Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect virus gone wild

Started by gravitysrainbow , Nov 10 2010 10:49 PM

This topic is locked

#1
gravitysrainbow

Posted 10 November 2010 - 10:49 PM

Member

Member
37 posts

I've got this, in varying levels, on all three of my PCs at home sharing an internet connection (one laptop as a wireless connection). Search engine results redirected and more complex websites (yahoo mail, for instance) either refuse to load or become rerouted. I've tried combating the problem with Webroot Antivirus with Spy Sweeper but it never seems to fully fix the problem, quarantining infected files but with all the problems remaining. One computer seems to have taken a bad reaction to the removal effort, exhibiting behavior it's never done before: freeze-ups, 'blue screens of death', extremely high PF usage/ commit charge in task manager, etc. (I'm particularly puzzled how that computer became infected since when I initially got the virus, it had not been connected to the internet. . . connect to the internet the first time, it has it even worse than the others). Any help or advice would be greatly appreciated.

edit: OTL log included below

Edited by gravitysrainbow, 11 November 2010 - 03:41 AM.

#2
gravitysrainbow

Posted 11 November 2010 - 03:33 AM

Member

Topic Starter
Member
37 posts

I realize the 3 computers thing might be a tall order, so let's just go with the computer I feel needs the most help currently. Here's my OTL log, with an additional "extras" file generated.

OTL logfile created on: 11/11/2010 4:16:22 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Derrick Stuart\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 39.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 23.00% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 4.66 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.95 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 244.41 Gb Free Space | 81.99% Space Free | Partition Type: NTFS

Computer Name: DERRICK | User Name: Derrick Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/11 04:14:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Stuart\My Documents\Downloads\OTL.exe
PRC - [2010/10/27 01:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/26 00:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 15:30:00 | 000,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

========== Modules (SafeList) ==========

MOD - [2010/11/11 04:14:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Stuart\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/01 10:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2009/07/02 07:44:58 | 000,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/06/26 23:50:03 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/17 21:32:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/04/26 00:21:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/04 02:45:11 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/12/07 16:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/13 15:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DERRIC~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/17 13:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2010/06/17 13:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (SSFMONM)
DRV - [2010/06/17 13:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/07/02 07:45:23 | 000,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/26 23:50:53 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/24 16:37:13 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/07/28 16:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/24 21:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/03/05 06:08:36 | 000,079,649 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1009.sys -- (RDID1009)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/04 02:45:11 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/04 02:40:19 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/07 16:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 16:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://supertoolbar....ocale=en_US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/11/07 22:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/03 17:52:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/07 23:09:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 23:09:49 | 000,000,000 | ---D | M]

[2009/03/31 12:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Extensions
[2010/11/07 23:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions
[2009/01/07 14:54:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/02 17:12:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/07 23:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/29 23:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2006/11/24 20:11:08 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/10/16 02:24:36 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2010/11/02 00:12:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 16:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/03 01:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/11/01 23:55:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/01 23:50:36 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/11/01 22:16:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/30 22:27:35 | 000,017,472 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\SsiEfr.exe
[2010/10/30 22:27:22 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2010/10/30 22:27:22 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2010/10/30 22:27:22 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2010/10/30 22:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/30 22:20:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}
[2010/10/30 22:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/30 22:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\PackageAware
[2010/10/30 02:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/20 22:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\AIM
[2010/10/20 22:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/10/20 22:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/10/20 22:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/10/20 22:23:24 | 007,541,896 | ---- | C] (AOL Inc.) -- C:\Documents and Settings\Derrick Stuart\Desktop\Install_AIM.exe
[2008/02/02 22:39:19 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2007/03/02 09:13:41 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/03/02 09:12:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/03/02 09:05:53 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/03/02 09:04:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/03/02 09:02:55 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/03/02 09:00:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/03/02 08:59:32 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/03/02 08:58:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/03/02 08:51:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/03/02 08:51:09 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/03/02 08:47:01 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 23:07:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 23:07:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 23:07:09 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 23:10:33 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 23:10:33 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/06 23:02:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/03 01:43:34 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\Free Window Registry Repair.lnk
[2010/11/01 23:44:47 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/11/01 22:09:16 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/01 05:19:40 | 000,210,244 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\pink.jpg
[2010/11/01 05:07:38 | 000,460,078 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\IMG00071-20101031-0111.jpg
[2010/10/30 22:20:39 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/10/30 02:09:01 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 15:09:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/25 21:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/22 00:21:24 | 000,894,186 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\My Documents\stereolab.rns
[2010/10/20 22:24:28 | 000,000,368 | -H-- | M] () -- C:\IPH.PH
[2010/10/20 22:24:19 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/20 22:24:19 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/10/20 22:23:28 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\Derrick Stuart\Desktop\Install_AIM.exe
[2010/10/19 15:42:40 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\My Documents\albumslistenedto.rtf
[2010/10/14 13:37:16 | 000,335,458 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\me.jpg
[2010/10/14 04:20:16 | 000,006,686 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/14 04:19:52 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\7203A6761B.sys
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 23:10:33 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 23:10:33 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/06 21:56:45 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 01:43:34 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\Free Window Registry Repair.lnk
[2010/11/01 23:56:09 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/11/01 23:56:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/01 23:50:56 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/01 22:09:16 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/01 05:19:56 | 000,210,244 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\pink.jpg
[2010/11/01 05:07:52 | 000,460,078 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\IMG00071-20101031-0111.jpg
[2010/11/01 05:01:07 | 000,335,458 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\me.jpg
[2010/10/30 22:27:35 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/10/30 22:20:39 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/10/20 22:24:19 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/20 22:24:19 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/10/20 22:23:48 | 000,000,368 | -H-- | C] () -- C:\IPH.PH
[2010/10/16 13:02:44 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\My Documents\albumslistenedto.rtf
[2009/11/09 02:51:01 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\FxGoWinFu.dll
[2009/10/10 10:47:23 | 000,000,311 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009/06/29 17:08:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\prvlcl.dat
[2009/01/13 14:56:15 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2009/01/03 17:58:35 | 000,001,935 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2008/10/24 00:29:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/22 22:57:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/20 16:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Musician.INI
[2008/08/13 19:20:20 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/03/27 16:10:37 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2008/02/02 22:47:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2008/02/02 22:47:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2008/02/02 22:47:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2008/02/02 22:47:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/02/02 22:42:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/02/02 22:39:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/02/02 22:36:05 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2007/04/25 21:17:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/08/29 22:22:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/06 22:49:37 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\7203A6761B.sys
[2006/07/04 00:18:21 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JPR.{PB
[2006/07/04 00:18:21 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JCM.{PB
[2006/06/22 23:47:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\fusioncache.dat
[2006/06/12 01:21:51 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 22:48:50 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/24 22:48:50 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\1B76A60372.sys
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2006/05/13 17:53:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/04 02:58:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/04 02:54:11 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/04 02:45:23 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/04 02:15:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/04 02:15:22 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/20 22:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/20 19:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/10 08:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/12/31 19:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2008/03/17 20:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/12/27 19:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/10/20 19:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2006/12/30 03:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/10/22 01:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/11/01 22:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/02/10 19:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/10 10:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/10/15 20:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/10 10:38:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/01/06 23:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/30 22:20:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}
[2006/05/13 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\acccore
[2009/12/27 18:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Antares
[2009/06/05 01:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\AVGTOOLBAR
[2009/12/16 00:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\BitTorrent
[2008/01/19 23:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\ICQ
[2008/02/02 23:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Lexmark Productivity Studio
[2006/12/30 04:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\NetMedia Providers
[2009/12/27 19:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\PACE Anti-Piracy
[2008/10/20 21:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Propellerhead Software
[2007/01/05 16:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Publish Providers
[2009/11/12 00:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\REAPER
[2008/10/20 21:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Sony
[2009/03/08 12:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Steinberg
[2009/10/10 10:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\TuneUp Software
[2007/02/15 11:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Viewpoint

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2006/07/15 01:43:15 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\牀৻
[2006/07/15 01:43:15 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\牀৻

========== Alternate Data Streams ==========

@Alternate Data Stream - 1265 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:j0EFqEFNERj4Z2HOHVjE49d84W
@Alternate Data Stream - 1141 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kUkCCNsrOMXG0rQV3FjXIIKWR
@Alternate Data Stream - 1112 bytes -> C:\Program Files\Outlook Express:ulWDavAVTMCQIdnfN5KZl

< End of report >

OTL Extras logfile created on: 11/11/2010 4:16:22 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Derrick Stuart\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 39.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 23.00% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 4.66 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.95 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 244.41 Gb Free Space | 81.99% Space Free | Partition Type: NTFS

Computer Name: DERRICK | User Name: Derrick Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3259:TCP" = 3259:TCP:*:Enabled:Services
"5018:TCP" = 5018:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4176:TCP" = 4176:TCP:*:Enabled:Services
"6852:TCP" = 6852:TCP:*:Enabled:Services
"2138:TCP" = 2138:TCP:*:Enabled:Services
"1819:TCP" = 1819:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5018:TCP" = 5018:TCP:*:Enabled:Services
"3259:TCP" = 3259:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4176:TCP" = 4176:TCP:*:Enabled:Services
"6852:TCP" = 6852:TCP:*:Enabled:Services
"2138:TCP" = 2138:TCP:*:Enabled:Services
"1819:TCP" = 1819:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor -- (Lexmark)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DD10F763-CDF6-46CD-9254-C8CE5E91B53E}" = Sony Media Manager 2.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Antares Auto-Tune 3.03 DirectX" = Antares Auto-Tune 3.03 DirectX
"ARP2600 V_is1" = ARP2600 V 1.2
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Collab" = Collab
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"ie8" = Windows Internet Explorer 8
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LUXONIX_LFX-1310" = LUXONIX LFX-1310
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"minimoog V_is1" = minimoog V 1.6
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"REAPER" = REAPER
"Reason_is1" = Reason 3.0
"Reason4_is1" = Reason 4.0
"ShockwaveFlash" = Adobe Flash Player 9
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek2" = SoulSeek 157 NS 13c
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"UltraISO_is1" = UltraISO Premium V9.32
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Webroot Software" = Webroot Software
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"XILS 3 DEMO_is1" = XILS 3 DEMO
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2010 12:18:35 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/2/2010 11:55:46 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/6/2010 11:03:45 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x0065120c.

Error - 11/6/2010 11:05:31 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/6/2010 11:05:36 PM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/6/2010 11:18:45 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/6/2010 11:34:52 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/6/2010 11:54:52 PM | Computer Name = DERRICK | Source = Application Error | ID = 1004
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/6/2010 11:56:43 PM | Computer Name = DERRICK | Source = Application Error | ID = 1004
Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Error - 11/7/2010 11:28:29 PM | Computer Name = DERRICK | Source = MsiInstaller | ID = 10005
Description = Product: ABBYY FineReader 6.0 Sprint -- Error 2753. The File 'Sprint.exe'
is not marked for installation.

[ System Events ]
Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/11/2010 12:28:56 AM | Computer Name = DERRICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

< End of report >

Attached Files

OTL.Txt 82.02KB 108 downloads
Extras.Txt 42.88KB 121 downloads

Edited by gravitysrainbow, 11 November 2010 - 03:33 AM.

#3
Essexboy

Posted 11 November 2010 - 10:40 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there my initial thought on this is that your router is the vector for the infection - so lets go for a triple whammy

I would like you to download the following programmes on every system please, updating MBAM on install but not running any of the programmes yet.

If you have any questions before you start please ask

Once you have downloaded the programmes then disconnect all computers from the router, please do the following in order :

1. ROUTER CLEAN

Reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

2. ON ALL SYSTEMS RUN

a)

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

(to be done before router reset)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
(to be done when disconnected)
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

c)

Download OTS to your Desktop and double-click on it to run it

Make sure you close all other programs and don't use the PC while the scan runs.
Select All Users
Under additional scans select the following
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Please attach the log in your next post.

Could you attach all logs zipped together by machine marked system 1, system 2 and system 3. I will then create a fix for each system using the same name/number so remember which is which

#4
gravitysrainbow

Posted 11 November 2010 - 01:33 PM

Member

Topic Starter
Member
37 posts

Thanks for your help. One quick question before I start: when do I reconnect the computers back to the router? I will need it for my internet connection to come back here and post the logs.

#5
Essexboy

Posted 11 November 2010 - 01:54 PM

GeekU Moderator

Retired Staff
69,964 posts

Ooops silly me

Once TDSSKiller and MBAM have run you should then be OK to reconnect. There may be residues but I should be able to get them before they cause any damage

