContextThread
SSDT 8962A0B0 ZwSetInformationProcess
SSDT 89C2D0B8 ZwSetSystemInformation
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xBA630EF8]
SSDT 88EB20C0 ZwSuspendProcess
SSDT 895D71E0 ZwSuspendThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xBA632BD6]
SSDT 895F90C0 ZwTerminateThread
SSDT 8962A1A0 ZwUnmapViewOfSection
SSDT 895D0588 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 130 804E279C 4 Bytes CALL 1BD78552
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B82438AC 5 Bytes JMP 8A0FE1C8
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B81014D0 48 Bytes [D1, 5A, B2, 83, 6F, BF, 08, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\bbdd.sys The process cannot access the file because it is being used by another process.

---- Devices - GMER 1.0.15 ----

Device 8A7391E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device 89EC11E8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBPDO-0 8A0FD1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A0FD1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7C31E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7C31E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7C31E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7C31E8
Device \Driver\usbuhci \Device\USBPDO-2 8A0FD1E8
Device \Driver\usbuhci \Device\USBPDO-3 8A0FD1E8
Device \Driver\usbehci \Device\USBPDO-4 8A0D01E8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7571E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7571E8
Device \Driver\Cdrom \Device\CdRom0 8A0C2790
Device \Driver\iaStor \Device\Ide\iaStor0 8A7551E8
Device \Driver\atapi \Device\Ide\IdePort0 8A7C21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A7C21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A7C21E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 8A7551E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7571E8
Device \Driver\Cdrom \Device\CdRom1 8A0C2790
Device \Driver\Cdrom \Device\CdRom2 8A0C2790
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7571E8
Device \Driver\Cdrom \Device\CdRom3 8A0C2790
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A7571E8
Device \Driver\Cdrom \Device\CdRom4 8A0C2790
Device \Driver\NetBT \Device\NetBt_Wins_Export 89634790
Device \Driver\Cdrom \Device\CdRom5 8A0C2790
Device \Driver\sbp2port \Device\Sbp2Port0 8A7381E8
Device \Driver\sbp2port \Device\Sbp2Port1 8A7381E8
Device \Driver\NetBT \Device\NetbiosSmb 89634790

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\usbuhci \Device\USBFDO-0 8A0FD1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A0FD1E8
Device \Driver\sbp2port \Device\Sbp2\Seagate &ST3750640A &0&00101003_0000b7c7_Instance00 8A7381E8
Device \Driver\sbp2port \Device\Sbp2\Initio &ST3400832A &0&000bc203_0002e97c_Instance00 8A7381E8
Device \Driver\usbuhci \Device\USBFDO-2 8A0FD1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88EB51E8
Device 88EB51E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{63CCF9AD-65D4-452A-BD79-9BB2C4A17929} 89634790
Device \Driver\usbuhci \Device\USBFDO-3 8A0FD1E8
Device \Driver\usbehci \Device\USBFDO-4 8A0D01E8
Device \Driver\Ftdisk \Device\FtControl 8A7571E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8A08A1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 8A08A1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target2Lun0 8A08A1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target1Lun0 8A08A1E8
Device \Driver\PCI_NTPNP8194 \Device\0000008d sptd.sys
Device \Driver\PCI_NTPNP8194 \Device\0000008d sptd.sys

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device 88F181E8
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\bbdd@DependOnGroup
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x47 0x4B 0x3A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xE3 0x6E 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x18 0x8F 0xCD 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0x44 0xA1 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3B 0x6D 0x1D 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x47 0x4B 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xE3 0x6E 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x18 0x8F 0xCD 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -630215157
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -914281752
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x47 0x4B 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xE3 0x6E 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x64 0x62 0x02 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x18 0x8F 0xCD 0xF8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jul 10 20:48:45 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Program Files\Java\jre1.5.0_02

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_10

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\John\Application Data\Sun\Java\jre1.6.0_18

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.142_03

Found and removed: Software\Classes\JavaPlugin.142_06

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410206

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jul 10 20:49:42 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_06

------------------------------------

Finished reporting.
  • 0

#7
SweetTech
Posted 10 July 2010 - 08:03 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I'm going under the assumption that the redirects are still occurring.

If this is the case please do the following below:

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.



Are you still experiencing redirects after the router reset?

Edited by SweetTech, 10 July 2010 - 08:03 PM.

  • 0

#8
TheHardDriver
Posted 11 July 2010 - 03:06 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Your assumption is correct that I am still experiencing the browser redirection.

I reset the router to it's default settings and changed the default username and password. I also reset the port forwarding that I do in the router from my VOIP hardware. I attempted to make the settings changes in your instructions. However, I did not find manage network connection. I was able to find my way to the local area connection but under properties I see no reference to IP6v or IP4v. How do I proceed?
  • 0

#9
SweetTech
Posted 11 July 2010 - 03:15 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Could you try these instructions:


* Go to Start -> Control Panel -> Double click on Network Connections.
* Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.

* Select the General tab.
* Double click on Internet Protocol (TCP/IP).

Under General tab:

- Select "Obtain an IP address automatically".
- Select "Obtain DNS server address automatically".

* Click OK twice to save the settings.
* Reboot if you had to change any setting.

Edited by SweetTech, 17 July 2010 - 12:01 PM.

