Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

programs stop responding and slow loading

Started by mommagee , Sep 12 2010 09:16 AM

This topic is locked

#1
mommagee

Posted 12 September 2010 - 09:16 AM

Member

Member
122 posts

Please help!
My internet takes forever to load and I'm not able to run all the programs from the steps in the cleaning guide (GMER)..everything stops responding and nothing will open.
I've run virus/malware checks but nothing has come up (except for my D:\ drive which is a "recovery" storage drive that office depot put there when we bought the computer as they didn't have the recovery disks available to us. I'm afraid to delete anything just in case I screw something up).

I've attached what I could. I've done a virus scan from Avast, but I don't know how or where to find the log. It doesn't allow me to save...??
I didn't want to continue with OTL without further instructions. Can someone please help?

Attached Files

mbam-log-2010-09-12 (14-22-23).txt 907bytes 165 downloads

Edited by mommagee, 14 September 2010 - 07:49 AM.

#2
Salagubang

Posted 15 September 2010 - 08:05 PM

Trusted Helper

Malware Removal
3,891 posts

Hi mommagee,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Firstly....

Any other symptoms aside from slow internet loading?

Lets begin.

We need some logs to get bearing.

StepOne

Posted Image

OTL

Download OTL to your Desktop
Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:
netsvcs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32\*.dll /lockedfiles
c:\windows\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

StepTwo

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#3
Essexboy

Posted 21 September 2010 - 01:06 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4
Salagubang

Posted 10 October 2010 - 05:54 AM

Trusted Helper

Malware Removal
3,891 posts

Hi mommagee,

You may go ahead with my last instruction.

Regards

#5
mommagee

Posted 12 October 2010 - 10:05 PM

Member

Topic Starter
Member
122 posts

Thank you so much for reopening my topic

Here is the attachments to your request. I only 1 report from the OTL scan came up, the other report didn't. Did I do something wrong?

Attached Files

RootRepeal.txt 51.92KB 170 downloads
OTL.Txt 96.47KB 159 downloads

#6
Salagubang

Posted 13 October 2010 - 12:05 AM

Trusted Helper

Malware Removal
3,891 posts

Hi mommagee,

I posted the logs for you. You may post your logs next time and not attached them as they're easier to review when posted.

OTL logfile created on: 12/10/2010 2:03:32 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 537.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1437 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 165.41 Gb Free Space | 73.72% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 124.49 Mb Total Space | 71.79 Mb Free Space | 57.67% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Drive K: | 617.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 518.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/05/26 06:24:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

========== Modules (SafeList) ==========

MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/05/26 06:24:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/06/28 14:15:42 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/27 21:23:58 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/17 15:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/17 15:11:06 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/17 15:11:04 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/10/29 20:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 18:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 01:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 21:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://yahoo.ca/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 21:27:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 21:27:06 | 000,000,000 | ---D | M]