#6
gravitysrainbow

Posted 11 November 2010 - 09:06 PM

Member

Topic Starter
Member
37 posts

SYSTEM 1

TDSSKiller report:
2010/11/11 20:24:39.0281 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/11 20:24:39.0281 ================================================================================
2010/11/11 20:24:39.0281 SystemInfo:
2010/11/11 20:24:39.0281
2010/11/11 20:24:39.0281 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/11 20:24:39.0281 Product type: Workstation
2010/11/11 20:24:39.0281 ComputerName: DERRICK
2010/11/11 20:24:39.0281 UserName: Derrick Stuart
2010/11/11 20:24:39.0281 Windows directory: C:\WINDOWS
2010/11/11 20:24:39.0281 System windows directory: C:\WINDOWS
2010/11/11 20:24:39.0281 Processor architecture: Intel x86
2010/11/11 20:24:39.0281 Number of processors: 1
2010/11/11 20:24:39.0296 Page size: 0x1000
2010/11/11 20:24:39.0296 Boot type: Normal boot
2010/11/11 20:24:39.0296 ================================================================================
2010/11/11 20:24:44.0734 Initialize success
2010/11/11 20:25:05.0796 ================================================================================
2010/11/11 20:25:05.0796 Scan started
2010/11/11 20:25:05.0796 Mode: Manual;
2010/11/11 20:25:05.0796 ================================================================================
2010/11/11 20:25:07.0671 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/11 20:25:07.0953 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 20:25:08.0234 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/11 20:25:08.0593 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/11 20:25:08.0968 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 20:25:09.0171 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 20:25:09.0484 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/11 20:25:09.0796 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/11 20:25:10.0140 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/11 20:25:10.0437 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/11 20:25:10.0750 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/11 20:25:11.0015 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/11 20:25:11.0390 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/11 20:25:11.0640 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/11 20:25:12.0015 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/11 20:25:12.0312 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/11 20:25:12.0640 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/11 20:25:12.0921 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/11 20:25:13.0234 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/11 20:25:13.0484 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 20:25:13.0765 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 20:25:14.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 20:25:14.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 20:25:14.0484 AvgLdx86 (4125d97428941d5b0a04eefaad7296b5) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/11/11 20:25:14.0812 AvgMfx86 (1b76703dced00115d0659ffb1530255a) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/11/11 20:25:15.0156 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/11/11 20:25:15.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 20:25:16.0265 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/11 20:25:16.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 20:25:16.0796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/11 20:25:17.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 20:25:17.0343 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 20:25:17.0640 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 20:25:17.0875 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
2010/11/11 20:25:18.0078 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/11 20:25:18.0406 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/11 20:25:18.0781 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/11 20:25:19.0171 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/11 20:25:19.0484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 20:25:19.0843 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/11/11 20:25:20.0125 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/11 20:25:20.0437 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/11/11 20:25:20.0734 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/11/11 20:25:21.0046 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/11/11 20:25:21.0343 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/11/11 20:25:21.0671 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/11/11 20:25:21.0968 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/11/11 20:25:22.0281 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/11/11 20:25:22.0703 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 20:25:23.0171 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/11 20:25:23.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 20:25:23.0781 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 20:25:24.0093 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/11 20:25:24.0328 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 20:25:24.0593 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/11 20:25:24.0890 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/11 20:25:25.0234 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/11/11 20:25:25.0546 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/11/11 20:25:25.0796 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/11 20:25:26.0140 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 20:25:26.0421 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 20:25:26.0703 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 20:25:26.0968 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 20:25:27.0265 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/11 20:25:27.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 20:25:27.0859 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 20:25:28.0203 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/11 20:25:28.0515 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 20:25:28.0890 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 20:25:29.0218 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/11 20:25:29.0515 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/11 20:25:29.0937 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/11 20:25:30.0312 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 20:25:30.0609 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/11 20:25:30.0859 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/11 20:25:31.0156 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 20:25:31.0453 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/11 20:25:31.0890 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 20:25:32.0234 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/11 20:25:32.0640 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/11 20:25:32.0921 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/11 20:25:33.0250 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/11 20:25:33.0546 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 20:25:33.0843 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 20:25:34.0171 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 20:25:34.0546 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 20:25:34.0796 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 20:25:35.0093 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 20:25:35.0421 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
2010/11/11 20:25:36.0000 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 20:25:36.0718 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/11 20:25:37.0531 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 20:25:37.0953 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 20:25:38.0625 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/11/11 20:25:38.0765 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/11 20:25:39.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 20:25:39.0312 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 20:25:39.0515 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/11 20:25:39.0812 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 20:25:40.0203 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 20:25:40.0468 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 20:25:40.0859 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/11 20:25:41.0109 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 20:25:41.0437 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 20:25:41.0921 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 20:25:42.0187 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 20:25:42.0546 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 20:25:42.0843 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 20:25:43.0125 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 20:25:43.0453 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 20:25:43.0765 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 20:25:44.0078 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 20:25:44.0343 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 20:25:44.0640 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 20:25:44.0859 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 20:25:45.0109 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 20:25:45.0453 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 20:25:45.0781 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 20:25:46.0046 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 20:25:46.0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 20:25:46.0781 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/11 20:25:47.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 20:25:47.0406 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 20:25:47.0750 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 20:25:47.0937 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 20:25:48.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 20:25:48.0343 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 20:25:48.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/11 20:25:49.0031 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/11 20:25:49.0562 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/11 20:25:49.0828 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/11 20:25:50.0156 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/11 20:25:50.0453 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 20:25:50.0765 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 20:25:51.0078 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/11 20:25:51.0453 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/11 20:25:51.0718 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/11 20:25:52.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/11 20:25:52.0296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/11 20:25:52.0562 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/11 20:25:52.0859 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 20:25:53.0140 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 20:25:53.0390 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 20:25:53.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 20:25:53.0921 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 20:25:54.0203 RDID1009 (ab4ac4e2a616769b507265059559bb1c) C:\WINDOWS\system32\Drivers\rdwm1009.sys
2010/11/11 20:25:54.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 20:25:54.0796 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 20:25:55.0078 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 20:25:55.0343 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 20:25:55.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 20:25:55.0921 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/11/11 20:25:56.0421 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 20:25:56.0750 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 20:25:57.0062 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 20:25:57.0437 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/11 20:25:57.0765 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/11 20:25:58.0062 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/11 20:25:58.0390 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 20:25:58.0703 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 20:25:59.0093 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 20:25:59.0437 SSFMONM (362f131c87633c6d021441b835c2cebc) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2010/11/11 20:25:59.0703 SSHRMD (d7e2f6c09300cb295edafcef84a53a5e) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2010/11/11 20:25:59.0984 SSIDRV (de67dd27b8053e4d40a7bd979643bd1c) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2010/11/11 20:26:00.0265 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 20:26:00.0500 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 20:26:00.0765 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/11 20:26:01.0062 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/11 20:26:01.0359 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/11/11 20:26:01.0640 SymSnap (3ce7bf283c3e43d6be0191423482069d) C:\WINDOWS\system32\drivers\SymSnap.sys
2010/11/11 20:26:01.0968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/11 20:26:02.0203 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/11 20:26:02.0484 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 20:26:02.0734 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 20:26:03.0125 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 20:26:03.0328 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 20:26:03.0578 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 20:26:03.0890 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/11 20:26:04.0109 TPkd (2f4e8077febfe11199ee3b011a34cd18) C:\WINDOWS\system32\drivers\TPkd.sys
2010/11/11 20:26:04.0343 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 20:26:04.0671 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/11 20:26:04.0921 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 20:26:05.0281 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/11 20:26:05.0625 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/11 20:26:05.0890 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/11 20:26:06.0109 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/11 20:26:06.0328 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 20:26:06.0609 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/11 20:26:06.0875 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/11 20:26:07.0156 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 20:26:07.0437 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 20:26:07.0718 V2IMount (618796b1d9a98da9cf71b2894ae18ef2) C:\WINDOWS\system32\drivers\V2IMount.sys
2010/11/11 20:26:07.0984 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 20:26:08.0250 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/11 20:26:08.0625 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/11 20:26:09.0062 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 20:26:09.0718 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 20:26:10.0421 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/11 20:26:11.0515 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 20:26:12.0312 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/11 20:26:12.0765 \HardDisk0 - detected Backdoor.Win32.Sinowal.knf (0)
2010/11/11 20:26:13.0156 ================================================================================
2010/11/11 20:26:13.0156 Scan finished
2010/11/11 20:26:13.0156 ================================================================================
2010/11/11 20:26:13.0187 Detected object count: 1
2010/11/11 20:26:26.0109 \HardDisk0 - will be cured after reboot
2010/11/11 20:26:26.0109 Backdoor.Win32.Sinowal.knf(\HardDisk0) - User select action: Cure
2010/11/11 20:26:53.0640 Deinitialize success

Malwarebytes report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/11/2010 8:55:56 PM
mbam-log-2010-11-11 (20-55-56).txt

Scan type: Quick scan
Objects scanned: 131993
Time elapsed: 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTS report:
OTS logfile created on: 11/11/2010 9:04:43 PM - Run 1
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Derrick Stuart\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 4.65 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.95 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 298.09 Gb Total Space | 244.41 Gb Free Space | 81.99% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DERRICK
Current User Name: Derrick Stuart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:05 | 000,642,048 | ---- | M] (OldTimer Tools)
aei.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe -> [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
ssu.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe -> [2010/09/22 12:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/06/26 23:50:54 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
lxddserv.exe -> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe -> [2007/04/26 00:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.)
lxddcoms.exe -> C:\WINDOWS\system32\lxddcoms.exe -> [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( )
viewmgr.exe -> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe -> [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
gearsec.exe -> C:\WINDOWS\system32\gearsec.exe -> [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software)
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2004/12/13 15:30:00 | 000,058,992 | ---- | M] (Symantec Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:05 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(WRConsumerService) Webroot Client Service [Disabled | Stopped] -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/10/01 10:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. )
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running] -> C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(avg8emc) AVG Free8 E-mail Scanner [Disabled | Stopped] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/07/02 07:44:58 | 000,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Disabled | Stopped] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/06/26 23:50:03 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/05/17 21:32:46 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
(lxddCATSCustConnectService) lxddCATSCustConnectService [Auto | Running] -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -> [2007/04/26 00:21:42 | 000,099,248 | ---- | M] ()
(lxdd_device) lxdd_device [Auto | Running] -> C:\WINDOWS\System32\lxddcoms.exe -> [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( )
(DSBrokerService) DSBrokerService [On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 000,076,848 | ---- | M] ()
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
(Symantec Core LC) Symantec Core LC [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2006/05/04 02:45:11 | 000,822,424 | ---- | M] (Symantec Corporation)
(Norton Ghost) Norton Ghost [On_Demand | Stopped] -> C:\Program Files\Norton Ghost\Agent\VProSvc.exe -> [2005/12/07 16:05:34 | 002,066,072 | ---- | M] (Symantec Corporation)
(GEARSecurity) GEARSecurity [Auto | Running] -> C:\WINDOWS\system32\gearsec.exe -> [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2004/12/13 15:30:08 | 000,079,472 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/12/13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation)
(MSSQL$SONY_MEDIAMGR) MSSQL$SONY_MEDIAMGR [On_Demand | Stopped] -> C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -> [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation)
(SQLAgent$SONY_MEDIAMGR) SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped] -> C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -> [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\DERRIC~1\LOCALS~1\Temp\catchme.sys -> File not found
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -> [2010/06/17 13:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSFMONM) Spy Sweeper File System Filter Driver [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\ssfmonm.sys -> [2010/06/17 13:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -> [2010/06/17 13:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(TPkd) TPkd [Kernel | Boot | Running] -> C:\WINDOWS\System32\drivers\TPkd.sys -> [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/07/02 07:45:23 | 000,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/06/26 23:50:53 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/05/24 16:37:13 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mcdbus.sys -> [2008/07/28 16:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.)
(ISODrive) ISO DVD/CD-ROM Device Driver [File_System | System | Running] -> C:\Program Files\UltraISO\drivers\ISODrive.sys -> [2008/05/24 21:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.)
(RDID1009) EDIROL UM-1 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rdwm1009.sys -> [2007/03/05 06:08:36 | 000,079,649 | ---- | M] (Roland Corporation)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2006/05/04 02:45:11 | 000,004,608 | ---- | M] (Symantec Corporation)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2006/05/04 02:40:19 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider)
(SymSnap) SymSnap [File_System | Boot | Running] -> C:\WINDOWS\System32\drivers\SymSnap.sys -> [2005/12/07 16:05:26 | 000,144,880 | ---- | M] (StorageCraft)
(V2IMount) V2IMount [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\V2iMount.sys -> [2005/12/07 16:05:24 | 000,056,240 | ---- | M] (Symantec Corporation)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(CLEDX) Team H2O CLEDX service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\cledx.sys -> [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/06/26 09:36:56 | 001,008,896 | ---- | M] ()
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/06/26 09:36:56 | 001,008,896 | ---- | M] ()
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\CNNSI\\"" -> search.sportsillustrated.cnn.com/pages/search.jsp?query=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Dictionary\\"" -> dictionary.reference.com/search?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Google\\"" -> google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\GoogleGroups\\"" -> groups-beta.google.com/groups?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\GoogleImages\\"" -> images.google.com/images?hl=en&lr=&q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\GoogleNews\\"" -> news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\KB\\"" -> support.microsoft.com/search/default.aspx?query=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\KBDLL\\"" -> support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1 ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Movies\\"" -> fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\MSN\\"" -> search.msn.com/results.asp?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Thesaurus\\"" -> thesaurus.reference.com/search?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Weather\\"" -> weather.com/weather/local/%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Yahoo\\"" -> search.yahoo.com/search?p=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/06/26 09:36:56 | 001,008,896 | ---- | M] ()
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\FireFox\Profiles\yclq893r.default\prefs.js ->
browser.search.defaultengine -> "Ask.com" ->
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.defaulturl -> "http://www.google.co...-8&oe=UTF-8&q=" ->
browser.search.order.1 -> "Ask.com" ->
browser.search.selectedEngine -> "Ask.com" ->
browser.search.useDBForOrder -> true ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
keyword.URL -> "http://supertoolbar....ocale=en_US&q=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\FireFox\Profiles\yclq893r.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG8\Firefox [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2010/11/07 22:30:38 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/07/03 17:52:52 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/07 23:09:52 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/07 23:09:49 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Extensions -> [2009/03/31 12:36:17 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions -> [2010/11/11 04:19:59 | 000,000,000 | ---D | M]
Google Toolbar for Firefox -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/01/07 14:54:07 | 000,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/04/02 17:12:25 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/11/11 04:20:05 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2007/03/29 23:35:42 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/02 00:12:20 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS ->
Reset Hosts
127.0.0.1 localhost
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> C:\Program Files\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [2006/08/09 09:37:44 | 000,184,320 | R--- | M] ()
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/06/26 09:36:56 | 001,008,896 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 000,440,384 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> C:\Program Files\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [2006/08/09 09:37:44 | 000,184,320 | R--- | M] ()
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/06/26 09:36:56 | 001,008,896 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 000,440,384 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2004/12/13 15:30:00 | 000,058,992 | ---- | M] (Symantec Corporation)
"dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 000,016,384 | ---- | M] ( )
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Derrick Stuart Startup Folder > -> C:\Documents and Settings\Derrick Stuart\Start Menu\Programs\Startup ->
< Visitor Startup Folder > -> C:\Documents and Settings\Visitor\Start Menu\Programs\Startup ->
C:\Documents and Settings\Visitor\Start Menu\Programs\Startup\Last.fm Helper.lnk -> C:\Program Files\Last.fm\LastFMHelper.exe -> [2008/01/08 15:23:18 | 000,106,496 | ---- | M] (Last.fm)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"NoCDBurning" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
Yahoo! &Dictionary -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
Yahoo! &Maps -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
Yahoo! &SMS -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_15] ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/06/26 23:50:55 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/04/05 13:18:22 | 000,131,072 | ---- | M] (Intel Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
t fou -> -> File not found
*MultiFile Done* -> ->
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
ecurity Packages settings... -> -> File not found
re -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Lexmark 2500 Series\app4r.exe" -> C:\Program Files\Lexmark 2500 Series\App4R.exe [C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio] -> [2007/05/04 01:38:36 | 000,029,616 | ---- | M] ()
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2010/10/12 18:11:42 | 004,258,136 | ---- | M] (AOL Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/07/02 07:44:58 | 000,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/05/24 16:36:33 | 000,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/07/02 07:43:41 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008/03/19 07:50:40 | 000,587,568 | ---- | M] ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 000,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 16:33:04 | 010,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" -> C:\Program Files\Lexmark 2500 Series\App4R.exe [C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio] -> [2007/05/04 01:38:36 | 000,029,616 | ---- | M] ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" -> C:\Program Files\Lexmark 2500 Series\lxddamon.exe [C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor] -> [2007/03/05 02:40:25 | 000,020,480 | ---- | M] (Lexmark)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" -> C:\Program Files\Lexmark 2500 Series\lxddmon.exe [C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: ] -> [2007/05/04 01:38:34 | 000,291,760 | ---- | M] ()
"C:\Program Files\SoulseekNS\slsk.exe" -> C:\Program Files\SoulseekNS\slsk.exe [C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek] -> [2008/08/02 08:59:20 | 003,461,120 | ---- | M] ()
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2004/08/04 05:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\lxddcoms.exe" -> C:\WINDOWS\System32\lxddcoms.exe [C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System] -> [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddjswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: ] -> [2007/04/26 00:21:37 | 000,398,256 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddpswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: ] -> [2007/04/26 00:21:33 | 000,291,760 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddtime.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: ] -> [2007/04/26 00:21:53 | 000,082,864 | ---- | M] (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddwbgw.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: ] -> [2007/04/26 00:21:57 | 000,140,208 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Classes\<extension>\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004/08/04 05:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [cmd] -> cmd.exe /k "cd %L" -> [2004/08/04 05:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 11/2/2010 12:18:35 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/2/2010 11:55:46 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:03:45 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x0065120c.
Application [ Error ] 11/6/2010 11:05:31 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:05:36 PM Computer Name = DERRICK | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The connection with the server was terminated abnormally
Application [ Error ] 11/6/2010 11:18:45 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:34:52 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:54:52 PM Computer Name = DERRICK | Source = Application Error | ID = 1004 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:56:43 PM Computer Name = DERRICK | Source = Application Error | ID = 1004 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/7/2010 11:28:29 PM Computer Name = DERRICK | Source = MsiInstaller | ID = 10005 -> Description = Product: ABBYY FineReader 6.0 Sprint -- Error 2753. The File 'Sprint.exe' is not marked for installation.
System [ Error ] 11/11/2010 9:02:09 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:02:10 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:02:10 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:29:36 PM Computer Name = DERRICK | Source = SRService | ID = 104 -> Description = The System Restore initialization process failed.
System [ Error ] 11/11/2010 9:31:36 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:31:37 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:31:37 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:31:38 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:31:40 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
System [ Error ] 11/11/2010 9:31:41 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:04 | 000,642,048 | ---- | C] (OldTimer Tools)
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/07 23:08:00 | 008,567,280 | ---- | C] (Mozilla)
RECYCLER -> C:\RECYCLER -> [2010/11/07 16:40:25 | 000,000,000 | -HSD | C]
Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2010/11/03 01:43:32 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/11/01 23:55:58 | 000,000,000 | RHSD | C]
Combo-Fix -> C:\Combo-Fix -> [2010/11/01 23:50:36 | 000,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2010/11/01 22:16:29 | 000,000,000 | ---D | C]
ssidrv.sys -> C:\WINDOWS\System32\drivers\ssidrv.sys -> [2010/10/30 22:27:22 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssfmonm.sys -> C:\WINDOWS\System32\drivers\ssfmonm.sys -> [2010/10/30 22:27:22 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
sshrmd.sys -> C:\WINDOWS\System32\drivers\sshrmd.sys -> [2010/10/30 22:27:22 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/10/30 22:25:23 | 000,000,000 | ---D | C]
{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> [2010/10/30 22:20:21 | 000,000,000 | -H-D | C]
Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [2010/10/30 22:19:25 | 000,000,000 | ---D | C]
PackageAware -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\PackageAware -> [2010/10/30 22:19:21 | 000,000,000 | ---D | C]
STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2010/10/30 02:25:53 | 000,000,000 | ---D | C]
AIM -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\AIM -> [2010/10/20 22:24:23 | 000,000,000 | ---D | C]
AIM -> C:\Documents and Settings\All Users\Application Data\AIM -> [2010/10/20 22:24:22 | 000,000,000 | ---D | C]
AIM -> C:\Program Files\AIM -> [2010/10/20 22:24:08 | 000,000,000 | ---D | C]
Software Update Utility -> C:\Program Files\Common Files\Software Update Utility -> [2010/10/20 22:24:06 | 000,000,000 | ---D | C]
Install_AIM.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\Install_AIM.exe -> [2010/10/20 22:23:24 | 007,541,896 | ---- | C] (AOL Inc.)
LXDDhcp.dll -> C:\WINDOWS\System32\LXDDhcp.dll -> [2008/02/02 22:39:19 | 000,323,584 | ---- | C] ( )
lxddpmui.dll -> C:\WINDOWS\System32\lxddpmui.dll -> [2007/03/02 09:13:41 | 000,643,072 | ---- | C] ( )
lxddserv.dll -> C:\WINDOWS\System32\lxddserv.dll -> [2007/03/02 09:12:21 | 001,232,896 | ---- | C] ( )
lxddcomm.dll -> C:\WINDOWS\System32\lxddcomm.dll -> [2007/03/02 09:05:53 | 000,425,984 | ---- | C] ( )
lxddlmpm.dll -> C:\WINDOWS\System32\lxddlmpm.dll -> [2007/03/02 09:04:14 | 000,585,728 | ---- | C] ( )
lxddiesc.dll -> C:\WINDOWS\System32\lxddiesc.dll -> [2007/03/02 09:02:55 | 000,397,312 | ---- | C] ( )
lxddpplc.dll -> C:\WINDOWS\System32\lxddpplc.dll -> [2007/03/02 09:00:23 | 000,094,208 | ---- | C] ( )
lxddcomc.dll -> C:\WINDOWS\System32\lxddcomc.dll -> [2007/03/02 08:59:32 | 000,684,032 | ---- | C] ( )
lxddprox.dll -> C:\WINDOWS\System32\lxddprox.dll -> [2007/03/02 08:58:58 | 000,163,840 | ---- | C] ( )
lxddinpa.dll -> C:\WINDOWS\System32\lxddinpa.dll -> [2007/03/02 08:51:50 | 000,413,696 | ---- | C] ( )
lxddusb1.dll -> C:\WINDOWS\System32\lxddusb1.dll -> [2007/03/02 08:51:09 | 000,999,424 | ---- | C] ( )
lxddhbn3.dll -> C:\WINDOWS\System32\lxddhbn3.dll -> [2007/03/02 08:47:01 | 000,700,416 | ---- | C] ( )
3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp ->
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp ->