  • 0

#10
TheHardDriver
Posted 11 July 2010 - 03:40 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I made the settings changes to the local network connection as you had suggested. Upon a reboot, there was no redirection by clicking any of the first 4 responses from the search. Following this positive outlook, I shut down and restarted Firefox. The search responses are now being redirected as before.
  • 0

Advertisements

#11
SweetTech
Posted 11 July 2010 - 04:41 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Are the redirects just occurring in Firefox or in IE as well?



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

  • 0

#12
TheHardDriver
Posted 11 July 2010 - 06:32 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Yes the redirect occurs when I use IE as a browser like when I use Firefox as a browser.

I have completed the OTL scan that you requested and the log file is below.

OTL logfile created on: 7/11/2010 7:18:27 PM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.28 Gb Total Space | 24.25 Gb Free Space | 10.58% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 6.75 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 698.64 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1KHH461
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 07:16:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
PRC - [2010/06/16 13:27:09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/05 04:59:00 | 000,569,344 | ---- | M] ( ) -- C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
PRC - [2008/06/24 15:53:13 | 000,586,408 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\LMabcoms.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/05 16:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\SYSTEM32\Tablet.exe
PRC - [2005/12/05 15:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
PRC - [2005/06/08 11:00:16 | 000,983,040 | ---- | M] (Premiere Radio Networks, Inc.) -- C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
PRC - [2004/06/29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/10 20:50:00 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/06/24 01:31:35 | 000,442,368 | ---- | M] () -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2000/06/29 18:15:10 | 000,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2000/01/21 04:18:00 | 000,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/10 07:16:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
MOD - [2010/05/14 00:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/11/13 05:19:00 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL
MOD - [2003/05/16 01:01:51 | 000,053,248 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/06/24 15:53:13 | 000,586,408 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)
SRV - [2008/03/23 11:07:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/12/05 16:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\Tablet.exe -- (TabletService)
SRV - [2004/06/29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Marnell\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - [2010/07/06 21:23:01 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100711.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/06 21:23:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/06 21:23:01 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/06 21:23:01 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100711.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/06 21:19:42 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 20:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/06/12 07:04:28 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\bbdd.sys -- (bbdd)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/12/05 17:53:58 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/09/16 08:03:40 | 000,005,632 | ---- | M] (DVD neXt COPY) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iTurnsDriver.sys -- (iTurns)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/21 23:07:44 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007/08/04 21:15:34 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/09/02 13:11:21 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys -- (usbsermpt)
DRV - [2006/03/10 15:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fantom.sys -- (FANTOM)
DRV - [2005/12/31 20:59:36 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/11/29 16:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys -- (MarvinBus)
DRV - [2004/11/19 14:01:20 | 000,013,184 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB)
DRV - [2004/08/12 08:31:27 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 08:30:27 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 08:30:27 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 08:30:26 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 08:30:26 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 08:29:29 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 08:26:47 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 08:26:47 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 08:26:46 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 08:22:31 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 08:18:30 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 08:17:45 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 08:17:24 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 08:17:24 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 08:17:21 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/12 02:40:00 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/11 18:54:00 | 002,463,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/06 04:29:00 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/05 21:43:00 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/12 21:15:00 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/12 21:13:00 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/12 21:12:00 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/12 21:11:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/12 21:11:00 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/12 21:09:00 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/06/28 14:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2003/12/04 12:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/11/12 07:11:00 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/09/26 04:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/23 14:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcgame.sys -- (bcgame)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [1999/11/05 19:43:24 | 000,036,404 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/06 22:06:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/07/06 21:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/11 16:29:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 21:11:22 | 000,000,000 | ---D | M]

[2008/09/07 17:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/07/11 07:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions
[2010/03/27 16:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/30 23:09:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/14 22:15:41 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/03/20 18:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\[email protected]
[2009/01/23 06:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\z4pz9rvy.John Dykes\extensions
[2009/01/23 06:51:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\z4pz9rvy.John Dykes\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/11 07:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 06:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/07/29 21:08:39 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/07/29 21:08:40 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/07/29 21:08:39 | 000,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/17 06:06:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/04/04 21:00:35 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/03/18 21:31:51 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/06/23 18:19:29 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03050024.dll