[2009/04/19 01:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2010/10/11 18:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions
[2010/06/24 18:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/25 12:48:34 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2010/06/24 18:48:53 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/01/25 12:48:50 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/06/24 18:48:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/24 18:48:58 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/24 18:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/06/24 18:48:57 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/24 13:59:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/24 18:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\[email protected]
[2010/06/24 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\[email protected]
[2010/06/24 18:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\[email protected]
[2010/10/11 18:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 14:51:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/01/11 11:16:18 | 000,000,789 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn...rk.cab56649.cab (StagingUI Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 13:53:34 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/09/09 20:18:32 | 000,000,189 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:18:32 | 000,011,024 | R--- | M] (Her Interactive, Inc.) - K:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:18:33 | 000,052,896 | R--- | M] (Her Interactive, Inc.) - L:\autorun2.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:05:38 | 000,000,046 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{16001009-4b26-11df-b416-0013d3d9d1ea}\Shell - "" = AutoRun
O33 - MountPoints2\{16001009-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16001009-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun\command - "" = K:\autorun.exe [open][2] Setup.exe -- File not found
O33 - MountPoints2\{1600100c-4b26-11df-b416-0013d3d9d1ea}\Shell - "" = AutoRun
O33 - MountPoints2\{1600100c-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1600100c-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun\command - "" = L:\autorun2.exe -- [2009/09/09 20:18:33 | 000,052,896 | R--- | M] (Her Interactive, Inc.)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\VENAutoDisk1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 15:12:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/12 10:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\ComodoGroup
[2010/10/07 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\keyboarding pro
[2010/09/09 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\skypePM
[2010/09/09 19:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skype
[2010/09/09 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/09 19:03:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/09 19:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[17 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/12 14:03:13 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/10/12 13:51:54 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/10/12 11:54:49 | 000,071,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/12 10:25:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/12 10:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 10:24:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/10/12 10:23:48 | 008,599,488 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\IconCache.db
[2010/10/12 10:22:59 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/12 10:02:26 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CIS config
[2010/10/11 23:32:48 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/10/10 22:29:17 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/10 22:04:11 | 014,372,220 | ---- | M] () -- C:\Program Files\Skype.zip
[2010/10/09 23:30:56 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/10/09 21:37:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/09 19:27:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/10/09 19:26:14 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Ares.lnk
[2010/10/09 11:49:17 | 000,128,013 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vso_ts_preview.xml
[2010/10/09 03:04:08 | 000,532,218 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/09 03:04:08 | 000,462,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/09 03:04:08 | 000,080,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/05 23:36:22 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Schedule B2.doc
[2010/10/05 22:32:50 | 000,012,560 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35.1.docx
[2010/10/05 22:29:56 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 8 Application General.doc
[2010/10/03 07:33:56 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 22:47:10 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Log of inconsistent visits.doc
[2010/09/30 09:25:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/09/27 16:32:13 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FALL#2EMAILFORM.doc
[2010/09/27 16:22:30 | 000,555,679 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\KCREGFORMOCT.pdf
[2010/09/20 17:30:09 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35 question 8.doc
[2010/09/16 03:09:06 | 000,000,657 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/09/16 03:08:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/11 11:55:58 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/09 21:15:39 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\pkg_home2_02.gif
[2010/09/09 21:13:37 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FunBrain.com - The Internet's #1 Education Site for K-8 Kids and Teachers.URL
[2010/09/09 20:52:45 | 000,000,039 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/09/09 19:10:03 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 19:03:21 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:02:21 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to Shared Documents.lnk
[2010/09/09 18:30:52 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\support payments.xls
[2010/09/06 22:19:55 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\schedule A.doc
[2010/08/06 22:32:55 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule B.doc
[2010/08/06 22:32:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$rm 35 question 8.doc
[2010/07/19 11:07:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule A.doc
[17 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/12 10:24:49 | 000,071,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/12 10:22:59 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/12 10:02:26 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CIS config
[2010/10/10 22:04:06 | 014,372,220 | ---- | C] () -- C:\Program Files\Skype.zip
[2010/10/09 23:31:17 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/10/09 23:30:56 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/09/30 22:23:21 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Log of inconsistent visits.doc
[2010/09/30 20:22:01 | 000,012,560 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35.1.docx
[2010/09/30 09:25:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/27 16:32:13 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FALL#2EMAILFORM.doc
[2010/09/27 16:22:30 | 000,555,679 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\KCREGFORMOCT.pdf
[2010/09/23 13:26:55 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 8 Application General.doc
[2010/09/23 13:26:54 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Schedule B2.doc
[2010/09/09 21:15:38 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\pkg_home2_02.gif
[2010/09/09 21:13:37 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FunBrain.com - The Internet's #1 Education Site for K-8 Kids and Teachers.URL
[2010/09/09 20:52:45 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/09/09 19:10:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 19:03:21 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:02:20 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to Shared Documents.lnk
[2010/08/11 22:34:03 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/08/06 22:32:55 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule B.doc
[2010/08/06 22:32:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$rm 35 question 8.doc
[2010/08/03 14:57:31 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35 question 8.doc
[2010/07/19 11:07:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule A.doc
[2010/07/17 20:11:10 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\schedule A.doc
[2010/06/16 22:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/06/16 21:52:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2010/05/24 00:37:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/09/04 22:46:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/07/24 17:14:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/07/03 12:04:31 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/03 12:02:43 | 000,001,189 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/07/02 05:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2009/06/29 14:42:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/06/28 15:35:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2009/06/28 15:27:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\KSMT.ini
[2009/06/28 15:25:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2009/06/28 14:15:41 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/03 16:57:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.8.65951.477_XP_Vista_x32.INI
[2009/02/10 23:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/02/01 20:57:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009/01/20 00:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/16 14:45:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/08 17:24:55 | 000,090,624 | ---- | C] () -- C:\WINDOWS\System32\nwgyvpnv.dll
[2009/01/01 00:54:11 | 000,030,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/29 10:58:15 | 000,000,576 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/05/29 10:57:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/04/14 13:46:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2007/02/20 17:38:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2007/01/31 16:49:17 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2007/01/27 20:40:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/01/23 10:51:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/01/23 10:51:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/23 10:43:46 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/01/23 10:42:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/11/30 14:22:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 14:01:04 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/30 13:57:11 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/30 13:57:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/30 13:54:09 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/30 13:50:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 13:46:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/30 13:46:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/30 13:46:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/30 13:46:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/30 13:46:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/30 13:46:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/30 13:39:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/30 13:27:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/30 13:24:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/11/30 13:11:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/30 13:05:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/30 13:05:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/30 13:05:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 16:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 08:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/26 18:51:38 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/03 05:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/03 15:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/05/15 08:21:00 | 000,448,271 | ---- | C] () -- C:\WINDOWS\System32\wmvdmoe.dll