[Files/Folders - Modified Within 30 Days]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/11 20:29:21 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/11 20:29:18 | 266,391,552 | -HS- | M] ()
computerfix1.rtf -> C:\Documents and Settings\Derrick Stuart\Desktop\computerfix1.rtf -> [2010/11/11 19:48:42 | 000,004,068 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:05 | 000,642,048 | ---- | M] (OldTimer Tools)
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 19:46:14 | 000,000,696 | ---- | M] ()
tdsskiller.zip -> C:\Documents and Settings\Derrick Stuart\Desktop\tdsskiller.zip -> [2010/11/11 19:42:50 | 001,215,581 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/11/11 16:09:07 | 000,000,284 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/10 23:07:20 | 000,002,206 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,620 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,602 | ---- | M] ()
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/07 23:07:44 | 008,567,280 | ---- | M] (Mozilla)
boot.ini -> C:\boot.ini -> [2010/11/06 23:02:07 | 000,000,327 | RHS- | M] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\Derrick Stuart\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:43:34 | 000,000,718 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 23:44:47 | 000,000,210 | ---- | M] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/01 22:09:16 | 000,000,240 | ---- | M] ()
pink.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\pink.jpg -> [2010/11/01 05:19:40 | 000,210,244 | ---- | M] ()
IMG00071-20101031-0111.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\IMG00071-20101031-0111.jpg -> [2010/11/01 05:07:38 | 000,460,078 | ---- | M] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/30 22:20:39 | 000,001,968 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/10/30 02:09:01 | 000,049,664 | ---- | M] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/10/25 21:16:10 | 000,079,872 | ---- | M] ()
stereolab.rns -> C:\Documents and Settings\Derrick Stuart\My Documents\stereolab.rns -> [2010/10/22 00:21:24 | 000,894,186 | ---- | M] ()
IPH.PH -> C:\IPH.PH -> [2010/10/20 22:24:28 | 000,000,368 | -H-- | M] ()
AIM.lnk -> C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk -> [2010/10/20 22:24:19 | 000,001,594 | ---- | M] ()
AIM.lnk -> C:\Documents and Settings\All Users\Desktop\AIM.lnk -> [2010/10/20 22:24:19 | 000,001,576 | ---- | M] ()
Install_AIM.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\Install_AIM.exe -> [2010/10/20 22:23:28 | 007,541,896 | ---- | M] (AOL Inc.)
albumslistenedto.rtf -> C:\Documents and Settings\Derrick Stuart\My Documents\albumslistenedto.rtf -> [2010/10/19 15:42:40 | 000,001,666 | ---- | M] ()
me.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\me.jpg -> [2010/10/14 13:37:16 | 000,335,458 | ---- | M] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2010/10/14 04:20:16 | 000,006,686 | -HS- | M] ()
7203A6761B.sys -> C:\WINDOWS\System32\7203A6761B.sys -> [2010/10/14 04:19:52 | 000,000,104 | RHS- | M] ()
3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp ->
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp ->

[Files - No Company Name]
computerfix1.rtf -> C:\Documents and Settings\Derrick Stuart\Desktop\computerfix1.rtf -> [2010/11/11 19:48:42 | 000,004,068 | ---- | C] ()
tdsskiller.zip -> C:\Documents and Settings\Derrick Stuart\Desktop\tdsskiller.zip -> [2010/11/11 19:42:52 | 001,215,581 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,620 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,602 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/06 21:56:45 | 266,391,552 | -HS- | C] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\Derrick Stuart\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:43:34 | 000,000,718 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 23:56:09 | 000,000,210 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/11/01 23:56:01 | 000,260,272 | RHS- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/01 23:50:56 | 000,079,872 | ---- | C] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/01 22:09:16 | 000,000,240 | ---- | C] ()
pink.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\pink.jpg -> [2010/11/01 05:19:56 | 000,210,244 | ---- | C] ()
IMG00071-20101031-0111.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\IMG00071-20101031-0111.jpg -> [2010/11/01 05:07:52 | 000,460,078 | ---- | C] ()
me.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\me.jpg -> [2010/11/01 05:01:07 | 000,335,458 | ---- | C] ()
wrLZMA.dll -> C:\WINDOWS\System32\wrLZMA.dll -> [2010/10/30 22:27:35 | 000,030,424 | ---- | C] ()
SsiEfr.exe -> C:\WINDOWS\System32\SsiEfr.exe -> [2010/10/30 22:27:35 | 000,017,472 | ---- | C] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/30 22:20:39 | 000,001,968 | ---- | C] ()
AIM.lnk -> C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk -> [2010/10/20 22:24:19 | 000,001,594 | ---- | C] ()
AIM.lnk -> C:\Documents and Settings\All Users\Desktop\AIM.lnk -> [2010/10/20 22:24:19 | 000,001,576 | ---- | C] ()
IPH.PH -> C:\IPH.PH -> [2010/10/20 22:23:48 | 000,000,368 | -H-- | C] ()
albumslistenedto.rtf -> C:\Documents and Settings\Derrick Stuart\My Documents\albumslistenedto.rtf -> [2010/10/16 13:02:44 | 000,001,666 | ---- | C] ()
FxGoWinFu.dll -> C:\WINDOWS\System32\FxGoWinFu.dll -> [2009/11/09 02:51:01 | 000,172,032 | ---- | C] ()
WINCMD.INI -> C:\WINDOWS\WINCMD.INI -> [2009/10/10 10:47:23 | 000,000,311 | ---- | C] ()
prvlcl.dat -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\prvlcl.dat -> [2009/06/29 17:08:59 | 000,000,000 | ---- | C] ()
RdCi1009.dll -> C:\WINDOWS\System32\RdCi1009.dll -> [2009/01/13 14:56:15 | 000,010,886 | ---- | C] ()
tabled32.ini -> C:\WINDOWS\tabled32.ini -> [2009/01/03 17:58:35 | 000,001,935 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/10/24 00:29:17 | 000,000,002 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2008/10/22 22:57:47 | 000,001,755 | ---- | C] ()
Musician.INI -> C:\WINDOWS\Musician.INI -> [2008/10/20 16:20:02 | 000,000,054 | ---- | C] ()
CIV.INI -> C:\WINDOWS\CIV.INI -> [2008/08/13 19:20:20 | 000,000,091 | ---- | C] ()
ArtFfct.dll -> C:\WINDOWS\System32\ArtFfct.dll -> [2008/03/27 16:10:37 | 000,163,840 | ---- | C] ()
LXF3FXPU.DLL -> C:\WINDOWS\System32\LXF3FXPU.DLL -> [2008/02/02 22:47:10 | 000,032,768 | ---- | C] ()
LXF3PMON.DLL -> C:\WINDOWS\System32\LXF3PMON.DLL -> [2008/02/02 22:47:09 | 000,045,056 | ---- | C] ()
lxf3oem.dll -> C:\WINDOWS\System32\lxf3oem.dll -> [2008/02/02 22:47:06 | 000,036,864 | ---- | C] ()
LXF3PMRC.DLL -> C:\WINDOWS\System32\LXF3PMRC.DLL -> [2008/02/02 22:47:06 | 000,012,288 | ---- | C] ()
lxddrwrd.ini -> C:\WINDOWS\System32\lxddrwrd.ini -> [2008/02/02 22:42:07 | 000,000,044 | ---- | C] ()
LXDDinst.dll -> C:\WINDOWS\System32\LXDDinst.dll -> [2008/02/02 22:39:20 | 000,286,720 | ---- | C] ()
lxddcoin.dll -> C:\WINDOWS\System32\lxddcoin.dll -> [2008/02/02 22:36:05 | 000,344,064 | R--- | C] ()
lxddgrd.dll -> C:\WINDOWS\System32\lxddgrd.dll -> [2007/04/25 21:17:09 | 000,208,896 | ---- | C] ()
lxddcaps.dll -> C:\WINDOWS\System32\lxddcaps.dll -> [2007/01/23 13:40:03 | 000,065,536 | ---- | C] ()
lxdddrs.dll -> C:\WINDOWS\System32\lxdddrs.dll -> [2007/01/09 11:13:08 | 000,692,224 | ---- | C] ()
lxddcnv4.dll -> C:\WINDOWS\System32\lxddcnv4.dll -> [2006/10/06 12:08:04 | 000,069,632 | ---- | C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2006/08/29 22:22:44 | 000,000,754 | ---- | C] ()
7203A6761B.sys -> C:\WINDOWS\System32\7203A6761B.sys -> [2006/07/06 22:49:37 | 000,000,104 | RHS- | C] ()
PFP120JPR.{PB -> C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JPR.{PB -> [2006/07/04 00:18:21 | 000,061,678 | ---- | C] ()
PFP120JCM.{PB -> C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JCM.{PB -> [2006/07/04 00:18:21 | 000,012,358 | ---- | C] ()
fusioncache.dat -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\fusioncache.dat -> [2006/06/22 23:47:10 | 000,000,137 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/06/12 01:21:51 | 000,049,664 | ---- | C] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2006/05/24 22:48:50 | 000,006,686 | -HS- | C] ()
1B76A60372.sys -> C:\WINDOWS\System32\1B76A60372.sys -> [2006/05/24 22:48:50 | 000,000,088 | RHS- | C] ()
lxddvs.dll -> C:\WINDOWS\System32\lxddvs.dll -> [2006/05/17 21:47:12 | 000,040,960 | ---- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/05/13 17:53:29 | 000,000,028 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/04 02:58:20 | 000,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/05/04 02:54:11 | 000,000,126 | ---- | C] ()
DellSystemRestore.dll -> C:\WINDOWS\System32\DellSystemRestore.dll -> [2006/05/04 02:45:23 | 000,712,704 | ---- | C] ()
e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2006/05/04 02:15:22 | 000,012,288 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/05/04 02:15:22 | 000,000,392 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/10 08:56:34 | 000,000,000 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()

[File - Lop Check]
AIM -> C:\Documents and Settings\All Users\Application Data\AIM -> [2010/10/20 22:24:22 | 000,000,000 | ---D | M]
AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2009/10/20 19:53:05 | 000,000,000 | ---D | M]
Geek Squad -> C:\Documents and Settings\All Users\Application Data\Geek Squad -> [2009/10/10 08:46:29 | 000,000,000 | ---D | M]
IK Multimedia -> C:\Documents and Settings\All Users\Application Data\IK Multimedia -> [2008/12/31 19:44:34 | 000,000,000 | ---D | M]
Last.fm -> C:\Documents and Settings\All Users\Application Data\Last.fm -> [2008/03/17 20:14:52 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy -> [2009/12/27 19:00:34 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\All Users\Application Data\Propellerhead Software -> [2008/10/20 19:09:25 | 000,000,000 | ---D | M]
Sony -> C:\Documents and Settings\All Users\Application Data\Sony -> [2006/12/30 03:34:21 | 000,000,000 | ---D | M]
Soulseek -> C:\Documents and Settings\All Users\Application Data\Soulseek -> [2010/10/22 01:33:57 | 000,000,000 | ---D | M]
STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2010/11/01 22:16:42 | 000,000,000 | ---D | M]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft -> [2008/02/10 19:55:29 | 000,000,000 | ---D | M]
TuneUp Software -> C:\Documents and Settings\All Users\Application Data\TuneUp Software -> [2009/10/10 10:39:47 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/10/15 20:19:45 | 000,000,000 | ---D | M]
{55A29068-F2CE-456C-9148-C869879E2357} -> C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} -> [2009/10/10 10:38:59 | 000,000,000 | -HSD | M]
{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/01/06 23:06:18 | 000,000,000 | ---D | M]
{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> [2010/10/30 22:20:51 | 000,000,000 | -H-D | M]
acccore -> C:\Documents and Settings\Derrick Stuart\Application Data\acccore -> [2006/05/13 18:02:36 | 000,000,000 | ---D | M]
Antares -> C:\Documents and Settings\Derrick Stuart\Application Data\Antares -> [2009/12/27 18:38:37 | 000,000,000 | ---D | M]
AVGTOOLBAR -> C:\Documents and Settings\Derrick Stuart\Application Data\AVGTOOLBAR -> [2009/06/05 01:33:54 | 000,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\Derrick Stuart\Application Data\BitTorrent -> [2009/12/16 00:11:01 | 000,000,000 | ---D | M]
ICQ -> C:\Documents and Settings\Derrick Stuart\Application Data\ICQ -> [2008/01/19 23:21:07 | 000,000,000 | ---D | M]
Lexmark Productivity Studio -> C:\Documents and Settings\Derrick Stuart\Application Data\Lexmark Productivity Studio -> [2008/02/02 23:01:06 | 000,000,000 | ---D | M]
NetMedia Providers -> C:\Documents and Settings\Derrick Stuart\Application Data\NetMedia Providers -> [2006/12/30 04:02:08 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\Derrick Stuart\Application Data\PACE Anti-Piracy -> [2009/12/27 19:00:34 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\Derrick Stuart\Application Data\Propellerhead Software -> [2008/10/20 21:59:24 | 000,000,000 | ---D | M]
Publish Providers -> C:\Documents and Settings\Derrick Stuart\Application Data\Publish Providers -> [2007/01/05 16:18:24 | 000,000,000 | ---D | M]
REAPER -> C:\Documents and Settings\Derrick Stuart\Application Data\REAPER -> [2009/11/12 00:09:57 | 000,000,000 | ---D | M]
Sony -> C:\Documents and Settings\Derrick Stuart\Application Data\Sony -> [2008/10/20 21:06:45 | 000,000,000 | ---D | M]
Steinberg -> C:\Documents and Settings\Derrick Stuart\Application Data\Steinberg -> [2009/03/08 12:07:34 | 000,000,000 | ---D | M]
TuneUp Software -> C:\Documents and Settings\Derrick Stuart\Application Data\TuneUp Software -> [2009/10/10 10:40:59 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\Derrick Stuart\Application Data\Viewpoint -> [2007/02/15 11:21:23 | 000,000,000 | ---D | M]
AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR -> [2009/06/26 23:53:07 | 000,000,000 | ---D | M]
Beanbag Studios -> C:\Documents and Settings\Visitor\Application Data\Beanbag Studios -> [2009/08/09 17:21:41 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\Visitor\Application Data\Propellerhead Software -> [2009/08/09 23:37:12 | 000,000,000 | ---D | M]