O1 HOSTS File: ([2010/07/09 22:51:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe (Premiere Radio Networks, Inc.)
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE ( )
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: dell4me.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: khow.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: runescape.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall32.cab (HPVirtualRooms32 Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1133020705028 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133025165375 (MUWebControl Class)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://mvt.mcafee.co...3,0,1,0/mvt.cab (McAfee Virtual Technician Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\xgusb.cpl (YAMAHA Corp.)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 13:41:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/10 07:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Geeks to Go
[2010/07/10 07:16:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/07/09 22:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\GooredFix Backups
[2010/07/09 22:44:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\John\Desktop\GooredFix.exe
[2010/07/09 22:31:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/09 22:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\erunt
[2010/07/06 21:41:03 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/07/06 21:41:03 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/07/06 21:41:03 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/07/06 21:41:03 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/07/06 21:41:03 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/07/06 21:41:02 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/07/06 21:41:02 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/07/06 21:41:02 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/07/06 21:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/07/06 21:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Tific
[2010/07/06 21:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Symantec
[2010/07/06 21:19:43 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/06 21:19:42 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/06 21:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/07/06 21:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/07/06 21:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/07/06 21:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Symantec
[2010/07/06 21:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/07/06 21:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/06 21:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/07/06 21:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/06/30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\John\Desktop\TDSSKiller.exe
[2010/06/24 12:00:16 | 000,000,000 | ---D | C] -- C:\19b8a8a6585d8dcefdcc
[2010/06/24 11:49:35 | 000,000,000 | ---D | C] -- C:\2b06d00645fb43155a5ed548
[2010/06/19 22:29:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/19 22:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Malware
[2010/06/19 17:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/06/19 17:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/06/19 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/06/19 11:20:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/19 11:15:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/19 11:15:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/19 11:15:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/19 11:15:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/19 11:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 11:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/19 09:05:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/19 09:05:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/19 09:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/18 17:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Threat Expert
[2010/06/17 18:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/17 01:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SUPERAntiSpyware.com
[2010/06/17 01:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/17 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/17 01:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Copy of Plugins
[2010/06/12 22:46:43 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/06/12 22:46:43 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/06/12 22:46:43 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/06/12 22:09:32 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/12 22:09:31 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/12 22:09:31 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/12 22:09:31 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/12 22:08:04 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/12 22:07:57 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/12 22:07:57 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/12 22:07:49 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\PC Tools
[2010/06/12 22:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/12 22:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/12 17:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2010/06/12 17:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/23 22:59:37 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2009/11/23 22:59:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabserv.dll
[2009/11/23 22:59:16 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabusb1.dll
[2009/11/23 22:59:16 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpmui.dll
[2009/11/23 22:59:16 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabiesc.dll
[2009/11/23 22:59:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabprox.dll
[2009/11/23 22:59:15 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\LMablmpm.dll
[2009/11/23 22:59:15 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpar1.dll
[2009/11/23 22:59:15 | 000,454,656 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabiobj.dll
[2009/11/23 22:59:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabinpa.dll
[2009/11/23 22:59:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabpplc.dll
[2009/11/23 22:59:14 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabip1.dll
[2009/11/23 22:59:14 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabhcp.dll
[2009/11/23 22:59:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabcomm.dll
[2009/11/23 22:59:13 | 000,815,104 | ---- | C] ( ) -- C:\WINDOWS\System32\LMabcomc.dll
[2005/02/19 22:15:43 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\John\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/11 18:32:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/11 16:33:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/11 16:33:13 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/11 16:33:13 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/07/11 16:33:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/11 16:32:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 16:32:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/11 16:32:46 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 16:31:21 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/07/11 16:31:21 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/11 16:31:21 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/11 16:31:21 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/11 16:31:21 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/07/11 16:31:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/07/11 16:31:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/07/11 16:31:21 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/07/11 16:31:21 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/07/11 16:31:09 | 004,932,601 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/07/11 16:26:33 | 000,001,056 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/10 13:50:03 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\gmer.exe
[2010/07/10 07:48:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\NTUSER.INI
[2010/07/10 07:16:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/07/09 22:51:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/07/09 22:47:12 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\John\Desktop\TDSSKiller.exe
[2010/07/09 22:44:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\John\Desktop\GooredFix.exe
[2010/07/08 23:58:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/08 17:51:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 21:47:19 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/07/06 21:46:39 | 000,015,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/06 21:33:51 | 000,000,759 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/06 21:33:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/06 21:33:51 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 21:20:21 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/06 21:19:42 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/06 21:19:42 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/06 21:19:42 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/06 21:19:42 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/06 21:15:58 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Norton Installation Files.lnk
[2010/07/05 18:46:41 | 000,003,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/24 16:52:25 | 000,536,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 16:52:25 | 000,465,250 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/24 16:52:25 | 000,081,298 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/22 00:51:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/19 17:14:49 | 000,020,480 | -H-- | M] () -- C:\SZKGFS.dat