========== LOP Check ==========

[2009/06/28 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/13 14:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/21 23:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/01/19 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/10/09 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/10 14:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/01/03 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/08/22 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/06/06 12:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/12 13:51:54 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< c:\windows\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< c:\windows\system32\drivers\*.sys /lockedfiles >
[2009/06/28 14:15:42 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 88 bytes -> C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL:SummaryInformation
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDAF118C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:703CE963
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E158DDD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5238720
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DA384B0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B73EC53A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8EAE2CC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F292FAC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62722F27
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF063775
< End of report >

#7
Salagubang

Posted 13 October 2010 - 12:05 AM

Trusted Helper

Malware Removal
3,891 posts

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/10/12 23:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: PCI_PNP5990
Image Path: \Driver\PCI_PNP5990
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEEE73000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sphg.sys
Image Path: sphg.sys
Address: 0xF746E000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Mnt\0001001300177F99\0
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Mnt\0001001300177F99\1
Status: Locked to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f907b6

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d26e26

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f8fd66

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d27704

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9102a

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f8fc42

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f930e8

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9346e

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f8f62e

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d27864

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b086

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b0b8

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f8f434

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f91768

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f919be

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f92af8

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b21a

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f8fffe

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d277c8

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9101a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d26f6a

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f902a2

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2715c

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2728e

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f91bcc

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f92020

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b190

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b0fa

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b12c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f92590

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b15e

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f92844

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d26dcc

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d278c4

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f90df2

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f92df0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d2b01e

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f8ff98

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d26d68

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9018e

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d26cbc

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xf1d26d04

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x865d61f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x85e64500 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_CREATE]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_CLOSE]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_READ]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_WRITE]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_CLEANUP]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: UdfsЅ扏煓Ёం汇歮⇨롌Ђఄ䵃‷, IRP_MJ_PNP]
Process: System Address: 0x85e3a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x865d81f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8624c420 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x865671f8 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_CREATE]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_CLOSE]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_POWER]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: aq0zjixoЅ扏煓Ёఄ灐畳疸, IRP_MJ_PNP]
Process: System Address: 0x862d1500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85e82500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85e82500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85e82500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85e82500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85e82500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85e82500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86243500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x85e741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_CREATE]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_CLOSE]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_READ]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_SET_INFORMATION]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_SHUTDOWN]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_CLEANUP]
Process: System Address: 0x856c4500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ浍瑓䰀新 , IRP_MJ_PNP]
Process: System Address: 0x856c4500 Size: 121

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95690

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95f3c

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f957d0

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95df6

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9591c

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95a5c

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95508

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f94550

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f951ae

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95ba2

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f94ef6

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9504a

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f94b80

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9424c

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f9480a

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f949c4

#: 490 Function Name: NtUserRegisterHotKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95cc6

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95312

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f94d88

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95410

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f943dc

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f95f7a

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f96210

#: 559 Function Name: NtUserSystemParametersInfo
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf1f946ee

==EOF==

#8
mommagee

Posted 13 October 2010 - 12:09 PM

Member

Topic Starter
Member
122 posts

Hello,

Okay, not too sure why you posted my files as well... is there something I need to do?

I'll wait to hear back from you.