[File - Purity Scan]

[Files/Folders - Unicode - All]
C:\WINDOWS\System32\?? -> C:\WINDOWS\System32\牀৻ -> [2006/07/15 01:43:15 | 000,000,000 | ---D | C]
C:\WINDOWS\System32\?? -> C:\WINDOWS\System32\牀৻ -> [2006/07/15 01:43:15 | 000,000,000 | ---D | M]

[Alternate Data Streams]
@Alternate Data Stream - 1112 bytes -> C:\Program Files\Outlook Express:ulWDavAVTMCQIdnfN5KZl
@Alternate Data Stream - 1141 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kUkCCNsrOMXG0rQV3FjXIIKWR
@Alternate Data Stream - 1265 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:j0EFqEFNERj4Z2HOHVjE49d84W
< End of report >

#7
gravitysrainbow

Posted 11 November 2010 - 09:16 PM

Member

Topic Starter
Member
37 posts

SYSTEM 2:
(note: this is the PC directly connected to the modem and router)

TDSSKiller report:
2010/11/11 20:12:44.0562 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/11 20:12:44.0562 ================================================================================
2010/11/11 20:12:44.0562 SystemInfo:
2010/11/11 20:12:44.0562
2010/11/11 20:12:44.0562 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/11 20:12:44.0562 Product type: Workstation
2010/11/11 20:12:44.0562 ComputerName: PERSONALPC1
2010/11/11 20:12:44.0562 UserName: Lori
2010/11/11 20:12:44.0562 Windows directory: C:\WINDOWS
2010/11/11 20:12:44.0562 System windows directory: C:\WINDOWS
2010/11/11 20:12:44.0562 Processor architecture: Intel x86
2010/11/11 20:12:44.0562 Number of processors: 1
2010/11/11 20:12:44.0562 Page size: 0x1000
2010/11/11 20:12:44.0562 Boot type: Normal boot
2010/11/11 20:12:44.0562 ================================================================================
2010/11/11 20:12:45.0406 Initialize success
2010/11/11 20:13:24.0281 ================================================================================
2010/11/11 20:13:24.0281 Scan started
2010/11/11 20:13:24.0281 Mode: Manual;
2010/11/11 20:13:24.0281 ================================================================================
2010/11/11 20:13:25.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 20:13:25.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/11 20:13:25.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 20:13:25.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 20:13:25.0906 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/11 20:13:26.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 20:13:26.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 20:13:26.0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 20:13:26.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 20:13:26.0671 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 20:13:26.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 20:13:27.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 20:13:27.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 20:13:27.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 20:13:27.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 20:13:27.0734 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 20:13:27.0812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/11 20:13:27.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 20:13:27.0968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 20:13:28.0125 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 20:13:28.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 20:13:28.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 20:13:28.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 20:13:28.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 20:13:28.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/11 20:13:28.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 20:13:28.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 20:13:28.0734 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 20:13:28.0843 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 20:13:29.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 20:13:29.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 20:13:29.0312 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/11 20:13:29.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 20:13:29.0578 IntelC51 (874db5e07fe2a7f1b22f7c760736f6f4) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2010/11/11 20:13:29.0687 IntelC52 (4c0f190119ebc5ce728c9d060d8ae3e7) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2010/11/11 20:13:29.0812 IntelC53 (85b36bc9e8fa579c64de88ffececce6c) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2010/11/11 20:13:29.0890 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/11 20:13:29.0937 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/11 20:13:30.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/11 20:13:30.0078 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 20:13:30.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 20:13:30.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 20:13:30.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 20:13:30.0390 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 20:13:30.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 20:13:30.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 20:13:30.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/11 20:13:30.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 20:13:30.0734 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 20:13:30.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 20:13:31.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 20:13:31.0109 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/11 20:13:31.0171 mohfilt (f2cc6273e7de087dc0fd701f753461ca) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2010/11/11 20:13:31.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 20:13:31.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 20:13:31.0390 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 20:13:31.0515 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 20:13:31.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 20:13:31.0687 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 20:13:31.0781 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 20:13:31.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 20:13:31.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 20:13:31.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 20:13:32.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 20:13:32.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 20:13:32.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 20:13:32.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 20:13:32.0265 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 20:13:32.0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 20:13:32.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 20:13:32.0453 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 20:13:32.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 20:13:32.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 20:13:32.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 20:13:32.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 20:13:32.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 20:13:32.0921 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 20:13:33.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 20:13:33.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 20:13:33.0109 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 20:13:33.0218 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/11/11 20:13:33.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/11 20:13:33.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/11 20:13:33.0703 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 20:13:33.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 20:13:34.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 20:13:34.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 20:13:34.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 20:13:34.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 20:13:34.0359 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 20:13:34.0406 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 20:13:34.0468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 20:13:34.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 20:13:34.0656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 20:13:34.0812 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/11 20:13:34.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 20:13:35.0000 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 20:13:35.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 20:13:35.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 20:13:35.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 20:13:35.0406 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 20:13:35.0531 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 20:13:35.0609 SSFMONM (362f131c87633c6d021441b835c2cebc) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2010/11/11 20:13:35.0671 SSHRMD (d7e2f6c09300cb295edafcef84a53a5e) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2010/11/11 20:13:35.0750 SSIDRV (de67dd27b8053e4d40a7bd979643bd1c) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2010/11/11 20:13:35.0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 20:13:35.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 20:13:36.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 20:13:36.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 20:13:36.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 20:13:36.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 20:13:36.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 20:13:36.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 20:13:36.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 20:13:36.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/11 20:13:36.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/11 20:13:37.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 20:13:37.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 20:13:37.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 20:13:37.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 20:13:37.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 20:13:37.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 20:13:37.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 20:13:37.0843 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/11/11 20:13:37.0937 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/11/11 20:13:38.0359 ================================================================================
2010/11/11 20:13:38.0359 Scan finished
2010/11/11 20:13:38.0359 ================================================================================

Malwarebytes Report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/11/2010 8:23:21 PM
mbam-log-2010-11-11 (20-23-21).txt

Scan type: Quick scan
Objects scanned: 125477
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTS report:
OTS logfile created on: 11/11/2010 8:43:56 PM - Run 1
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 352.00 Mb Available Physical Memory | 69.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 139.70 Gb Free Space | 91.52% Space Free | Partition Type: NTFS
Drive D: | 167.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 37.27 Gb Total Space | 13.40 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PERSONALPC1
Current User Name: Lori
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:22 | 000,642,048 | ---- | M] (OldTimer Tools)
wrconsumerservice.exe -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/24 19:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. )
aei.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe -> [2010/06/17 13:49:06 | 003,857,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
ssu.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe -> [2010/06/17 13:48:58 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
jucheck.exe -> C:\Program Files\Common Files\Java\Java Update\jucheck.exe -> [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> [2003/06/10 05:12:28 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:22 | 000,642,048 | ---- | M] (OldTimer Tools)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AVG Security Toolbar Service) AVG Security Toolbar Service [On_Demand | Stopped] -> -> File not found
(WRConsumerService) Webroot Client Service [Auto | Running] -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/24 19:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. )
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running] -> C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/06/17 13:49:06 | 003,857,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com))

[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\Lori\LOCALS~1\Temp\catchme.sys -> File not found
(IntelC52) IntelC52 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC52.sys -> [2010/06/30 19:42:45 | 000,659,065 | R--- | M] (Intel Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC53.sys -> [2010/06/30 19:42:45 | 000,061,541 | R--- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mohfilt.sys -> [2010/06/30 19:42:45 | 000,036,984 | R--- | M] (Intel Corporation)
(IntelC51) IntelC51 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC51.sys -> [2010/06/30 19:42:42 | 001,313,509 | R--- | M] (Intel Corporation)
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -> [2010/06/17 13:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSFMONM) Spy Sweeper File System Filter Driver [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\ssfmonm.sys -> [2010/06/17 13:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -> [2010/06/17 13:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/06/19 01:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Lori\Application Data\Mozilla\FireFox\Profiles\g6hfyf7l.default\prefs.js ->
browser.search.defaultenginename -> "AVG Secure Search" ->
browser.search.selectedEngine -> "AVG Secure Search" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:3.9.1.14019 ->
extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 ->
network.proxy.type -> 0 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Lori\Application Data\Mozilla\FireFox\Profiles\g6hfyf7l.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/10/28 20:43:24 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/10/27 19:34:21 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Lori\Application Data\Mozilla\Extensions -> [2010/07/11 20:05:54 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions -> [2010/11/11 07:42:43 | 000,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/07/28 00:21:25 | 000,000,000 | ---D | M]
Zynga Toolbar -> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2010/09/23 20:28:31 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\[email protected] -> [2010/10/19 06:08:26 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/11/11 07:42:42 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/07/28 00:20:56 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/01 18:47:59 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SoundMan" -> C:\WINDOWS\SOUNDMAN.EXE ["SOUNDMAN.EXE"] -> [2003/06/10 05:12:28 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.)
"WebrootTrayApp" -> C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe ["C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"] -> [2010/06/24 19:20:52 | 001,259,120 | ---- | M] (Webroot Software, Inc. )
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent] -> [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Lori Startup Folder > -> C:\Documents and Settings\Lori\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.micros...b?1278074999512 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.mi...b?1278075327406 [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_20] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.m...ash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Key error.] ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/04/06 10:06:48 | 000,315,392 | ---- | M] (Intel Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
indows.common-controls_6595b641 -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2010/04/12 20:18:34 | 000,655,160 | ---- | M] (BitTorrent, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/06/30 19:01:21 | 000,000,000 | ---- | M] ()
D:\AUTORUN.INF [[autorun] | OPEN=install.exe | ICON=installer.ico | ] -> D:\AUTORUN.INF [ UDF ] -> [2010/06/23 14:19:29 | 000,000,049 | R--- | M] ()
E:\AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ NTFS ] -> [2003/11/20 20:05:59 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/27/2010 9:09:32 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established
Application [ Error ] 10/27/2010 9:09:32 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 9:09:35 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 9:09:35 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 9:09:35 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 9:09:35 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 10:41:12 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established
Application [ Error ] 10/27/2010 10:41:12 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 10:41:16 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
Application [ Error ] 10/27/2010 10:41:16 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.
System [ Error ] 11/6/2010 8:11:39 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver.
System [ Error ] 11/6/2010 8:11:39 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
System [ Error ] 11/6/2010 8:16:39 PM Computer Name = PERSONALPC1 | Source = DCOM | ID = 10010 -> Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
System [ Error ] 11/6/2010 8:19:29 PM Computer Name = PERSONALPC1 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056
System [ Error ] 11/6/2010 8:21:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver.
System [ Error ] 11/6/2010 8:21:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
System [ Error ] 11/6/2010 8:24:05 PM Computer Name = PERSONALPC1 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056
System [ Error ] 11/6/2010 8:30:39 PM Computer Name = PERSONALPC1 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056
System [ Error ] 11/6/2010 8:32:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver.
System [ Error ] 11/6/2010 8:32:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