[2010/06/18 17:45:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 18:06:00 | 000,102,640 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/12 07:04:28 | 000,080,896 | ---- | M] () -- C:\WINDOWS\System32\bbdd.sys
[2010/06/11 21:18:18 | 000,002,685 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[7 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\John\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\John\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 23:49:09 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/06 21:46:35 | 000,015,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/06 21:41:03 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/07/06 21:41:03 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/07/06 21:41:03 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/07/06 21:41:03 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/07/06 21:41:03 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/07/06 21:41:03 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/07/06 21:41:03 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/07/06 21:41:03 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/07/06 21:41:03 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/07/06 21:41:03 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/07/06 21:41:02 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/07/06 21:41:02 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/07/06 21:41:02 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/07/06 21:41:02 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/07/06 21:41:02 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/07/06 21:41:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/07/06 21:40:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/07/06 21:20:21 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/06 21:19:42 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/06 21:19:42 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/06 21:19:36 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/07/06 21:15:57 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Norton Installation Files.lnk
[2010/07/04 17:49:55 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/06/19 17:14:49 | 000,020,480 | -H-- | C] () -- C:\SZKGFS.dat
[2010/06/19 11:20:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/19 11:20:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/19 11:15:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/19 11:15:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/19 11:15:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/18 17:45:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 18:10:21 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 22:09:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/12 22:09:32 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/12 22:09:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/12 22:09:32 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/12 22:09:32 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/12 22:09:31 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/12 22:08:04 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/12 22:07:57 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/12 22:07:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/12 22:07:49 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/12 07:04:28 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\bbdd.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/16 07:47:50 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2009/05/16 07:47:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2009/05/16 07:47:38 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2009/05/16 07:47:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2009/05/16 07:47:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2009/05/16 07:47:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2009/05/16 07:47:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2009/05/16 07:47:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2008/07/29 21:08:54 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/09/26 17:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/09/24 18:57:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/21 23:07:44 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2007/08/10 18:59:25 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/31 23:29:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2006/11/26 00:47:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\FIOALL.INI
[2006/09/11 20:47:39 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/04/13 09:21:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/08 13:07:15 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/27 20:12:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\NS_Scan.ini
[2006/01/20 12:56:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
[2005/12/31 21:25:56 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/12/31 15:29:59 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/12/31 14:04:44 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2005/12/31 13:42:26 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2005/12/31 13:42:25 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2005/12/31 13:42:25 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2005/11/20 22:25:02 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/11/19 18:03:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/11/19 17:57:55 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson1240U.ini
[2005/11/19 17:32:08 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/19 16:56:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2005/11/19 16:55:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/11/19 16:55:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/11/19 16:09:08 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2005/11/19 16:06:41 | 000,001,056 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/11/19 16:06:38 | 000,000,683 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/11/19 14:08:59 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/09/01 19:09:49 | 000,000,881 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/21 08:17:49 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/03/20 19:40:06 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2005/02/19 22:16:35 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/19 22:16:00 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/02/19 22:16:00 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/02/19 22:15:50 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/23 11:13:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 11:12:44 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/23 11:04:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 11:01:13 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/22 06:55:04 | 000,000,460 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:25:56 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/04/05 17:17:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/06 21:33:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/19 11:31:17 | 000,023,632 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/16 21:27:01 | 000,000,431 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/06/16 21:27:00 | 000,000,102 | ---- | M] () -- C:\CybDefWebInstaller.log
[2006/09/02 13:10:54 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2004/11/22 06:58:24 | 000,004,840 | RH-- | M] () -- C:\DELL.SDR
[2010/03/20 09:57:20 | 000,000,026 | ---- | M] () -- C:\DVDPlayer.log
[2007/03/30 18:58:14 | 000,000,313 | ---- | M] () -- C:\fox.log
[2010/07/11 16:32:46 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/20 18:38:50 | 156,770,593 | ---- | M] () -- C:\HighLogging.log
[2005/12/31 21:00:50 | 003,901,280 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2005/11/28 06:44:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/09/18 16:51:05 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/07/10 20:49:44 | 000,023,120 | ---- | M] () -- C:\JavaRa.log
[2007/12/02 19:38:01 | 000,019,259 | ---- | M] () -- C:\logfile
[2010/06/12 17:09:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/12 08:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 19:18:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/11 16:32:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/02/19 20:45:13 | 000,000,916 | ---- | M] () -- C:\remote_rocksim.version
[2005/07/02 19:04:17 | 000,001,326 | ---- | M] () -- C:\SearchIndex.edx
[2010/06/19 17:14:49 | 000,020,480 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/09 22:48:01 | 000,055,442 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_22.47.45_log.txt
[2010/07/09 22:57:42 | 000,055,442 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_22.57.28_log.txt
[2010/07/09 23:05:01 | 000,055,208 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_09.07.2010_23.04.35_log.txt
[2006/10/01 13:04:38 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/11/28 07:11:09 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD64.DLL
[2005/04/15 00:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD78(2).DLL
[2005/04/15 00:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD78.DLL
[2004/04/23 00:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP64.DLL
[2005/04/15 00:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP78.DLL
[2008/08/21 03:34:00 | 000,061,952 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LMACAC4C.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/11/28 00:40:14 | 000,524,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2005/11/28 06:31:00 | 000,323,584 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2005/11/28 00:40:14 | 025,690,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2005/11/28 00:40:14 | 005,767,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\SYSTEM32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 21:57:38