#9
Salagubang

Posted 13 October 2010 - 01:52 PM

Trusted Helper

Malware Removal
3,891 posts

Hi mommagee,

Step One

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
[2010/06/24 18:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/09 19:10:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/08 17:24:55 | 000,090,624 | ---- | C] () -- C:\WINDOWS\System32\nwgyvpnv.dll

:Services

:Reg

:Files
%SystemRoot%\System32\SYSDLL.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again
Under the "Extras Registry" section, ensure that "Safelist" is selected.
Click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the Licence agreement and click on next
It will by default install it to your desktop folder.Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

#10
mommagee

Posted 14 October 2010 - 11:00 AM

Member

Topic Starter
Member
122 posts

Hello,
I will do the steps as you suggested, however, I would like to mention that I did a full scan using Comodo Internet security and 5 threats came up. Do you have any suggestions?

Heur.Corrupt.PE@-1 C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\downloadtest_F5105T1L1.bin
Heur.Suspicious@107284288 D:\MiniNT\system32\DblRes.exe
Heur.Suspicious@26930383 D:\MiniNT\system32\Restore.exe
Heur.Suspicious@107284288 D:\I386\SYSTEM32\DblRes.exe
Heur.Suspicious@26930383 D:\I386\SYSTEM32\Restore.exe

I'll post my results for the other stuff....

#11
mommagee

Posted 17 October 2010 - 08:18 PM

Member

Topic Starter
Member
122 posts

Okay, here is step 1:

OTL logfile created on: 17/10/2010 10:06:49 PM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1437 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 165.63 Gb Free Space | 73.82% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 617.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 518.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/16 21:27:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/05/26 06:24:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2010/03/11 18:21:10 | 006,553,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO System-Cleaner\CSC.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

========== Modules (SafeList) ==========

MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/26 06:24:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/06/28 14:15:42 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/27 21:23:58 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/17 15:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/17 15:11:06 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/17 15:11:04 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/10/29 20:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 18:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 01:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 21:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://yahoo.ca/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "98.209.245.131"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 21:27:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 21:27:06 | 000,000,000 | ---D | M]