[Files/Folders - Created Within 30 Days]
tdsskiller -> C:\Documents and Settings\Lori\Desktop\tdsskiller -> [2010/11/11 20:12:24 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Lori\Application Data\Malwarebytes -> [2010/11/11 20:08:33 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/11 20:08:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/11/11 20:08:09 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/11 20:08:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/11/11 20:08:07 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:21 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup-1.46.exe -> C:\Documents and Settings\Lori\Desktop\mbam-setup-1.46.exe -> [2010/11/11 20:06:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
temp -> C:\WINDOWS\temp -> [2010/11/07 15:42:51 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/11/07 15:36:20 | 000,000,000 | RHSD | C]
Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2010/11/07 15:18:18 | 000,000,000 | ---D | C]
Combo-Fix -> C:\Combo-Fix -> [2010/11/07 13:06:47 | 000,000,000 | ---D | C]
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/06 21:13:18 | 000,031,232 | ---- | C] (NirSoft)
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/06 21:13:17 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/06 21:13:17 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/06 21:13:17 | 000,136,704 | ---- | C] (SteelWerX)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/11/06 21:12:58 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/11/06 21:12:21 | 000,000,000 | ---D | C]
CSC -> C:\WINDOWS\CSC -> [2010/11/06 20:55:04 | 000,000,000 | -HSD | C]
pss -> C:\WINDOWS\pss -> [2010/11/06 19:09:21 | 000,000,000 | ---D | C]
ssidrv.sys -> C:\WINDOWS\System32\drivers\ssidrv.sys -> [2010/11/01 18:45:10 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssfmonm.sys -> C:\WINDOWS\System32\drivers\ssfmonm.sys -> [2010/11/01 18:45:10 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
sshrmd.sys -> C:\WINDOWS\System32\drivers\sshrmd.sys -> [2010/11/01 18:45:10 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/11/01 18:44:03 | 000,000,000 | ---D | C]
Webroot -> C:\Program Files\Webroot -> [2010/11/01 18:40:42 | 000,000,000 | ---D | C]
{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/11/01 18:40:31 | 000,000,000 | -H-D | C]
Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [2010/11/01 18:39:58 | 000,000,000 | ---D | C]
PackageAware -> C:\Documents and Settings\Lori\Local Settings\Application Data\PackageAware -> [2010/11/01 18:39:53 | 000,000,000 | ---D | C]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
popmartkmart1.JPG -> C:\Documents and Settings\Lori\My Documents\popmartkmart1.JPG -> [2034/05/22 18:03:26 | 000,065,536 | ---- | M] ()
popmartkmart2.JPG -> C:\Documents and Settings\Lori\My Documents\popmartkmart2.JPG -> [2034/05/22 18:02:56 | 000,065,536 | ---- | M] ()
washingtonsqpark.JPG -> C:\Documents and Settings\Lori\My Documents\washingtonsqpark.JPG -> [2034/05/22 17:55:58 | 000,065,536 | ---- | M] ()
richard.JPG -> C:\Documents and Settings\Lori\My Documents\richard.JPG -> [2034/05/20 22:08:38 | 000,065,536 | ---- | M] ()
midtownfromrcihards.JPG -> C:\Documents and Settings\Lori\My Documents\midtownfromrcihards.JPG -> [2034/05/20 17:56:30 | 000,065,536 | ---- | M] ()
downtownfromrichard's.JPG -> C:\Documents and Settings\Lori\My Documents\downtownfromrichard's.JPG -> [2034/05/20 17:56:24 | 000,065,536 | ---- | M] ()
empirestate.JPG -> C:\Documents and Settings\Lori\My Documents\empirestate.JPG -> [2034/05/20 16:10:28 | 000,065,536 | ---- | M] ()
nynj.JPG -> C:\Documents and Settings\Lori\My Documents\nynj.JPG -> [2034/05/20 15:34:46 | 000,065,536 | ---- | M] ()
senacaroxbridge.JPG -> C:\Documents and Settings\Lori\My Documents\senacaroxbridge.JPG -> [2034/04/22 12:54:48 | 000,654,536 | ---- | M] ()
farmchurch.JPG -> C:\Documents and Settings\Lori\My Documents\farmchurch.JPG -> [2034/04/22 11:23:50 | 000,616,207 | ---- | M] ()
jr rd.JPG -> C:\Documents and Settings\Lori\My Documents\jr rd.JPG -> [2034/04/22 11:19:32 | 000,332,059 | ---- | M] ()
jr rd 1.JPG -> C:\Documents and Settings\Lori\My Documents\jr rd 1.JPG -> [2034/04/22 11:19:12 | 000,427,021 | ---- | M] ()
jr rd 2.JPG -> C:\Documents and Settings\Lori\My Documents\jr rd 2.JPG -> [2034/04/22 11:18:54 | 000,336,465 | ---- | M] ()
riverroad.JPG -> C:\Documents and Settings\Lori\My Documents\riverroad.JPG -> [2034/04/22 11:01:04 | 000,634,811 | ---- | M] ()
riverroad2.JPG -> C:\Documents and Settings\Lori\My Documents\riverroad2.JPG -> [2034/04/22 11:00:48 | 000,527,189 | ---- | M] ()
belington1.JPG -> C:\Documents and Settings\Lori\My Documents\belington1.JPG -> [2034/04/22 10:44:20 | 000,550,940 | ---- | M] ()
belingtonschool.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonschool.JPG -> [2034/04/22 10:42:44 | 000,546,467 | ---- | M] ()
belingtonriver.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonriver.JPG -> [2034/04/22 10:40:52 | 000,392,649 | ---- | M] ()
belingtonbr1.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonbr1.JPG -> [2034/04/22 10:39:52 | 000,355,017 | ---- | M] ()
belingtonbr2.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonbr2.JPG -> [2034/04/22 10:39:12 | 000,347,803 | ---- | M] ()
belingtonriver1.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonriver1.JPG -> [2034/04/22 10:39:00 | 000,515,821 | ---- | M] ()
belingtonriver2.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonriver2.JPG -> [2034/04/22 10:38:14 | 000,605,534 | ---- | M] ()
pentagon.JPG -> C:\Documents and Settings\Lori\My Documents\pentagon.JPG -> [2034/03/30 15:31:08 | 000,350,320 | ---- | M] ()
washingtonmonument.JPG -> C:\Documents and Settings\Lori\My Documents\washingtonmonument.JPG -> [2034/03/30 15:06:00 | 000,419,339 | ---- | M] ()
dc2.JPG -> C:\Documents and Settings\Lori\My Documents\dc2.JPG -> [2034/03/30 15:02:10 | 000,237,365 | ---- | M] ()
dc1.JPG -> C:\Documents and Settings\Lori\My Documents\dc1.JPG -> [2034/03/30 15:01:18 | 000,241,357 | ---- | M] ()
arlington.JPG -> C:\Documents and Settings\Lori\My Documents\arlington.JPG -> [2034/03/30 14:33:06 | 000,325,319 | ---- | M] ()
dcpot1.JPG -> C:\Documents and Settings\Lori\My Documents\dcpot1.JPG -> [2034/03/30 14:32:30 | 000,356,994 | ---- | M] ()
amish.JPG -> C:\Documents and Settings\Lori\My Documents\amish.JPG -> [2034/03/29 17:22:20 | 000,292,238 | ---- | M] ()
harrisonburg2.JPG -> C:\Documents and Settings\Lori\My Documents\harrisonburg2.JPG -> [2034/03/29 17:12:20 | 000,539,244 | ---- | M] ()
harrisonburgder1.JPG -> C:\Documents and Settings\Lori\My Documents\harrisonburgder1.JPG -> [2034/03/29 17:12:08 | 000,400,731 | ---- | M] ()
harrisonburg.JPG -> C:\Documents and Settings\Lori\My Documents\harrisonburg.JPG -> [2034/03/29 17:11:38 | 000,359,846 | ---- | M] ()
derrickireland.JPG -> C:\Documents and Settings\Lori\My Documents\derrickireland.JPG -> [2034/03/07 21:06:50 | 000,481,887 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 20:08:17 | 000,000,696 | ---- | M] ()
computerfix1.rtf -> C:\Documents and Settings\Lori\Desktop\computerfix1.rtf -> [2010/11/11 20:07:03 | 000,004,550 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:22 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup-1.46.exe -> C:\Documents and Settings\Lori\Desktop\mbam-setup-1.46.exe -> [2010/11/11 20:06:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
tdsskiller.zip -> C:\Documents and Settings\Lori\Desktop\tdsskiller.zip -> [2010/11/11 20:05:25 | 001,215,581 | ---- | M] ()
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/11 20:02:16 | 000,000,232 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/11 07:07:27 | 000,002,206 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/11 07:06:43 | 000,002,048 | --S- | M] ()
boot.ini -> C:\boot.ini -> [2010/11/09 06:35:18 | 000,000,327 | RHS- | M] ()
bigguy.jpg -> C:\Documents and Settings\Lori\My Documents\bigguy.jpg -> [2010/11/08 18:18:38 | 000,090,250 | ---- | M] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\Lori\Desktop\Free Window Registry Repair.lnk -> [2010/11/07 15:18:19 | 000,000,718 | ---- | M] ()
RegpairSetup.exe -> C:\Documents and Settings\Lori\Desktop\RegpairSetup.exe -> [2010/11/07 15:09:05 | 000,798,000 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/11/07 15:01:00 | 000,000,210 | ---- | M] ()
Combo-Fix.exe -> C:\Documents and Settings\Lori\Desktop\Combo-Fix.exe -> [2010/11/07 14:54:02 | 003,905,709 | R--- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 09:38:16 | 000,311,934 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 09:38:16 | 000,040,196 | ---- | M] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/11/01 18:40:47 | 000,001,968 | ---- | M] ()
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 20:08:17 | 000,000,696 | ---- | C] ()
computerfix1.rtf -> C:\Documents and Settings\Lori\Desktop\computerfix1.rtf -> [2010/11/11 20:07:03 | 000,004,550 | ---- | C] ()
tdsskiller.zip -> C:\Documents and Settings\Lori\Desktop\tdsskiller.zip -> [2010/11/11 20:05:19 | 001,215,581 | ---- | C] ()
bigguy.jpg -> C:\Documents and Settings\Lori\My Documents\bigguy.jpg -> [2010/11/08 18:18:34 | 000,090,250 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/11/07 15:36:25 | 000,000,210 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/11/07 15:36:22 | 000,260,272 | RHS- | C] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\Lori\Desktop\Free Window Registry Repair.lnk -> [2010/11/07 15:18:19 | 000,000,718 | ---- | C] ()
RegpairSetup.exe -> C:\Documents and Settings\Lori\Desktop\RegpairSetup.exe -> [2010/11/07 15:09:04 | 000,798,000 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/06 21:13:18 | 000,089,088 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/06 21:13:17 | 000,256,512 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/06 21:13:17 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/06 21:13:17 | 000,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/06 21:13:17 | 000,068,096 | ---- | C] ()
Combo-Fix.exe -> C:\Documents and Settings\Lori\Desktop\Combo-Fix.exe -> [2010/11/01 22:37:00 | 003,905,709 | R--- | C] ()
wrLZMA.dll -> C:\WINDOWS\System32\wrLZMA.dll -> [2010/11/01 18:45:19 | 000,030,424 | ---- | C] ()
SsiEfr.exe -> C:\WINDOWS\System32\SsiEfr.exe -> [2010/11/01 18:45:19 | 000,017,472 | ---- | C] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/11/01 18:40:47 | 000,001,968 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Lori\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/08/05 22:13:05 | 000,024,576 | ---- | C] ()
WINCMD.INI -> C:\WINDOWS\WINCMD.INI -> [2010/07/10 01:51:59 | 000,000,289 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/07/02 09:44:17 | 000,000,376 | ---- | C] ()
usrwiz.ini -> C:\WINDOWS\usrwiz.ini -> [2010/06/30 19:20:17 | 000,000,096 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2010/06/30 14:57:01 | 000,004,161 | ---- | C] ()
OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] ()

[File - Lop Check]
AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2010/11/06 19:30:02 | 000,000,000 | ---D | M]
{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/11/01 18:40:52 | 000,000,000 | -H-D | M]
BitTorrent -> C:\Documents and Settings\Guest\Application Data\BitTorrent -> [2010/09/19 17:45:10 | 000,000,000 | ---D | M]
AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR -> [2010/09/24 23:18:57 | 000,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\Lori\Application Data\BitTorrent -> [2010/08/07 22:40:37 | 000,000,000 | ---D | M]
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/11 20:02:16 | 000,000,232 | ---- | M] ()

[File - Purity Scan]

< End of report >

#8
gravitysrainbow

Posted 11 November 2010 - 09:34 PM

Member

Topic Starter
Member
37 posts

SYSTEM 3:
(Note: this is a laptop connecting through a wireless connection)

TDSSKiller report:
2010/11/11 20:28:41.0302 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/11 20:28:41.0302 ================================================================================
2010/11/11 20:28:41.0302 SystemInfo:
2010/11/11 20:28:41.0302
2010/11/11 20:28:41.0302 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/11 20:28:41.0302 Product type: Workstation
2010/11/11 20:28:41.0302 ComputerName: DERRICKLAPTOP
2010/11/11 20:28:41.0302 UserName: IRENE STUART
2010/11/11 20:28:41.0302 Windows directory: C:\WINDOWS
2010/11/11 20:28:41.0302 System windows directory: C:\WINDOWS
2010/11/11 20:28:41.0302 Processor architecture: Intel x86
2010/11/11 20:28:41.0302 Number of processors: 1
2010/11/11 20:28:41.0302 Page size: 0x1000
2010/11/11 20:28:41.0302 Boot type: Normal boot
2010/11/11 20:28:41.0302 ================================================================================
2010/11/11 20:28:41.0883 Initialize success
2010/11/11 20:28:43.0996 ================================================================================
2010/11/11 20:28:43.0996 Scan started
2010/11/11 20:28:43.0996 Mode: Manual;
2010/11/11 20:28:43.0996 ================================================================================
2010/11/11 20:28:48.0021 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/11 20:28:48.0472 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 20:28:48.0783 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/11 20:28:48.0963 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/11 20:28:49.0043 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 20:28:49.0333 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 20:28:49.0534 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/11/11 20:28:49.0744 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/11 20:28:49.0934 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/11 20:28:50.0115 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/11 20:28:50.0445 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/11 20:28:50.0665 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/11 20:28:50.0846 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/11 20:28:51.0036 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/11 20:28:51.0206 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/11 20:28:51.0416 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/11 20:28:51.0627 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/11 20:28:51.0807 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/11 20:28:51.0977 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/11 20:28:52.0037 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 20:28:52.0218 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 20:28:52.0658 ati2mtag (b4991feb456ea3dab743bce85a5303eb) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/11 20:28:52.0858 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 20:28:53.0069 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 20:28:53.0249 BCM43XX (5204362ec9ae6d7a5e2c9ec97a869f3f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/11/11 20:28:53.0449 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/11/11 20:28:53.0640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 20:28:54.0230 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/11 20:28:54.0371 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 20:28:54.0421 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/11 20:28:54.0971 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 20:28:55.0322 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 20:28:55.0502 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 20:28:55.0823 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/11 20:28:56.0003 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/11 20:28:56.0183 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/11 20:28:56.0394 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/11 20:28:56.0604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/11 20:28:56.0814 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/11 20:28:57.0044 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 20:28:57.0285 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 20:28:57.0485 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/11 20:28:57.0675 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 20:28:57.0856 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 20:28:58.0036 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/11 20:28:58.0096 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 20:28:58.0266 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/11 20:28:58.0457 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 20:28:58.0647 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 20:28:58.0827 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 20:28:58.0867 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 20:28:59.0077 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/11 20:28:59.0248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 20:28:59.0398 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 20:28:59.0598 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/11 20:28:59.0778 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 20:28:59.0989 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 20:29:00.0239 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/11 20:29:00.0449 HSFHWICH (d92f67e3de92ab8248f3503e94f51bdc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/11 20:29:00.0760 HSF_DP (fcbb9de66e8933fbae05bc416b6524f8) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/11 20:29:00.0970 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 20:29:01.0150 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/11 20:29:01.0220 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/11 20:29:01.0341 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 20:29:01.0531 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/11/11 20:29:01.0741 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/11/11 20:29:01.0972 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/11/11 20:29:02.0152 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/11/11 20:29:02.0352 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/11/11 20:29:02.0532 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/11/11 20:29:02.0713 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/11/11 20:29:02.0883 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/11/11 20:29:03.0083 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/11/11 20:29:03.0253 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/11/11 20:29:03.0434 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 20:29:03.0634 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/11 20:29:03.0804 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/11 20:29:04.0014 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/11 20:29:04.0205 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/11 20:29:04.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 20:29:04.0545 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 20:29:05.0016 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 20:29:05.0206 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 20:29:05.0386 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 20:29:05.0567 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 20:29:05.0617 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 20:29:05.0797 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 20:29:05.0967 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 20:29:06.0108 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/11 20:29:06.0298 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/11 20:29:06.0538 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/11/11 20:29:06.0718 mdmxsdk (29174d3d90ee4244fda6355a859691be) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/11 20:29:06.0919 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 20:29:07.0119 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 20:29:07.0289 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 20:29:07.0469 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 20:29:07.0520 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 20:29:07.0710 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/11 20:29:07.0900 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 20:29:08.0130 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 20:29:08.0321 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 20:29:08.0511 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 20:29:08.0701 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 20:29:08.0871 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 20:29:09.0022 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 20:29:09.0082 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 20:29:09.0262 MxlW2k (ee7dc6532468b0bd08aa5790ee8b428c) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/11/11 20:29:09.0432 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
2010/11/11 20:29:09.0502 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 20:29:09.0793 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 20:29:09.0953 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 20:29:10.0133 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 20:29:10.0324 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 20:29:10.0504 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 20:29:10.0684 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 20:29:10.0954 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/11 20:29:11.0145 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 20:29:11.0345 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 20:29:11.0545 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 20:29:11.0856 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/11 20:29:12.0226 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 20:29:12.0417 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 20:29:12.0567 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/11 20:29:12.0757 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/11 20:29:12.0937 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/11 20:29:13.0128 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 20:29:13.0298 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 20:29:13.0358 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 20:29:13.0528 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 20:29:13.0738 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/11 20:29:13.0909 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/11 20:29:14.0289 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/11 20:29:14.0349 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/11 20:29:14.0590 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/11 20:29:14.0820 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 20:29:15.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 20:29:15.0261 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/11 20:29:15.0431 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/11 20:29:15.0481 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/11 20:29:15.0541 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/11 20:29:15.0591 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/11 20:29:15.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 20:29:15.0972 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 20:29:16.0192 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 20:29:16.0392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 20:29:16.0603 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 20:29:16.0803 RDID1009 (ab4ac4e2a616769b507265059559bb1c) C:\WINDOWS\system32\Drivers\rdwm1009.sys
2010/11/11 20:29:17.0073 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 20:29:17.0274 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 20:29:17.0494 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 20:29:17.0744 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 20:29:18.0015 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 20:29:18.0245 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 20:29:18.0435 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 20:29:18.0646 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 20:29:18.0896 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/11 20:29:19.0096 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/11 20:29:19.0186 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 20:29:19.0377 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 20:29:19.0617 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 20:29:19.0847 SSFMONM (362f131c87633c6d021441b835c2cebc) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2010/11/11 20:29:20.0038 SSHRMD (d7e2f6c09300cb295edafcef84a53a5e) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2010/11/11 20:29:20.0258 SSIDRV (de67dd27b8053e4d40a7bd979643bd1c) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2010/11/11 20:29:20.0518 STAC97 (f2ca38990f140025b91ee7bbd315f44c) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/11 20:29:20.0919 StreamDispatcher (f88b1e32fa8af4a43ef2dc7c5c27d5fa) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/11/11 20:29:21.0209 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 20:29:21.0540 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 20:29:21.0770 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/11 20:29:21.0990 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/11 20:29:22.0191 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/11 20:29:22.0371 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/11 20:29:22.0601 SynTP (1402524b46b1eb2d917eb2acd9dd74a5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/11 20:29:22.0812 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 20:29:23.0072 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 20:29:23.0332 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 20:29:23.0543 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 20:29:23.0973 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 20:29:24.0264 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/11 20:29:24.0484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 20:29:24.0704 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/11 20:29:24.0925 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 20:29:25.0145 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/11 20:29:25.0345 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/11 20:29:25.0525 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/11 20:29:25.0746 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/11 20:29:25.0946 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 20:29:26.0146 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/11 20:29:26.0327 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/11 20:29:26.0517 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 20:29:26.0757 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 20:29:26.0937 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 20:29:27.0178 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/11 20:29:27.0368 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/11 20:29:27.0548 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 20:29:27.0789 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 20:29:28.0069 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 20:29:28.0360 winachsf (800c790afb897fad40a4d721041f2997) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/11 20:29:29.0371 ================================================================================
2010/11/11 20:29:29.0371 Scan finished
2010/11/11 20:29:29.0371 ================================================================================
2010/11/11 20:29:46.0446 ================================================================================
2010/11/11 20:29:46.0446 Scan started
2010/11/11 20:29:46.0446 Mode: Manual;
2010/11/11 20:29:46.0446 ================================================================================
2010/11/11 20:29:47.0457 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/11 20:29:47.0657 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 20:29:47.0838 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/11 20:29:48.0018 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/11 20:29:48.0238 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 20:29:48.0448 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 20:29:48.0609 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/11/11 20:29:48.0799 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/11 20:29:48.0989 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/11 20:29:49.0169 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/11 20:29:49.0400 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/11 20:29:49.0600 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/11 20:29:49.0790 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/11 20:29:49.0961 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/11 20:29:50.0131 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/11 20:29:50.0401 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/11 20:29:50.0581 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/11 20:29:50.0762 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/11 20:29:50.0952 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/11 20:29:51.0132 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 20:29:51.0363 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 20:29:51.0643 ati2mtag (b4991feb456ea3dab743bce85a5303eb) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/11 20:29:51.0843 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 20:29:52.0094 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 20:29:52.0294 BCM43XX (5204362ec9ae6d7a5e2c9ec97a869f3f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/11/11 20:29:52.0604 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/11/11 20:29:52.0955 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 20:29:53.0516 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/11 20:29:53.0706 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 20:29:53.0896 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/11 20:29:54.0107 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 20:29:54.0327 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 20:29:54.0517 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 20:29:54.0757 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/11 20:29:54.0938 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/11 20:29:55.0128 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/11 20:29:55.0328 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/11 20:29:55.0408 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/11 20:29:55.0519 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/11 20:29:55.0759 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 20:29:56.0009 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 20:29:56.0230 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/11 20:29:56.0400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 20:29:56.0610 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 20:29:56.0790 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/11 20:29:56.0870 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 20:29:57.0061 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/11 20:29:57.0311 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 20:29:57.0501 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 20:29:57.0882 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 20:29:58.0052 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 20:29:58.0293 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/11 20:29:58.0483 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 20:29:58.0683 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 20:29:58.0863 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/11 20:29:59.0054 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 20:29:59.0284 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 20:29:59.0464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/11 20:29:59.0655 HSFHWICH (d92f67e3de92ab8248f3503e94f51bdc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/11 20:29:59.0905 HSF_DP (fcbb9de66e8933fbae05bc416b6524f8) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/11 20:30:00.0105 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 20:30:00.0325 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/11 20:30:00.0516 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/11 20:30:00.0706 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 20:30:00.0906 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/11/11 20:30:01.0097 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/11/11 20:30:01.0267 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/11/11 20:30:01.0447 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/11/11 20:30:01.0657 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/11/11 20:30:01.0858 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/11/11 20:30:02.0078 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/11/11 20:30:02.0278 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/11/11 20:30:02.0499 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/11/11 20:30:02.0689 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/11/11 20:30:02.0879 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 20:30:03.0099 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/11 20:30:03.0370 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/11 20:30:03.0540 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/11 20:30:03.0730 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/11 20:30:04.0081 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 20:30:04.0301 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 20:30:04.0491 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 20:30:04.0682 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 20:30:04.0862 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 20:30:05.0062 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 20:30:05.0263 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 20:30:05.0463 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 20:30:05.0663 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 20:30:05.0803 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/11 20:30:05.0994 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/11 20:30:06.0274 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/11/11 20:30:06.0474 mdmxsdk (29174d3d90ee4244fda6355a859691be) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/11 20:30:06.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 20:30:06.0965 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 20:30:07.0165 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 20:30:07.0376 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 20:30:07.0576 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 20:30:07.0746 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/11 20:30:07.0956 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 20:30:08.0177 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 20:30:08.0407 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 20:30:08.0617 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 20:30:08.0788 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 20:30:08.0978 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 20:30:09.0158 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 20:30:09.0378 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 20:30:09.0569 MxlW2k (ee7dc6532468b0bd08aa5790ee8b428c) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/11/11 20:30:09.0769 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
2010/11/11 20:30:09.0969 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 20:30:10.0150 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 20:30:10.0360 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 20:30:10.0540 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 20:30:10.0740 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 20:30:10.0921 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 20:30:11.0121 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 20:30:11.0431 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/11 20:30:11.0632 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 20:30:11.0832 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 20:30:12.0052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 20:30:12.0373 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/11 20:30:12.0573 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 20:30:12.0763 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 20:30:12.0954 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/11 20:30:13.0134 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/11 20:30:13.0344 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/11 20:30:13.0554 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 20:30:13.0755 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 20:30:13.0955 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 20:30:14.0145 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 20:30:14.0526 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/11 20:30:14.0706 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/11 20:30:15.0047 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/11 20:30:15.0267 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/11 20:30:15.0587 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/11 20:30:15.0808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 20:30:15.0988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 20:30:16.0178 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/11 20:30:16.0379 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/11 20:30:16.0569 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/11 20:30:16.0739 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/11 20:30:16.0909 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/11 20:30:17.0100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 20:30:17.0310 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 20:30:17.0520 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 20:30:17.0700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 20:30:17.0881 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 20:30:18.0081 RDID1009 (ab4ac4e2a616769b507265059559bb1c) C:\WINDOWS\system32\Drivers\rdwm1009.sys
2010/11/11 20:30:18.0321 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 20:30:18.0582 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 20:30:18.0792 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 20:30:18.0992 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 20:30:19.0283 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 20:30:19.0523 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 20:30:19.0723 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 20:30:19.0914 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 20:30:20.0174 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/11 20:30:20.0384 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/11 20:30:20.0565 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 20:30:20.0775 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 20:30:21.0015 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 20:30:21.0216 SSFMONM (362f131c87633c6d021441b835c2cebc) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2010/11/11 20:30:21.0406 SSHRMD (d7e2f6c09300cb295edafcef84a53a5e) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2010/11/11 20:30:21.0626 SSIDRV (de67dd27b8053e4d40a7bd979643bd1c) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2010/11/11 20:30:21.0816 STAC97 (f2ca38990f140025b91ee7bbd315f44c) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/11 20:30:22.0017 StreamDispatcher (f88b1e32fa8af4a43ef2dc7c5c27d5fa) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2010/11/11 20:30:22.0197 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 20:30:22.0397 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 20:30:22.0597 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/11 20:30:22.0788 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/11 20:30:22.0958 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/11 20:30:23.0008 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/11 20:30:23.0128 SynTP (1402524b46b1eb2d917eb2acd9dd74a5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/11 20:30:23.0329 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 20:30:23.0629 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 20:30:23.0909 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 20:30:24.0090 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 20:30:24.0290 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 20:30:24.0510 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/11 20:30:24.0721 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 20:30:24.0921 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/11 20:30:25.0121 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 20:30:25.0341 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/11 20:30:25.0532 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/11 20:30:25.0702 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/11 20:30:25.0872 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/11 20:30:26.0072 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 20:30:26.0263 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/11 20:30:26.0443 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/11 20:30:26.0623 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 20:30:26.0914 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 20:30:27.0094 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 20:30:27.0294 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/11 20:30:27.0475 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/11 20:30:27.0655 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 20:30:27.0895 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 20:30:28.0206 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 20:30:28.0436 winachsf (800c790afb897fad40a4d721041f2997) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/11 20:30:29.0327 ================================================================================
2010/11/11 20:30:29.0327 Scan finished
2010/11/11 20:30:29.0327 ================================================================================
2010/11/11 20:31:16.0916 Deinitialize success