========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#13
SweetTech
Posted 11 July 2010 - 06:37 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#14
TheHardDriver
Posted 11 July 2010 - 09:33 PM

TheHardDriver

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I downloaded and ran ComboFix after disabling my anti-spyware anti-virus program as you had requested. ComboFix ran successfully and gave the following error message before producing the log file.

Cannot export RegRang00: Error opening file. There may be a disk or file system error. Once I clicked on 'ok' the log file was produced. I saved the log file and ran a Google search within Firefox (from the Firefox home page). Firefox was not listed as my default browser and I clicked 'no' to select it before I ran my search. The search completed successfully but when I clicked upon one of the entries I received the following message from Norton attached below. I then shut down Firefox and restarted it. I attemped the same search and clicked upon the same returned website from the search. It was redirected this time.

I also used the same search and clicked the same website from the search within
IE. The browser was redirected in IE as well.

The ComboFix log file appears below.

ComboFix 10-07-11.03 - John 07/11/2010 22:02:15.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1523 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-10 18:41 . 2010-07-10 18:41 -------- d-----w- C:\_OTL
2010-07-10 03:31 . 2010-07-10 03:31 -------- d-----w- C:\_OTM
2010-07-07 02:20 . 2010-07-07 02:20 -------- d-----w- c:\documents and settings\John\Application Data\Tific
2010-07-07 02:20 . 2010-07-07 02:20 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Symantec
2010-07-07 02:19 . 2010-07-07 02:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-07 02:19 . 2010-07-07 02:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-07 02:19 . 2010-07-07 02:47 -------- d-----w- c:\windows\system32\drivers\N360
2010-07-07 02:19 . 2010-07-07 02:19 -------- d-----w- c:\program files\Norton Security Suite
2010-07-07 02:19 . 2010-07-07 02:19 -------- d-----w- c:\program files\Windows Sidebar
2010-07-07 02:18 . 2010-07-07 02:18 -------- d-----w- c:\program files\NortonInstaller
2010-07-07 02:18 . 2010-07-07 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-07 02:15 . 2010-07-07 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-05 23:48 . 2010-07-05 23:48 -------- d-----w- c:\documents and settings\Annelise\Local Settings\Application Data\Threat Expert
2010-06-24 17:00 . 2010-06-24 17:00 -------- d-----w- C:\19b8a8a6585d8dcefdcc
2010-06-24 16:49 . 2010-06-24 16:49 -------- d-----w- C:\2b06d00645fb43155a5ed548
2010-06-23 01:17 . 2010-06-23 01:17 -------- d-----w- c:\documents and settings\Chandler\Local Settings\Application Data\Threat Expert
2010-06-22 00:37 . 2010-06-22 00:37 -------- d-----w- c:\documents and settings\Marnell\Local Settings\Application Data\Threat Expert
2010-06-19 22:14 . 2010-06-19 22:14 20480 ---ha-w- C:\SZKGFS.dat
2010-06-19 22:13 . 2010-06-19 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-19 22:13 . 2010-07-07 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-19 22:13 . 2010-06-19 22:13 -------- d-----w- c:\program files\Common Files\iS3
2010-06-19 14:05 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 14:05 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 14:05 . 2010-06-19 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 22:34 . 2010-06-18 22:34 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Threat Expert
2010-06-17 23:09 . 2010-06-17 23:09 -------- d-----w- c:\program files\iPod
2010-06-17 23:06 . 2010-06-17 23:06 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-17 23:00 . 2010-06-17 23:00 -------- d-----w- c:\program files\Bonjour
2010-06-17 06:10 . 2010-06-19 02:59 63488 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-17 06:10 . 2010-06-17 06:10 52224 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 06:10 . 2010-06-19 02:59 117760 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 06:09 . 2010-06-17 06:09 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2010-06-17 06:09 . 2010-06-17 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-17 06:09 . 2010-06-17 06:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-15 12:39 . 2010-06-15 12:39 503808 ----a-w- c:\documents and settings\Jenna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25690120-n\msvcp71.dll
2010-06-15 12:39 . 2010-06-15 12:39 61440 ----a-w- c:\documents and settings\Jenna\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-675e71b0-n\decora-sse.dll
2010-06-15 12:39 . 2010-06-15 12:39 499712 ----a-w- c:\documents and settings\Jenna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25690120-n\jmc.dll
2010-06-15 12:39 . 2010-06-15 12:39 12800 ----a-w- c:\documents and settings\Jenna\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-675e71b0-n\decora-d3d.dll
2010-06-15 12:39 . 2010-06-15 12:39 348160 ----a-w- c:\documents and settings\Jenna\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-25690120-n\msvcr71.dll
2010-06-13 03:46 . 2010-02-02 14:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-13 03:46 . 2010-02-02 14:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-13 03:07 . 2010-06-13 03:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-13 03:07 . 2010-06-13 03:07 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2010-06-13 03:07 . 2010-07-12 02:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-12 22:08 . 2010-06-12 22:08 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2010-06-12 22:08 . 2010-06-12 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-12 12:04 . 2010-06-12 12:04 80896 ----a-w- c:\windows\system32\bbdd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 02:52 . 2006-12-25 16:55 336 ----a-w- c:\windows\system32\tablet.dat
2010-07-12 02:51 . 2005-02-20 03:16 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-07-12 02:51 . 2005-02-20 03:16 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-07-11 01:49 . 2004-11-23 15:59 -------- d-----w- c:\program files\Java
2010-07-07 02:34 . 2006-01-01 03:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-07 02:20 . 2010-07-07 02:20 248 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-07-07 02:19 . 2010-07-07 02:19 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-07 02:19 . 2010-07-07 02:19 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-07 02:19 . 2008-11-25 12:23 -------- d-----w- c:\program files\Symantec
2010-07-07 01:12 . 2008-09-26 14:18 39 ----a-w- c:\documents and settings\Chandler\jagex_runescape_preferences.dat
2010-07-05 23:46 . 2010-07-04 22:49 3776 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-27 14:46 . 2010-06-13 03:07 -------- d-----w- c:\program files\Spyware Doctor
2010-06-22 05:51 . 2008-09-18 14:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-20 03:21 . 2009-08-16 01:46 -------- d-----w- c:\program files\DVDneXtCOPY2Pro