[2009/04/19 01:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2010/10/17 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions
[2010/06/24 18:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/25 12:48:34 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2010/06/24 18:48:53 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/01/25 12:48:50 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/06/24 18:48:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/24 18:48:58 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/24 18:48:57 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/24 13:59:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/24 18:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\[email protected]
[2010/06/24 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\[email protected]
[2010/06/24 18:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\[email protected]
[2010/10/17 13:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 14:51:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/17 21:56:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO System Cleaner Finalize All] C:\Program Files\COMODO\COMODO System-Cleaner\CSC.EXE (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn...rk.cab56649.cab (StagingUI Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 13:53:34 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/09/09 20:18:32 | 000,000,189 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:18:32 | 000,011,024 | R--- | M] (Her Interactive, Inc.) - K:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:18:33 | 000,052,896 | R--- | M] (Her Interactive, Inc.) - L:\autorun2.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:05:38 | 000,000,046 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\VENAutoDisk1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 21:56:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/16 14:46:59 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/10/14 22:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application DataComodoGroup
[2010/10/12 23:44:36 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RootRepeal.exe
[2010/10/12 10:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\ComodoGroup
[2010/10/07 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\keyboarding pro
[2010/09/09 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\skypePM
[2010/09/09 19:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skype
[2010/09/09 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/09 19:03:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/09 19:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[17 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 21:59:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/17 21:59:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 21:58:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/10/17 21:58:55 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/10/17 21:56:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/17 13:51:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/10/17 10:02:56 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/16 23:32:21 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/10/16 14:38:41 | 000,499,731 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\gp.xpi
[2010/10/15 10:45:34 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\2010 Oktoberfest.xls
[2010/10/15 00:27:38 | 009,131,202 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\IconCache.db
[2010/10/15 00:23:08 | 000,128,013 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vso_ts_preview.xml
[2010/10/14 22:56:59 | 000,772,144 | ---- | M] () -- C:\WINDOWS\csdf.dat
[2010/10/14 22:56:59 | 000,426,204 | ---- | M] () -- C:\WINDOWS\csdf_sdum.dat
[2010/10/14 22:56:59 | 000,009,108 | ---- | M] () -- C:\WINDOWS\crpf.bin
[2010/10/14 22:56:59 | 000,006,528 | ---- | M] () -- C:\WINDOWS\crpf_sdum.bin
[2010/10/14 20:54:34 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to CSC.exe.lnk
[2010/10/14 15:03:27 | 000,549,880 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/14 15:03:27 | 000,462,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 15:03:27 | 000,080,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 13:19:35 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 12:57:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 10:04:24 | 000,000,657 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/10/13 01:11:51 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\support payments.xls
[2010/10/13 00:56:37 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Schedule B2.doc
[2010/10/12 23:45:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\settings.dat
[2010/10/12 23:44:36 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RootRepeal.exe
[2010/10/12 11:54:49 | 000,071,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/12 10:22:59 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/12 10:02:26 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CIS config
[2010/10/10 22:29:17 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/10 22:04:11 | 014,372,220 | ---- | M] () -- C:\Program Files\Skype.zip
[2010/10/09 23:30:56 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/10/09 21:37:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/09 19:27:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/10/09 19:26:14 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Ares.lnk
[2010/10/05 22:32:50 | 000,012,560 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35.1.docx
[2010/10/05 22:29:56 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 8 Application General.doc
[2010/09/30 22:47:10 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Log of inconsistent visits.doc
[2010/09/30 09:25:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/09/27 16:32:13 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FALL#2EMAILFORM.doc
[2010/09/27 16:22:30 | 000,555,679 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\KCREGFORMOCT.pdf
[2010/09/20 17:30:09 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35 question 8.doc
[2010/09/09 21:15:39 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\pkg_home2_02.gif
[2010/09/09 21:13:37 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FunBrain.com - The Internet's #1 Education Site for K-8 Kids and Teachers.URL
[2010/09/09 20:52:45 | 000,000,039 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/09/09 19:03:21 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:02:21 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to Shared Documents.lnk
[2010/09/06 22:19:55 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\schedule A.doc
[2010/08/06 22:32:55 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule B.doc
[2010/08/06 22:32:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$rm 35 question 8.doc
[17 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/16 14:38:39 | 000,499,731 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\gp.xpi
[2010/10/14 22:53:30 | 000,772,144 | ---- | C] () -- C:\WINDOWS\csdf.dat
[2010/10/14 22:53:30 | 000,426,204 | ---- | C] () -- C:\WINDOWS\csdf_sdum.dat
[2010/10/14 22:53:30 | 000,009,108 | ---- | C] () -- C:\WINDOWS\crpf.bin
[2010/10/14 22:53:30 | 000,006,528 | ---- | C] () -- C:\WINDOWS\crpf_sdum.bin
[2010/10/14 21:17:51 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\2010 Oktoberfest.xls
[2010/10/14 20:54:34 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to CSC.exe.lnk
[2010/10/12 23:45:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\settings.dat
[2010/10/12 10:24:49 | 000,071,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/12 10:22:59 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/12 10:02:26 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CIS config
[2010/10/10 22:04:06 | 014,372,220 | ---- | C] () -- C:\Program Files\Skype.zip
[2010/10/09 23:31:17 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/10/09 23:30:56 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/09/30 22:23:21 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Log of inconsistent visits.doc
[2010/09/30 20:22:01 | 000,012,560 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35.1.docx
[2010/09/30 09:25:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/27 16:32:13 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FALL#2EMAILFORM.doc
[2010/09/27 16:22:30 | 000,555,679 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\KCREGFORMOCT.pdf
[2010/09/23 13:26:55 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 8 Application General.doc
[2010/09/23 13:26:54 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Schedule B2.doc
[2010/09/09 21:15:38 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\pkg_home2_02.gif
[2010/09/09 21:13:37 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FunBrain.com - The Internet's #1 Education Site for K-8 Kids and Teachers.URL
[2010/09/09 20:52:45 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/09/09 19:03:21 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:02:20 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to Shared Documents.lnk
[2010/08/11 22:34:03 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/08/06 22:32:55 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule B.doc
[2010/08/06 22:32:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$rm 35 question 8.doc
[2010/08/03 14:57:31 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35 question 8.doc
[2010/06/16 22:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/06/16 21:52:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2010/05/24 00:37:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/09/04 22:46:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/07/24 17:14:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/07/03 12:04:31 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/03 12:02:43 | 000,001,189 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/07/02 05:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2009/06/29 14:42:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/06/28 15:35:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2009/06/28 15:27:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\KSMT.ini
[2009/06/28 15:25:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2009/06/28 14:15:41 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/03 16:57:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.8.65951.477_XP_Vista_x32.INI
[2009/02/10 23:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/02/01 20:57:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009/01/20 00:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/16 14:45:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/01 00:54:11 | 000,030,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/29 10:58:15 | 000,000,576 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/05/29 10:57:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/04/14 13:46:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2007/02/20 17:38:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2007/01/31 16:49:17 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2007/01/27 20:40:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/01/23 10:51:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/01/23 10:51:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/23 10:43:46 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/01/23 10:42:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/11/30 14:22:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 14:01:04 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/30 13:57:11 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/30 13:57:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/30 13:54:09 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/30 13:50:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 13:39:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/30 13:27:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/30 13:24:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/11/30 13:11:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/30 13:05:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/30 13:05:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/30 13:05:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 16:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 08:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/26 18:51:38 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/03 05:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/03 15:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/05/15 08:21:00 | 000,448,271 | ---- | C] () -- C:\WINDOWS\System32\wmvdmoe.dll