Malwarebytes report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/11/2010 9:32:33 PM
mbam-log-2010-11-11 (21-32-33).txt

Scan type: Quick scan
Objects scanned: 127688
Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTS report:
OTS logfile created on: 11/11/2010 9:34:30 PM - Run 1
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\IRENE STUART\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 118.00 Mb Available Physical Memory | 46.00% Memory free
626.00 Mb Paging File | 464.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.90 Gb Total Space | 17.65 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DERRICKLAPTOP
Current User Name: IRENE STUART
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:54 | 000,642,048 | ---- | M] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
support.exe -> C:\Program Files\Common Files\Dell\EUSW\Support.exe -> [2003/05/15 14:22:36 | 000,245,760 | ---- | M] (Dell)
carpserv.exe -> C:\WINDOWS\SYSTEM32\carpserv.exe -> [2003/01/23 15:06:04 | 000,004,608 | ---- | M] (Conexant Systems, Inc.)
dadtray.exe -> C:\Program Files\Dell\AccessDirect\dadtray.exe -> [2002/11/18 10:11:10 | 000,188,416 | ---- | M] ()
dadapp.exe -> C:\Program Files\Dell\AccessDirect\DadApp.exe -> [2002/11/01 16:47:36 | 000,208,560 | ---- | M] ()
mcvsrte.exe -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> [2002/10/04 15:09:20 | 000,094,208 | ---- | M] (Mcafee.com Corporation)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2002/09/12 09:28:14 | 000,024,576 | ---- | M] (BVRP Software)
dsentry.exe -> C:\WINDOWS\SYSTEM32\DSentry.exe -> [2002/07/17 10:18:06 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering)
mcshield.exe -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [2001/09/08 06:00:00 | 000,225,375 | ---- | M] ()

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:54 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AppMgmt) Application Management [Disabled | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/10/31 01:17:29 | 001,357,464 | ---- | M] (Lavasoft)
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Disabled | Stopped] -> C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(WRConsumerService) Webroot Client Service [Disabled | Stopped] -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/24 19:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. )
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.)
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Auto | Running] -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> [2002/10/04 15:09:20 | 000,094,208 | ---- | M] (Mcafee.com Corporation)
(McShield) McAfee.com McShield [On_Demand | Running] -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [2001/09/08 06:00:00 | 000,225,375 | ---- | M] ()

[Driver Services - Safe List]
(浍湉ဈﾷ￠联�ﾶ�ﾶ.sys) 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys [WARNING: C:\WINDOWS\System32\drivers\drivers\??????????.sys.sys] -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\Services\PptpMiniport.sys -> File not found
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -> File not found
(DEV੠敄欘dd䇨) DEV੠敄欘dd䇨 [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\DEV੠敄欘dd䇨.sys [WARNING: C:\WINDOWS\System32\drivers\DEV?????dd??.sys] -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\Combo-Fix\catchme.sys -> File not found
(ATWPKT2) ATWPKT2 [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\AMERIC~1.0\ATWPKT2.SYS -> File not found
(3858872) 3858872 [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\3858872.sys -> File not found
({29BBE205-9939-4D4C-A0AC-B7E351EC50B9}) {29BBE205-9939-4D4C-A0AC-B7E351EC50B9} [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\Machine\System\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys -> File not found
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB)
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -> [2010/08/12 07:15:19 | 000,015,008 | ---- | M] ()
(B쐣〒굆ꄌ) B쐣〒굆ꄌ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B쐣〒굆ꄌ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys] -> [2010/07/22 12:20:12 | 000,000,000 | ---- | M] ()
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -> [2010/06/17 14:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSFMONM) Spy Sweeper File System Filter Driver [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ssfmonm.sys -> [2010/06/17 14:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -> [2010/06/17 14:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(浍湉ဈﾷ￠联�ﾶ�ﾶ) 浍湉ဈﾷ￠联�ﾶ�ﾶ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??????????.sys] -> [2010/05/14 14:40:18 | 000,000,000 | ---- | M] ()
(NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}) NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9} [Kernel | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys -> [2010/03/30 13:01:43 | 000,000,000 | ---- | M] ()
(B�竓瞥) B�竓瞥 [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys] -> [2010/03/08 12:15:23 | 000,000,000 | ---- | M] ()
(TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}) TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E} [Kernel | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys -> [2010/02/25 12:17:10 | 000,000,000 | ---- | M] ()
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys -> [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.)
(RDID1009) EDIROL UM-1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\Rdwm1009.sys -> [2007/03/05 06:08:36 | 000,079,649 | R--- | M] (Roland Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -> [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\amdagp.sys -> [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sisagp.sys -> [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -> [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -> [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation)
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -> [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation)
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -> [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation)
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -> [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation)
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -> [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation)
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -> [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation)
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -> [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation)
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -> [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation)
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -> [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation)
(i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -> [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation)
(MxlW2k) MxlW2k [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\MxlW2k.sys -> [2003/06/03 02:00:20 | 000,028,100 | ---- | M] (MusicMatch, Inc.)
(StreamDispatcher) StreamDispatcher [Kernel | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\strmdisp.sys -> [2003/01/23 15:06:12 | 000,022,400 | ---- | M] (Conexant Systems, Inc.)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -> [2003/01/23 15:05:00 | 000,153,344 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -> [2003/01/23 15:03:04 | 000,585,984 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -> [2003/01/23 15:02:00 | 001,067,008 | ---- | M] (Conexant Systems, Inc.)
(BCM43XX) Dell TrueMobile WLAN Card Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -> [2003/01/09 14:01:50 | 000,164,224 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -> [2002/12/17 11:41:36 | 000,042,368 | ---- | M] (Broadcom Corporation)
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -> [2002/11/11 17:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -> [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -> [2002/11/07 22:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -> [2002/10/11 12:21:36 | 000,264,528 | ---- | M] (Synaptics, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -> [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation)
(NaiFiltr) NaiFiltr [File_System | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -> [2001/08/17 11:22:04 | 000,023,296 | ---- | M] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dellnet.com/ ->
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dellnet.com/ ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dellnet.com/ ->
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dellnet.com/ ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > -> ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: "ProxyOverride" -> <local> ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: "ProxyServer" -> http=127.0.0.1:6092 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\IRENE STUART\Application Data\Mozilla\FireFox\Profiles\qxdkqfqz.default\prefs.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/03 00:47:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/03 00:46:12 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\IRENE STUART\Application Data\Mozilla\Extensions -> [2010/11/03 00:48:18 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\IRENE STUART\Application Data\Mozilla\Firefox\Profiles\qxdkqfqz.default\extensions -> [2010/11/03 00:48:18 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/26 03:30:36 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/02 00:02:32 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 00:47:54 | 000,050,376 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ATIModeChange" -> C:\WINDOWS\System32\Ati2mdxx.exe ["Ati2mdxx.exe"] -> [2001/09/04 16:24:26 | 000,028,672 | ---- | M] (ATI Technologies, Inc.)
"CARPService" -> C:\WINDOWS\System32\carpserv.exe ["carpserv.exe"] -> [2003/01/23 15:06:04 | 000,004,608 | ---- | M] (Conexant Systems, Inc.)
"DadApp" -> C:\Program Files\Dell\AccessDirect\dadapp.exe ["C:\Program Files\Dell\AccessDirect\dadapp.exe"] -> [2002/11/01 16:47:36 | 000,208,560 | ---- | M] ()
"DVDSentry" -> C:\WINDOWS\System32\DSentry.exe ["C:\WINDOWS\System32\DSentry.exe"] -> [2002/07/17 10:18:06 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering)
"DwlClient" -> C:\Program Files\Common Files\Dell\EUSW\Support.exe ["C:\Program Files\Common Files\Dell\EUSW\Support.exe"] -> [2003/05/15 14:22:36 | 000,245,760 | ---- | M] (Dell)
"SynTPLpr" -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ["C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"] -> [2002/10/11 12:30:44 | 000,126,976 | ---- | M] (Synaptics, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2003/06/03 02:15:13 | 000,151,597 | ---- | M] (RealNetworks, Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2002/09/12 09:28:14 | 000,024,576 | ---- | M] (BVRP Software)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< IRENE STUART Startup Folder > -> C:\Documents and Settings\IRENE STUART\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Key error.] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
t fou -> -> File not found
*MultiFile Done* -> ->
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
Lsa -> -> File not found
ity Packages settings... -> -> File not found
41 -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2010/05/21 10:36:28 | 003,824,472 | ---- | M] (AOL Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2010/02/09 17:16:32 | 000,654,648 | ---- | M] (BitTorrent, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/09/03 08:59:58 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004/08/04 02:56:57 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [AddToPlaylistVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] ()
Directory [find] -> %SystemRoot%\Explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 11/6/2010 1:56:48 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/6/2010 1:57:19 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/8/2010 4:48:00 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/8/2010 4:48:03 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/9/2010 3:05:00 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/9/2010 3:05:15 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/10/2010 3:22:10 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/10/2010 3:22:15 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/11/2010 7:51:56 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/11/2010 7:52:05 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
System [ Error ] 11/10/2010 3:14:40 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/10/2010 3:14:40 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079
System [ Error ] 11/10/2010 3:22:21 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7034 -> Description = The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 11/10/2010 11:30:05 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
System [ Error ] 11/11/2010 2:59:59 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/11/2010 2:59:59 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079
System [ Error ] 11/11/2010 3:00:01 PM Computer Name = DERRICKLAPTOP | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.2.4 for the Network Card with network address 00904B244A18 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 11/11/2010 7:52:09 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7034 -> Description = The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 11/11/2010 9:24:36 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/11/2010 9:24:36 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079