2010-06-20 03:21 . 2009-07-02 00:43 -------- d-----w- c:\program files\DVDneXtCOPY 3
2010-06-20 03:21 . 2009-07-01 11:23 -------- d-----w- c:\program files\DVDneXtCOPY2
2010-06-18 23:50 . 2004-12-17 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-18 22:49 . 2004-12-17 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 23:10 . 2009-09-28 12:06 -------- d-----w- c:\program files\iTunes
2010-06-17 23:09 . 2007-07-08 12:26 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 23:06 . 2009-09-21 23:35 102640 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-06-13 03:46 . 2010-06-13 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-08 02:16 . 2010-06-13 03:09 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21 . 2010-06-13 03:09 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-05-30 22:19 . 2010-05-30 22:19 503808 ----a-w- c:\documents and settings\Annelise\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3836e682-n\msvcp71.dll
2010-05-30 22:19 . 2010-05-30 22:19 499712 ----a-w- c:\documents and settings\Annelise\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3836e682-n\jmc.dll
2010-05-30 22:19 . 2010-05-30 22:19 348160 ----a-w- c:\documents and settings\Annelise\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3836e682-n\msvcr71.dll
2010-05-30 22:19 . 2010-05-30 22:19 61440 ----a-w- c:\documents and settings\Annelise\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2a0cfef9-n\decora-sse.dll
2010-05-30 22:19 . 2010-05-30 22:19 12800 ----a-w- c:\documents and settings\Annelise\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2a0cfef9-n\decora-d3d.dll
2010-05-30 22:19 . 2010-05-30 22:19 664 ----a-w- c:\documents and settings\Annelise\Local Settings\Application Data\d3d9caps.tmp
2010-05-29 22:47 . 2010-05-21 23:41 -------- d-sh--w- c:\documents and settings\Chandler\Application Data\lowsec
2010-05-27 12:17 . 2009-12-23 03:04 -------- d-----w- c:\documents and settings\Annelise\Application Data\U3
2010-05-23 16:20 . 2010-05-23 16:20 503808 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f0d7e7c-n\msvcp71.dll
2010-05-23 16:20 . 2010-05-23 16:20 499712 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f0d7e7c-n\jmc.dll
2010-05-23 16:20 . 2010-05-23 16:20 348160 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f0d7e7c-n\msvcr71.dll
2010-05-23 16:20 . 2010-05-23 16:20 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3ac8ce72-n\decora-sse.dll
2010-05-23 16:20 . 2010-05-23 16:20 12800 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3ac8ce72-n\decora-d3d.dll
2010-05-22 21:51 . 2010-05-22 21:51 503808 ----a-w- c:\documents and settings\Marnell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e14cfcf-n\msvcp71.dll
2010-05-22 21:51 . 2010-05-22 21:51 499712 ----a-w- c:\documents and settings\Marnell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e14cfcf-n\jmc.dll
2010-05-22 21:51 . 2010-05-22 21:51 348160 ----a-w- c:\documents and settings\Marnell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e14cfcf-n\msvcr71.dll
2010-05-22 21:51 . 2010-05-22 21:51 12800 ----a-w- c:\documents and settings\Marnell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30876560-n\decora-d3d.dll
2010-05-22 21:51 . 2010-05-22 21:51 61440 ----a-w- c:\documents and settings\Marnell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-30876560-n\decora-sse.dll
2010-05-22 00:41 . 2010-05-22 00:41 61440 ----a-w- c:\documents and settings\Chandler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-232dd3ad-n\decora-sse.dll
2010-05-22 00:41 . 2010-05-22 00:41 503808 ----a-w- c:\documents and settings\Chandler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54cb37cd-n\msvcp71.dll
2010-05-22 00:41 . 2010-05-22 00:41 499712 ----a-w- c:\documents and settings\Chandler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54cb37cd-n\jmc.dll
2010-05-22 00:41 . 2010-05-22 00:41 348160 ----a-w- c:\documents and settings\Chandler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54cb37cd-n\msvcr71.dll
2010-05-22 00:41 . 2010-05-22 00:41 12800 ----a-w- c:\documents and settings\Chandler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-232dd3ad-n\decora-d3d.dll
2010-05-19 21:11 . 2010-02-08 01:40 -------- d-----w- c:\documents and settings\Chandler\Application Data\U3
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 14:28 . 2005-10-26 10:39 -------- d-----w- c:\program files\Google
2010-05-09 20:55 . 2005-08-24 21:44 156768 ----a-w- c:\documents and settings\Jenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 10:41 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-12 13:33 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-30 01:25 . 2004-12-12 03:55 156768 ----a-w- c:\documents and settings\Chandler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 12:02 . 2005-02-03 15:30 156768 ----a-w- c:\documents and settings\Marnell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-20 05:30 . 2004-08-12 13:17 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 01:47 . 2009-04-04 20:14 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 01:47 . 2009-04-04 20:14 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 11:06 . 2010-04-17 11:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2008-07-30 02:08 . 2008-07-30 02:08 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-07-30 02:08 . 2008-07-30 02:08 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-19_16.28.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-07-12 02:54 . 2010-07-12 02:54 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2010-07-12 02:52 . 2010-07-12 02:52 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2010-07-12 02:52 . 2010-07-12 02:52 16384 c:\windows\Temp\Perflib_Perfdata_49c.dat
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\SYSTEM32\PresentationHostProxy.dll
- 2004-11-23 15:52 . 2010-06-09 11:42 81298 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-11-23 15:52 . 2010-06-24 21:52 81298 c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\SYSTEM32\netfxperf.dll
- 2009-09-19 16:06 . 2009-05-18 19:17 26600 c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-09-19 16:06 . 2009-05-18 22:17 26600 c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-07-07 02:41 . 2010-04-22 02:29 43696 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\srtspx.sys
+ 2008-01-29 17:01 . 2009-05-18 22:17 26600 c:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys
- 2008-01-29 17:01 . 2009-05-18 19:17 26600 c:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys
+ 2004-12-03 01:23 . 2010-07-05 23:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-03 01:23 . 2010-06-18 22:34 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-03 01:23 . 2010-06-18 22:34 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2010-06-19 22:47 . 2010-07-05 23:48 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-06-24 16:54 . 2008-07-25 16:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23546\System.Drawing.Design.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-24 22:05 . 2010-06-24 22:05 60928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-24 22:09 . 2010-06-24 22:09 37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-24 21:57 . 2010-06-24 21:57 47104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-24 21:56 . 2010-06-24 21:56 39424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-09 08:05 . 2010-06-09 08:05 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\SYSTEM32\PresentationHost.exe
- 2004-11-23 15:52 . 2010-06-09 11:42 465250 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-11-23 15:52 . 2010-06-24 21:52 465250 c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\SYSTEM32\mscoree.dll
+ 2008-01-29 18:02 . 2008-04-17 21:12 107368 c:\windows\SYSTEM32\GEARAspi.dll
- 2008-01-29 18:02 . 2008-04-17 18:12 107368 c:\windows\SYSTEM32\GEARAspi.dll
- 2009-09-19 16:06 . 2008-04-17 18:12 107368 c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2009-09-19 16:06 . 2008-04-17 21:12 107368 c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-07-07 02:41 . 2010-05-06 04:01 339504 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symtdiv.sys
+ 2010-07-07 02:41 . 2010-05-06 04:01 361904 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symtdi.sys
+ 2010-07-07 02:41 . 2010-04-22 03:02 173104 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys
+ 2010-07-07 02:41 . 2009-10-15 03:50 328752 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys
+ 2010-07-07 02:41 . 2010-04-22 02:29 325680 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\srtsp.sys
+ 2010-07-07 02:41 . 2010-04-29 05:03 116784 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys
+ 2010-07-07 02:41 . 2010-02-26 00:22 501888 c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-06-24 16:54 . 2008-07-25 16:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23546\AspNetMMCExt.dll
+ 2010-07-10 03:27 . 2010-07-10 03:27 303104 c:\windows\ERDNT\7-9-2010\Users\00000002\UsrClass.dat
+ 2010-07-10 03:27 . 2010-07-10 03:26 163328 c:\windows\ERDNT\7-9-2010\ERDNT.EXE
+ 2010-07-10 12:10 . 2010-07-10 12:10 303104 c:\windows\ERDNT\7-10-2010\Users\00000002\UsrClass.dat
+ 2010-07-10 12:10 . 2010-07-10 03:26 163328 c:\windows\ERDNT\7-10-2010\ERDNT.EXE
+ 2010-06-09 08:05 . 2010-06-09 08:05 626688 c:\windows\ASSEMBLY\TEMP\U28EKQW28E\System.Drawing.dll
+ 2010-06-09 08:05 . 2010-06-09 08:05 113664 c:\windows\ASSEMBLY\TEMP\KRX39FLRX3\System.EnterpriseServices.Wrapper.dll
+ 2010-06-09 08:05 . 2010-06-09 08:05 258048 c:\windows\ASSEMBLY\TEMP\KRX39FLRX3\System.EnterpriseServices.dll
+ 2010-06-09 08:05 . 2010-06-09 08:05 261632 c:\windows\ASSEMBLY\TEMP\BIOU06CIOU\System.Transactions.dll
+ 2010-06-09 08:05 . 2010-06-09 08:05 114688 c:\windows\ASSEMBLY\TEMP\AHNTZ5BHNT\System.ServiceProcess.dll
+ 2010-06-09 08:06 . 2010-06-09 08:06 425984 c:\windows\ASSEMBLY\TEMP\5CIOU17DJP\System.configuration.dll
+ 2010-06-09 08:05 . 2010-06-09 08:05 303104 c:\windows\ASSEMBLY\TEMP\07DJPV17DJ\System.Runtime.Remoting.dll
+ 2010-06-24 22:05 . 2010-06-24 22:05 240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-24 22:05 . 2010-06-24 22:05 447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-24 21:59 . 2010-06-24 21:59 368128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-24 22:03 . 2010-06-24 22:03 539648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-24 22:02 . 2010-06-24 22:02 224768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-24 22:03 . 2010-06-24 22:03 258048 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-09 08:06 . 2010-06-09 08:06 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-09 08:06 . 2010-06-09 08:06 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-09 08:06 . 2010-06-09 08:06 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\SYSTEM32\dfshim.dll
+ 2010-06-24 16:54 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23546\System.Windows.Forms.dll
+ 2010-06-24 16:54 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC23546\System.Web.dll
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\458f9.msp
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\41917.msp
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\394bf.msp
+ 2010-07-10 03:27 . 2010-07-10 03:27 6828032 c:\windows\ERDNT\7-9-2010\Users\00000001\ntuser.dat
+ 2010-07-10 12:10 . 2010-07-10 12:10 6828032 c:\windows\ERDNT\7-10-2010\Users\00000001\ntuser.dat
+ 2010-06-09 08:06 . 2010-06-09 08:06 2048000 c:\windows\ASSEMBLY\TEMP\T06CIOU06C\System.XML.dll
+ 2010-06-09 08:06 . 2010-06-09 08:06 3182592 c:\windows\ASSEMBLY\TEMP\QY4AGMSY4A\System.dll
+ 2010-06-09 08:06 . 2010-06-09 08:06 2933248 c:\windows\ASSEMBLY\TEMP\NU06CIOU06\System.Data.dll
+ 2010-06-09 08:05 . 2010-06-09 08:05 5025792 c:\windows\ASSEMBLY\TEMP\IPV17DJPV1\System.Windows.Forms.dll
+ 2010-06-24 21:57 . 2010-06-24 21:57 3325440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-24 22:05 . 2010-06-24 22:05 1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-24 22:05 . 2010-06-24 22:05 1035264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-24 22:04 . 2010-06-24 22:04 2128896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-24 22:04 . 2010-06-24 22:04 1657856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-24 21:55 . 2010-06-24 21:55 1249280 c:\windows\ASSEMBLY\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-09 08:06 . 2010-06-09 08:06 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-09 08:06 . 2010-06-09 08:06 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 21:55 . 2010-06-24 21:55 5279744 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-24 21:52 . 2010-06-24 21:52 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-09 08:06 . 2010-06-09 08:06 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-24 21:55 . 2010-06-24 21:55 4210688 c:\windows\ASSEMBLY\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-08-16 08:05 . 2009-08-16 08:05 4210688 c:\windows\ASSEMBLY\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2010-06-09 08:05 . 2010-06-09 08:05 4546560 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-24 21:51 . 2010-06-24 21:51 4546560 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\41925.msp
+ 2010-06-24 21:57 . 2010-06-24 21:57 12215808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP16F.tmp\PresentationCore.dll
+ 2010-06-24 21:59 . 2010-06-24 21:59 14328320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-24 21:57 . 2010-06-24 21:57 12215808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Coast to Coast AM"="c:\program files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 983040]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2008-09-05 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-11 4112384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=xgusb.cpl