========== LOP Check ==========

[2009/06/28 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/13 14:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/21 23:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/01/19 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/10/09 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/10 14:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/01/03 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/08/22 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/06/06 12:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/17 13:51:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 88 bytes -> C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL:SummaryInformation
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDAF118C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:703CE963
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E158DDD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5238720
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DA384B0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B73EC53A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8EAE2CC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F292FAC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62722F27
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF063775
< End of report >

#12
mommagee

Posted 18 October 2010 - 07:45 PM

Member

Topic Starter
Member
122 posts

I also did step 2 but didn't quite have the results like you mentioned in your reply.
This is what you wrote in your reply (my answer to it is in red):

* Then click on Scan at the to right hand Corner. (did that)
* It will automatically Neutralize any objects found. (didn't say it neutralized anything)
* If some objects are left un-neutralized then click the button that says Neutralize all (didn't have to)
* If it says it cannot be Neutralized then choose The delete option when prompted. (same as above)
* After that is done click on the reports button at the bottom and save it to file name it Kas. (did not see a report button. The only thing I could click on was when the task was completed (it was highlighted in blue). I've copied/pasted what it told me.
Autoscan: completed 5 hours ago (events: 2, objects: 285014, time: 10:09:35)
17/10/2010 10:47:13 PM Task started
18/10/2010 8:56:48 AM Task completed

Did I do something wrong?
Also, after I rebooted, I was trying to log onto your site and my computer just rebooted but windows never ran.. my computer was on, but nothing was happening. I turned it off with the on/off button (I didn't/couldn't shut it off any other way) and so far it hasn't happened again.

#13
Salagubang

Posted 18 October 2010 - 09:21 PM

Trusted Helper

Malware Removal
3,891 posts

Hi mommagee,

No problem with the 2nd step as it seems like it didn't find anything of concern.

How is your internet doing now. Any faster?

Regards.

#14
mommagee

Posted 18 October 2010 - 09:42 PM

Member

Topic Starter
Member
122 posts

I did manage to save this.. didn't really know if this was the "report" as I never clicked anywhere that said "reports".

Also, I would like to mention that I did a full scan using Comodo Internet security and 5 threats came up. Don't know what this means.

Heur.Corrupt.PE@-1 C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\downloadtest_F5105T1L1.bin
Heur.Suspicious@107284288 D:\MiniNT\system32\DblRes.exe
Heur.Suspicious@26930383 D:\MiniNT\system32\Restore.exe
Heur.Suspicious@107284288 D:\I386\SYSTEM32\DblRes.exe
Heur.Suspicious@26930383 D:\I386\SYSTEM32\Restore.exe

D:/ is called HP_Recovery on my system. When we purchased the cpu at Staples, they told us it had no disks that usually come with a computer, so they installed this D:/ to be used for PC recovery.

And no, my system or internet isn't any faster.. today it just rebooted, but nothing happened... I just had a blank screen, but the power was on. I also received the "blue screen" the other day, so I shut it down (using the on/off button) and it rebooted and functioned again.

#15
mommagee

Posted 18 October 2010 - 10:04 PM

Member

Topic Starter
Member
122 posts

I'm wondering if this bit of info may be the key to my system being so slow?.... back in May 2010 I created a post called: Spyware, Dropper, Backdoor, Trace, Generic trojans found , however, nobody replied to it.

A scan from IObit Security 360 quarantied some trojans(see post) and it's still in quarantine (trojan.trace) as we speak. I forgot about it until now. If you go to my other post, it shows the log... I didn't delete the quarantied files because it's in my D:/ (recovery drive).

Does this help?