[Files/Folders - Created Within 30 Days]
tdsskiller -> C:\Documents and Settings\IRENE STUART\Desktop\tdsskiller -> [2010/11/11 20:28:26 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:52 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup(2).exe -> C:\Documents and Settings\IRENE STUART\Desktop\mbam-setup(2).exe -> [2010/11/11 19:51:10 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
pix -> C:\Documents and Settings\IRENE STUART\My Documents\pix -> [2010/11/10 02:19:00 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/11/03 15:11:36 | 000,000,000 | -HSD | C]
Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2010/11/03 01:21:56 | 000,000,000 | ---D | C]
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\IRENE STUART\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/03 00:43:37 | 008,567,280 | ---- | C] (Mozilla)
SsiEfr.exe -> C:\WINDOWS\System32\SsiEfr.exe -> [2010/11/01 23:57:42 | 000,017,472 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssidrv.sys -> C:\WINDOWS\System32\drivers\ssidrv.sys -> [2010/11/01 23:57:25 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssfmonm.sys -> C:\WINDOWS\System32\drivers\ssfmonm.sys -> [2010/11/01 23:57:25 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
sshrmd.sys -> C:\WINDOWS\System32\drivers\sshrmd.sys -> [2010/11/01 23:57:25 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
temp -> C:\WINDOWS\temp -> [2010/11/01 23:36:28 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/11/01 23:00:05 | 000,000,000 | RHSD | C]
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/01 22:55:44 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/01 22:55:44 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/01 22:55:44 | 000,031,232 | ---- | C] (NirSoft)
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/01 22:55:43 | 000,212,480 | ---- | C] (SteelWerX)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/11/01 22:55:30 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/11/01 22:54:50 | 000,000,000 | ---D | C]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/11/01 22:49:46 | 000,000,000 | ---D | C]
SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2010/10/31 01:18:09 | 000,095,024 | ---- | C] (Sunbelt Software)
Webroot -> C:\Program Files\Webroot -> [2010/10/31 01:07:10 | 000,000,000 | ---D | C]
{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/10/31 01:06:44 | 000,000,000 | -H-D | C]
Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [2010/10/31 01:06:03 | 000,000,000 | ---D | C]
PackageAware -> C:\Documents and Settings\IRENE STUART\Local Settings\Application Data\PackageAware -> [2010/10/31 01:05:50 | 000,000,000 | ---D | C]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/11/11 20:27:08 | 000,000,472 | ---- | M] ()
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2010/11/11 20:24:28 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/11 20:24:25 | 267,440,128 | -HS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 19:55:08 | 000,000,696 | ---- | M] ()
computerfix1.rtf -> C:\Documents and Settings\IRENE STUART\Desktop\computerfix1.rtf -> [2010/11/11 19:54:10 | 000,004,196 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:54 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup(2).exe -> C:\Documents and Settings\IRENE STUART\Desktop\mbam-setup(2).exe -> [2010/11/11 19:51:57 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
tdsskiller.zip -> C:\Documents and Settings\IRENE STUART\Desktop\tdsskiller.zip -> [2010/11/11 19:49:51 | 001,215,581 | ---- | M] ()
16269_1269294415951_1337568108_30798323_2833581_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294415951_1337568108_30798323_2833581_n.jpg -> [2010/11/10 02:50:58 | 000,019,040 | ---- | M] ()
44632_142077209163247_100000829071495_183209_4044198_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\44632_142077209163247_100000829071495_183209_4044198_n.jpg -> [2010/11/10 02:50:21 | 000,086,575 | ---- | M] ()
l23.JPG -> C:\Documents and Settings\IRENE STUART\Desktop\l23.JPG -> [2010/11/10 02:25:47 | 000,047,048 | ---- | M] ()
n43202626_30209792_1405.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30209792_1405.jpg -> [2010/11/10 02:14:34 | 000,064,712 | ---- | M] ()
6174_112605476226_530216226_2693289_5746279_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6174_112605476226_530216226_2693289_5746279_n.jpg -> [2010/11/10 02:12:04 | 000,071,081 | ---- | M] ()
16269_1269292455902_1337568108_30798317_3805717_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269292455902_1337568108_30798317_3805717_n.jpg -> [2010/11/10 02:08:39 | 000,056,748 | ---- | M] ()
n1255260051_30059652_9726.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059652_9726.jpg -> [2010/11/10 01:57:43 | 000,047,598 | ---- | M] ()
n14229306_34298133_425.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_34298133_425.jpg -> [2010/11/10 01:56:34 | 000,065,735 | ---- | M] ()
n14228939_31237263_1379.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14228939_31237263_1379.jpg -> [2010/11/10 01:56:26 | 000,051,078 | ---- | M] ()
6614_116586316226_530216226_2754120_632827_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586316226_530216226_2754120_632827_n.jpg -> [2010/11/10 01:55:46 | 000,028,777 | ---- | M] ()
n43202626_30593204_3296.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30593204_3296.jpg -> [2010/11/10 01:55:29 | 000,055,503 | ---- | M] ()
6614_116586301226_530216226_2754118_6097523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586301226_530216226_2754118_6097523_n.jpg -> [2010/11/10 01:55:08 | 000,041,761 | ---- | M] ()
n14229306_36725576_2629.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_36725576_2629.jpg -> [2010/11/10 01:54:57 | 000,053,463 | ---- | M] ()
n1255260051_30059656_906.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059656_906.jpg -> [2010/11/10 01:54:38 | 000,049,248 | ---- | M] ()
n14229306_35273601_4146.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_35273601_4146.jpg -> [2010/11/10 01:54:15 | 000,046,908 | ---- | M] ()
16269_1269299336074_1337568108_30798353_720516_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269299336074_1337568108_30798353_720516_n.jpg -> [2010/11/09 01:03:11 | 000,046,544 | ---- | M] ()
16269_1269651624881_1337568108_30799587_123308_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269651624881_1337568108_30799587_123308_n.jpg -> [2010/11/09 01:02:49 | 000,039,231 | ---- | M] ()
16269_1269294375950_1337568108_30798322_2021523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294375950_1337568108_30798322_2021523_n.jpg -> [2010/11/09 00:59:23 | 000,032,694 | ---- | M] ()
16269_1269290495853_1337568108_30798281_3990276_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269290495853_1337568108_30798281_3990276_n.jpg -> [2010/11/09 00:59:00 | 000,046,397 | ---- | M] ()
16269_1269294935964_1337568108_30798326_4353692_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294935964_1337568108_30798326_4353692_n.jpg -> [2010/11/09 00:58:38 | 000,038,738 | ---- | M] ()
masons.wpd -> C:\Documents and Settings\IRENE STUART\My Documents\masons.wpd -> [2010/11/08 02:51:03 | 000,016,426 | ---- | M] ()
BOOT.INI -> C:\BOOT.INI -> [2010/11/06 12:46:02 | 000,000,327 | RHS- | M] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\IRENE STUART\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:21:59 | 000,000,718 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\IRENE STUART\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/03 00:46:39 | 000,001,620 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/03 00:46:39 | 000,001,602 | ---- | M] ()
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\IRENE STUART\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/03 00:43:19 | 008,567,280 | ---- | M] (Mozilla)
lnumbers.rtf -> C:\Documents and Settings\IRENE STUART\My Documents\lnumbers.rtf -> [2010/11/02 22:41:32 | 000,000,188 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\ETC\hosts -> [2010/11/02 00:02:32 | 000,000,027 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 22:49:25 | 000,000,211 | ---- | M] ()
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2010/11/01 22:46:44 | 000,001,170 | ---- | M] ()
Combo-Fix.exe -> C:\Documents and Settings\IRENE STUART\Desktop\Combo-Fix.exe -> [2010/11/01 22:37:42 | 003,887,136 | R--- | M] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/31 01:07:15 | 000,001,968 | ---- | M] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/10/25 22:16:10 | 000,079,872 | ---- | M] ()
SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2010/10/18 17:56:13 | 000,095,024 | ---- | M] (Sunbelt Software)
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
computerfix1.rtf -> C:\Documents and Settings\IRENE STUART\Desktop\computerfix1.rtf -> [2010/11/11 19:54:10 | 000,004,196 | ---- | C] ()
tdsskiller.zip -> C:\Documents and Settings\IRENE STUART\Desktop\tdsskiller.zip -> [2010/11/11 19:49:47 | 001,215,581 | ---- | C] ()
16269_1269294415951_1337568108_30798323_2833581_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294415951_1337568108_30798323_2833581_n.jpg -> [2010/11/10 02:50:57 | 000,019,040 | ---- | C] ()
44632_142077209163247_100000829071495_183209_4044198_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\44632_142077209163247_100000829071495_183209_4044198_n.jpg -> [2010/11/10 02:50:20 | 000,086,575 | ---- | C] ()
l23.JPG -> C:\Documents and Settings\IRENE STUART\Desktop\l23.JPG -> [2010/11/10 02:25:47 | 000,047,048 | ---- | C] ()
n43202626_30209792_1405.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30209792_1405.jpg -> [2010/11/10 02:14:34 | 000,064,712 | ---- | C] ()
6174_112605476226_530216226_2693289_5746279_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6174_112605476226_530216226_2693289_5746279_n.jpg -> [2010/11/10 02:12:04 | 000,071,081 | ---- | C] ()
16269_1269292455902_1337568108_30798317_3805717_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269292455902_1337568108_30798317_3805717_n.jpg -> [2010/11/10 02:08:39 | 000,056,748 | ---- | C] ()
n1255260051_30059652_9726.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059652_9726.jpg -> [2010/11/10 01:57:42 | 000,047,598 | ---- | C] ()
n14229306_34298133_425.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_34298133_425.jpg -> [2010/11/10 01:56:34 | 000,065,735 | ---- | C] ()
n14228939_31237263_1379.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14228939_31237263_1379.jpg -> [2010/11/10 01:56:25 | 000,051,078 | ---- | C] ()
6614_116586316226_530216226_2754120_632827_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586316226_530216226_2754120_632827_n.jpg -> [2010/11/10 01:55:46 | 000,028,777 | ---- | C] ()
n43202626_30593204_3296.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30593204_3296.jpg -> [2010/11/10 01:55:29 | 000,055,503 | ---- | C] ()
6614_116586301226_530216226_2754118_6097523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586301226_530216226_2754118_6097523_n.jpg -> [2010/11/10 01:55:08 | 000,041,761 | ---- | C] ()
n14229306_36725576_2629.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_36725576_2629.jpg -> [2010/11/10 01:54:57 | 000,053,463 | ---- | C] ()
n1255260051_30059656_906.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059656_906.jpg -> [2010/11/10 01:54:37 | 000,049,248 | ---- | C] ()
n14229306_35273601_4146.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_35273601_4146.jpg -> [2010/11/10 01:54:10 | 000,046,908 | ---- | C] ()
16269_1269299336074_1337568108_30798353_720516_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269299336074_1337568108_30798353_720516_n.jpg -> [2010/11/09 01:03:10 | 000,046,544 | ---- | C] ()
16269_1269651624881_1337568108_30799587_123308_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269651624881_1337568108_30799587_123308_n.jpg -> [2010/11/09 01:02:47 | 000,039,231 | ---- | C] ()
16269_1269294375950_1337568108_30798322_2021523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294375950_1337568108_30798322_2021523_n.jpg -> [2010/11/09 00:59:23 | 000,032,694 | ---- | C] ()
16269_1269290495853_1337568108_30798281_3990276_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269290495853_1337568108_30798281_3990276_n.jpg -> [2010/11/09 00:59:00 | 000,046,397 | ---- | C] ()
16269_1269294935964_1337568108_30798326_4353692_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294935964_1337568108_30798326_4353692_n.jpg -> [2010/11/09 00:58:38 | 000,038,738 | ---- | C] ()
masons.wpd -> C:\Documents and Settings\IRENE STUART\My Documents\masons.wpd -> [2010/11/04 19:01:09 | 000,016,426 | ---- | C] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\IRENE STUART\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:21:59 | 000,000,718 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\IRENE STUART\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/03 00:46:39 | 000,001,620 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/03 00:46:38 | 000,001,602 | ---- | C] ()
lnumbers.rtf -> C:\Documents and Settings\IRENE STUART\My Documents\lnumbers.rtf -> [2010/11/02 22:41:32 | 000,000,188 | ---- | C] ()
wrLZMA.dll -> C:\WINDOWS\System32\wrLZMA.dll -> [2010/11/01 23:57:42 | 000,030,424 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 23:00:17 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/11/01 23:00:10 | 000,260,272 | RHS- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/01 22:55:44 | 000,256,512 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/01 22:55:44 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/01 22:55:44 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/01 22:55:44 | 000,079,872 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/01 22:55:44 | 000,068,096 | ---- | C] ()
Combo-Fix.exe -> C:\Documents and Settings\IRENE STUART\Desktop\Combo-Fix.exe -> [2010/11/01 22:52:14 | 003,887,136 | R--- | C] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/31 01:07:15 | 000,001,968 | ---- | C] ()
secdrv.sys -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2010/09/19 00:21:13 | 000,027,440 | ---- | C] ()
.sys -> C:\WINDOWS\System32\drivers\.sys -> [2010/04/23 11:44:34 | 000,000,000 | ---- | C] ()
RdCi1009.dll -> C:\WINDOWS\System32\RdCi1009.dll -> [2010/04/14 20:32:13 | 000,010,886 | R--- | C] ()
NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys -> C:\WINDOWS\System32\drivers\NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys -> [2010/03/30 13:01:43 | 000,000,000 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\IRENE STUART\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/05 03:20:41 | 000,028,160 | ---- | C] ()
TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys -> C:\WINDOWS\System32\drivers\TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys -> [2010/02/25 12:17:10 | 000,000,000 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/26 14:52:19 | 000,000,024 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2009/12/26 14:51:51 | 000,000,002 | ---- | C] ()
PFP100JPR.{PB -> C:\Documents and Settings\IRENE STUART\Application Data\PFP100JPR.{PB -> [2003/12/30 14:37:26 | 000,061,678 | ---- | C] ()
PFP100JCM.{PB -> C:\Documents and Settings\IRENE STUART\Application Data\PFP100JCM.{PB -> [2003/12/30 14:37:26 | 000,012,358 | ---- | C] ()
dm.ini -> C:\Documents and Settings\IRENE STUART\Application Data\dm.ini -> [2003/11/05 14:37:21 | 000,000,000 | ---- | C] ()
lexstat.ini -> C:\WINDOWS\lexstat.ini -> [2003/07/05 13:08:09 | 000,000,304 | ---- | C] ()
lxbkvs.dll -> C:\WINDOWS\System32\lxbkvs.dll -> [2003/07/05 13:07:30 | 000,040,960 | ---- | C] ()
LXBKLCNP.DLL -> C:\WINDOWS\System32\LXBKLCNP.DLL -> [2003/07/05 13:07:28 | 000,077,824 | ---- | C] ()
lxbkcoin.ini -> C:\WINDOWS\System32\lxbkcoin.ini -> [2003/07/05 13:06:49 | 000,000,266 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2003/06/03 02:17:09 | 000,000,061 | ---- | C] ()
NaiFiltr.sys -> C:\WINDOWS\System32\drivers\NaiFiltr.sys -> [2003/06/03 02:13:20 | 000,023,296 | ---- | C] ()
intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2003/06/03 02:01:25 | 000,000,052 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2003/06/03 02:01:21 | 000,000,858 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2003/06/03 01:49:07 | 000,000,780 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2003/06/03 01:23:38 | 000,000,547 | ---- | C] ()
SynTPCoI.dll -> C:\WINDOWS\System32\SynTPCoI.dll -> [2002/10/11 12:35:28 | 000,077,824 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2002/09/03 08:59:14 | 000,004,161 | ---- | C] ()

[File - Lop Check]
AIM -> C:\Documents and Settings\All Users\Application Data\AIM -> [2010/08/19 17:19:12 | 000,000,000 | ---D | M]
BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2003/07/05 13:14:29 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\All Users\Application Data\Propellerhead Software -> [2010/04/12 23:44:49 | 000,000,000 | ---D | M]
Soulseek -> C:\Documents and Settings\All Users\Application Data\Soulseek -> [2010/05/21 23:52:58 | 000,000,000 | ---D | M]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/05/21 18:26:16 | 000,000,000 | ---D | M]
{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/10/31 01:07:47 | 000,000,000 | -H-D | M]
{ECC164E0-3133-4C70-A831-F08DB2940F70} -> C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} -> [2010/09/13 22:16:19 | 000,000,000 | -H-D | M]
acccore -> C:\Documents and Settings\Guest\Application Data\acccore -> [2010/09/26 00:37:01 | 000,000,000 | ---D | M]
acccore -> C:\Documents and Settings\IRENE STUART\Application Data\acccore -> [2010/08/19 17:20:32 | 000,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\IRENE STUART\Application Data\BitTorrent -> [2010/11/08 15:55:46 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Documents and Settings\IRENE STUART\Application Data\GetRightToGo -> [2010/06/03 15:01:46 | 000,000,000 | ---D | M]
gtk-2.0 -> C:\Documents and Settings\IRENE STUART\Application Data\gtk-2.0 -> [2010/06/20 01:33:58 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\IRENE STUART\Application Data\Propellerhead Software -> [2010/04/13 00:38:45 | 000,000,000 | ---D | M]
REAPER -> C:\Documents and Settings\IRENE STUART\Application Data\REAPER -> [2010/06/03 19:58:26 | 000,000,000 | ---D | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/11/11 20:27:08 | 000,000,472 | ---- | M] ()

[File - Purity Scan]

[Files/Folders - Unicode - All]
C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys -> [2010/03/08 12:15:23 | 000,000,000 | ---- | C] ()
C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys -> [2010/03/08 12:15:23 | 000,000,000 | ---- | M] ()
C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys -> [2010/05/14 14:40:18 | 000,000,000 | ---- | C] ()
C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys -> [2010/05/14 14:40:18 | 000,000,000 | ---- | M] ()
C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B쐣〒굆ꄌ.sys -> [2010/07/22 12:20:12 | 000,000,000 | ---- | C] ()
C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B쐣〒굆ꄌ.sys -> [2010/07/22 12:20:12 | 000,000,000 | ---- | M] ()
< End of report >

#9
gravitysrainbow

Posted 11 November 2010 - 09:40 PM

Member

Topic Starter
Member
37 posts

SYSTEM1 has been exhibiting unusual behavior such as extremely high memory usage, crashes, and freeze ups after running anti-virus scans, in addition to redirecting search engine results.

SYSTEM2 has symptoms such as most websites redirecting to strange search engine results, advertisements, pop-ups for adult websites, etc.

SYSTEM3 seems to be the least infected, despite being the first computer to have the infection. Websites, including Geekstogo, bringing up pop-ups for blank websites (example: googleanalytics.com) and problems with certain websites.

#10
Essexboy

Posted 12 November 2010 - 03:52 AM

GeekU Moderator

Retired Staff
69,964 posts

Sytem 1 had an MBR rootkit now cured

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > ->
YN -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> 7203A6761B.sys -> C:\WINDOWS\System32\7203A6761B.sys
[Files - No Company Name]
NY -> 1B76A60372.sys -> C:\WINDOWS\System32\1B76A60372.sys
[Files/Folders - Unicode - All]
NY -> C:\WINDOWS\System32\?? -> C:\WINDOWS\System32\牀৻
NY -> C:\WINDOWS\System32\?? -> C:\WINDOWS\System32\牀৻
[Alternate Data Streams]
NY -> @Alternate Data Stream - 1112 bytes -> C:\Program Files\Outlook Express:ulWDavAVTMCQIdnfN5KZl
NY -> @Alternate Data Stream - 1141 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kUkCCNsrOMXG0rQV3FjXIIKWR
NY -> @Alternate Data Stream - 1265 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:j0EFqEFNERj4Z2HOHVjE49d84W
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

System 2

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Extensions [User Folders] > ->
YY -> Zynga Toolbar -> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

System 3

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Driver Services - Safe List]
YY -> (浍湉ဈﾷ￠联�ﾶ�ﾶ.sys) 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys [WARNING: C:\WINDOWS\System32\drivers\drivers\??????????.sys.sys]
YY -> (DEV੠敄欘dd䇨) DEV੠敄欘dd䇨 [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\DEV੠敄欘dd䇨.sys [WARNING: C:\WINDOWS\System32\drivers\DEV?????dd??.sys]
YY -> (3858872) 3858872 [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\3858872.sys
YY -> ({29BBE205-9939-4D4C-A0AC-B7E351EC50B9}) {29BBE205-9939-4D4C-A0AC-B7E351EC50B9} [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\Machine\System\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys
YY -> (B쐣〒굆ꄌ) B쐣〒굆ꄌ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B쐣〒굆ꄌ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys]
YY -> (浍湉ဈﾷ￠联�ﾶ�ﾶ) 浍湉ဈﾷ￠联�ﾶ�ﾶ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??????????.sys]
YY -> (NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}) NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9} [Kernel | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys
YY -> (B�竓瞥) B�竓瞥 [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys]
YY -> (TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}) TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E} [Kernel | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > ->
YN -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: "ProxyServer" -> http=127.0.0.1:6092
[Files - No Company Name]
NY -> .sys -> C:\WINDOWS\System32\drivers\.sys
NY -> RdCi1009.dll -> C:\WINDOWS\System32\RdCi1009.dll
NY -> NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys -> C:\WINDOWS\System32\drivers\NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys
NY -> TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys -> C:\WINDOWS\System32\drivers\TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys
[Files/Folders - Unicode - All]
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys
NY -> C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys
NY -> C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B쐣〒굆ꄌ.sys
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B쐣〒굆ꄌ.sys
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Once the OTS fixes are run then on each system delete the current copy of combofix and download a fresh one

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#11
gravitysrainbow

Posted 12 November 2010 - 03:38 PM

Member

Topic Starter
Member
37 posts

After running the OTS fix on System 1 it asked me to reboot to remove files. When I rebooted, no text file was generated. Do I run it again? Or is the file saved somewhere on my computer?

#12
Essexboy

Posted 12 November 2010 - 03:39 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem if needed we will get it later

#13
gravitysrainbow

Posted 12 November 2010 - 05:12 PM

Member

Topic Starter
Member
37 posts

Here's SYSTEM1's ComboFix log:
ComboFix 10-11-12.01 - Derrick Stuart 11/12/2010 17:36:39.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.83 [GMT -5:00]
Running from: c:\documents and settings\Derrick Stuart\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-12 22:35 . 2010-11-12 22:35 3616 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-12 21:23 . 2010-11-12 21:23 -------- d-----w- C:\_OTS
2010-11-03 06:43 . 2010-11-03 06:53 -------- d-----w- c:\program files\Free Window Registry Repair
2010-11-02 02:11 . 2010-11-02 02:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-11-02 02:08 . 2010-11-02 02:08 -------- d-sh--w- c:\documents and settings\Visitor\IECompatCache
2010-11-02 02:07 . 2010-11-02 02:07 -------- d-sh--w- c:\documents and settings\Visitor\PrivacIE
2010-11-02 02:07 . 2010-11-02 02:07 -------- d-sh--w- c:\documents and settings\Visitor\IETldCache
2010-10-31 04:57 . 2010-10-31 04:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-31 04:11 . 2010-10-31 04:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-10-31 03:43 . 2010-10-31 03:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-10-31 03:27 . 2010-06-17 18:49 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-10-31 03:27 . 2010-06-17 18:49 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-10-31 03:27 . 2010-06-17 18:49 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-10-31 03:25 . 2010-10-31 03:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-31 03:20 . 2010-10-31 03:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}
2010-10-31 03:19 . 2010-11-09 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-10-31 03:19 . 2010-10-31 03:19 -------- d-----w- c:\documents and settings\Derrick Stuart\Local Settings\Application Data\PackageAware
2010-10-30 07:25 . 2010-11-02 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-10-21 03:24 . 2010-10-21 04:09 -------- d-----w- c:\documents and settings\Derrick Stuart\Local Settings\Application Data\AIM
2010-10-21 03:24 . 2010-10-21 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-10-21 03:24 . 2010-10-21 03:24 -------- d-----w- c:\program files\AIM
2010-10-21 03:24 . 2010-10-21 03:24 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\Visitor\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-3-17 106496]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 04:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Derrick Stuart^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Derrick Stuart^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-06-27 04:50 1948440 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-05-04 06:40 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-23 04:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-05 18:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-05 18:22 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-03-05 07:40 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-05-04 06:38 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 20:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
2005-12-07 21:05 1537696 ----a-w- c:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 18:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-10 10:10 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebrootTrayApp]
2010-10-01 15:05 1286960 ----a-w- c:\program files\Webroot\Security\Current\Framework\WRTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"WRConsumerService"=2 (0x2)
"winmgmt"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5018:TCP"= 5018:TCP:Services
"3259:TCP"= 3259:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4176:TCP"= 4176:TCP:Services
"6852:TCP"= 6852:TCP:Services
"2138:TCP"= 2138:TCP:Services
"1819:TCP"= 1819:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2009 4:37 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009 4:37 PM 108552]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [4/26/2007 12:21 AM 99248]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [10/30/2010 10:27 PM 45072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 10:00 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [3/8/2009 11:55 AM 33792]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [1/13/2009 2:56 PM 79649]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/24/2009 4:36 PM 907032]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/24/2009 4:36 PM 298776]
S4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [10/1/2010 10:01 AM 3066528]
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-12 18:06:21
ComboFix-quarantined-files.txt 2010-11-12 23:06
ComboFix2.txt 2010-11-02 06:42

Pre-Run: 5,121,822,720 bytes free
Post-Run: 5,089,628,160 bytes free

- - End Of File - - FFE6B3E59184772E0CAD3F7AD3BBBAF6

(edit: I was able to locate the OTS file after all)

OTS report for SYSTEM1:
All Processes Killed
[Registry - Safe List]
Registry key HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry key HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry value HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\System32\7203A6761B.sys moved successfully.
[Files - No Company Name]
C:\WINDOWS\System32\1B76A60372.sys moved successfully.
[Files/Folders - Unicode - All]
C:\WINDOWS\System32\牀৻\Program Files\Musicmatch\Musicmatch Jukebox folder moved successfully.
C:\WINDOWS\System32\牀৻\Program Files\Musicmatch folder moved successfully.
C:\WINDOWS\System32\牀৻\Program Files folder moved successfully.
C:\WINDOWS\System32\牀৻ folder moved successfully.
File C:\WINDOWS\System32\牀৻ not found!
[Alternate Data Streams]
ADS C:\Program Files\Outlook Express:ulWDavAVTMCQIdnfN5KZl deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:kUkCCNsrOMXG0rQV3FjXIIKWR deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:j0EFqEFNERj4Z2HOHVjE49d84W deleted successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 331294 bytes
->FireFox cache emptied: 10513572 bytes
->Flash cache emptied: 5715 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Derrick Stuart
->Temp folder emptied: 7243752 bytes
->Temporary Internet Files folder emptied: 8170400 bytes
->Java cache emptied: 42455705 bytes
->FireFox cache emptied: 40882230 bytes
->Flash cache emptied: 538885 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 33759968 bytes
->Flash cache emptied: 683 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 554289 bytes
->Flash cache emptied: 300 bytes

User: Owner

User: Visitor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297807 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30748189 bytes
->Flash cache emptied: 1178396 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6193 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 425091 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59084 bytes
RecycleBin emptied: 575488 bytes

Total Files Cleaned = 170.00 mb

[EMPTYFLASH]

Edited by gravitysrainbow, 12 November 2010 - 06:21 PM.

#14
gravitysrainbow

Posted 12 November 2010 - 05:18 PM

Member

Topic Starter
Member
37 posts

Here's SYSTEM3's OTS log
(I am having trouble with ComboFix, it keeps telling me AdAware and Webroot Anti-virus are active even though I have disabled both through task manager and msconfig system utility. Is it safe to run anyway? or is there another method to fully disable them?)

All Processes Killed
[Driver Services - Safe List]
Error: No service named 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys was found to stop!
Service\Driver key 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found.
File C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys not found.
Service DEV੠敄欘dd䇨 stopped successfully!
Service DEV੠敄欘dd䇨 deleted successfully!
File C:\WINDOWS\System32\drivers\DEV੠敄欘dd䇨.sys not found.
Service 3858872 stopped successfully!
Service 3858872 deleted successfully!
File C:\WINDOWS\System32\drivers\3858872.sys not found.
Service {29BBE205-9939-4D4C-A0AC-B7E351EC50B9} stopped successfully!
Service {29BBE205-9939-4D4C-A0AC-B7E351EC50B9} deleted successfully!
File C:\WINDOWS\System32\drivers\Machine\System\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys not found.
Service B쐣〒굆ꄌ stopped successfully!
Service B쐣〒굆ꄌ deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\B쐣〒굆ꄌ.sys moved successfully.
Error: No service named 浍湉ဈﾷ￠联�ﾶ�ﾶ was found to stop!
Service\Driver key 浍湉ဈﾷ￠联�ﾶ�ﾶ not found.
File C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found.
Service NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9} stopped successfully!
Service NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9} deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys moved successfully.
Error: No service named B�竓瞥 was found to stop!
Service\Driver key B�竓瞥 not found.
File C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys not found.
Service TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E} stopped successfully!
Service TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E} deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys moved successfully.
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
[Files - No Company Name]
C:\WINDOWS\System32\drivers\.sys moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\RdCi1009.dll
C:\WINDOWS\System32\RdCi1009.dll moved successfully.
File C:\WINDOWS\System32\drivers\NetBT_Tcpip_{29BBE205-9939-4D4C-A0AC-B7E351EC50B9}.sys not found!
File C:\WINDOWS\System32\drivers\TCPIP_{3B503F43-8A81-4E67-997C-6AF7592E531E}.sys not found!
[Files/Folders - Unicode - All]
File C:\WINDOWS\System32\drivers\B�竓瞥.sys not found!
File C:\WINDOWS\System32\drivers\B�竓瞥.sys not found!
File C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found!
File C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found!
File C:\WINDOWS\System32\drivers\B쐣〒굆ꄌ.sys not found!
File C:\WINDOWS\System32\drivers\B쐣〒굆ꄌ.sys not found!
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3223330 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->FireFox cache emptied: 52623468 bytes
->Flash cache emptied: 3312 bytes

User: IRENE STUART
->Temp folder emptied: 324387 bytes
->Temporary Internet Files folder emptied: 112956576 bytes
->FireFox cache emptied: 95294460 bytes
->Flash cache emptied: 99243 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 368796 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 253.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: IRENE STUART
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 11122010_173431

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15
gravitysrainbow

Posted 12 November 2010 - 06:12 PM

Member

Topic Starter
Member
37 posts

Here's the OTS log for SYSTEM2:
(I also can't run ComboFix on this machine because it claims that WebRoot Anti-virus is still enabled)

All Processes Killed
[Registry - Safe List]
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib folder moved successfully.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 9312 bytes
->FireFox cache emptied: 84362161 bytes
->Flash cache emptied: 11061 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lori
->Temp folder emptied: 13091390 bytes
->Temporary Internet Files folder emptied: 25997810 bytes
->Java cache emptied: 38578 bytes
->FireFox cache emptied: 48067506 bytes
->Flash cache emptied: 5483931 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 104465 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 171.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Lori
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 11122010_185207

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...