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^AutoMailer.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\AutoMailer.lnk
backup=c:\windows\pss\AutoMailer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Marnell^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LucasArts\\SWKotOR\\swupdate.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LMabcoms.exe"=
"c:\\Program Files\\Lexmark\\ErrorApp\\LMab1err.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [6/12/2010 10:07 PM 218592]
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [7/6/2010 9:41 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [7/6/2010 9:41 PM 173104]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [6/12/2010 10:46 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [6/12/2010 10:46 PM 59664]
R1 bbdd;bbdd;c:\windows\SYSTEM32\bbdd.sys [6/12/2010 7:04 AM 80896]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [7/6/2010 9:41 PM 501888]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [6/12/2010 10:08 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [7/6/2010 9:41 PM 116784]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/12/2010 10:09 PM 112592]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [11/19/2005 4:06 PM 36404]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [7/6/2010 9:40 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/6/2010 9:23 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100709.001\IDSXpx86.sys [7/9/2010 7:19 PM 331640]
R3 iTurns;iTurns;c:\windows\SYSTEM32\DRIVERS\iTurnsDriver.sys [9/16/2008 8:03 AM 5632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 11:05 AM 133104]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\SYSTEM32\DRIVERS\bcgame.sys [7/23/2003 2:16 PM 22821]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\SYSTEM32\DRIVERS\fantom.sys [3/10/2006 3:55 PM 39424]
S3 jbridgep;jbridgep;\??\c:\docume~1\Marnell\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\Marnell\LOCALS~1\Temp\jbridgep.sys [?]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [6/12/2010 10:07 PM 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/12/2010 10:07 PM 366840]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [6/12/2010 10:46 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 vaxscsi;vaxscsi;c:\windows\SYSTEM32\DRIVERS\vaxscsi.sys [8/21/2007 11:07 PM 223128]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [4/8/2006 1:07 PM 685816]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 16:04]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/flash/index.cfm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: dell4me.com\www
Trusted Zone: khow.com\www
Trusted Zone: runescape.com\www
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com\www
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\cdz8ah6t.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Marnell\Application Data\Move Networks\plugins\npqmp071701000008.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_03050024.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 22:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(856)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-07-11 22:12:53
ComboFix-quarantined-files.txt 2010-07-12 03:12
ComboFix2.txt 2010-06-19 16:31

Pre-Run: 26,087,395,328 bytes free
Post-Run: 26,072,301,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=0 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 68727BAA7EAF8DD5C64CA00D888E71B3

Attached Thumbnails

  • Norton_Error_Message.jpg

  • 0

#15
SweetTech
Posted 12 July 2010 - 02:10 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Lets see how things are working after running the following scans below:

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\windows\system32\bbdd.sys

Folder::
c:\documents and settings\Chandler\Application Data\lowsec

Driver::
bbdd

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Running TDSSKiller


Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.


Download TDSSKiller from one of the links below:

Zipped Version or Executable (Not Zipped) Version


Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.


Please ensure that you save the TDSSKiller file to you desktop.


If TDSSKiller asks you to close all programs please allow it to do so.


If you see the following:
To finalize removal of infection and avoid loosing of data program will reboot your PC now.
Close all programs and choose Y to restart or N to continue.

Please enter Y and allow TDSSKiller to reboot your computer.


Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.


Please post the content of the TDSSKiller log.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP