Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

$RF4A7X0.exe; nircmd.exe

Started by not quite silver , Nov 20 2010 12:59 PM

  • Please log in to reply

#1
not quite silver
Posted 20 November 2010 - 12:59 PM

not quite silver

    New Member

  • Member
  • Pip
  • 1 posts
There are two issues that I believe are connected, but I don't want to off topic.
I have tried self-help methods in the past, but may have complicated the problem through

inexperience. So please accept my apologies in advance. I really would appreciate expert help with

this.
One problem is to do with this computer, the other is to do with a website (hacked pages) that I

uploaded from this same computer. Should the topic be posted in another forum? Which one? Thank

you.

The problem with the computer:
For several weeks computer has been extremely slow (given that upgrading is overdue).

-Computer may stop responding for several minutes, while the CPU light remains on or flashes

constantly
-Shutdown problems requiring to do a manual shutdown
-Numerous "Access denied" errors. I have noticed the above on my USB-connected IDE drive (I also

installed Win 7 on that drive)
-Strange accounts with special permissions prevent me from changing file permissions
-Remote access permission granted even after I turned it off
-I live in France. Noticing visited English-language web pages contain same French advertising
-When keying data into Google, there is a pause of several seconds, then the whole word is entered.
-Have attempted detection and removal with a number of applications
-Tried to increase computer efficiency by reducing number of services. Think may have done the

opposite =(
-Removed nircmd.exe using Dr Web emergency. The software referred to the file as a hacking tool.
Quarantine: $RF4A7X0.exe C:\$Recycle.Bin\S-1-5-21-790211224-2482178424-1190658614-1003\

$RF4A7X0.exe
$RF4A7X1.exe C:\Documents and Settings\BARRY\DoctorWeb\Quarantine\

$RF4A7X0.exe
. Don't know if these are gone yet or not
-Since the above, Firefox v.3.6.12 is now reporting attempted redirections instead of just going to the

site.
-Avira Premium is shut down- won't start or starts then shuts down. considering replacing with Dr

Web, which appears to get results.
-MalwareBytes detects nothing
-SAS did remove a browser hijack
-Registry reads "HKEY_CURRENT_USER\HKEY_CURRENT_USER" (Not sure if it is supposed to be

like this.)
-Replaced ZA (free) with Comodo (free). Find it hard to configure. ZA seemed ineffectual.

This is as much as I can recall regarding the computer problems. I await further instructions.

Below is the OTL log. Please note- I have changed one folder name and two website image filenames that are to do with my job. These are in bold text:
OTL logfile created on: 20/11/2010 6:06:32 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\BARRY\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

448.00 Mb Total Physical Memory | 31.00 Mb Available Physical Memory | 7.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 36.22 Gb Free Space | 64.92% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 31.85 Mb Free Space | 31.85% Space Free | Partition Type: NTFS
Drive G: | 148.95 Gb Total Space | 123.32 Gb Free Space | 82.80% Space Free | Partition Type: NTFS

Computer Name: HD2-PC | User Name: BARRY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/20 18:05:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BARRY\Downloads\OTL.exe
PRC - [2010/11/15 16:28:44 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/15 16:28:11 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/11/15 16:28:09 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/15 16:28:03 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/11/15 16:28:01 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/15 16:28:00 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/28 12:08:33 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 12:08:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/10 22:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/10 22:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/12/11 23:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/11/20 18:05:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BARRY\Downloads\OTL.exe
MOD - [2010/09/10 22:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Users\BARRY\AppData\Local\Temp\DHFYSUD.exe -- (DHFYSUD)
SRV - [2010/11/15 16:28:44 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/15 16:28:11 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/11/15 16:28:03 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/11/15 16:28:01 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/11 22:42:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 22:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/09/05 23:05:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/11 23:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009/07/14 02:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2003/05/23 05:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\367E.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BARRY\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010/11/15 16:29:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/15 16:29:10 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/10/13 19:50:39 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/09/10 22:40:42 | 000,078,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/09/10 22:40:40 | 000,236,088 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 22:40:40 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/06 16:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 23:52:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\25967892.sys -- (25967892)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\25967891.sys -- (25967891)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/12/01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/10/09 06:44:58 | 000,192,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/10/24 05:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\meiudf.sys -- (meiudf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 12:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 12:08:35 | 000,000,000 | ---D | M]

[2010/09/07 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\Mozilla\Extensions
[2010/10/21 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\Mozilla\Firefox\Profiles\um6demc3.default\extensions
[2010/09/30 20:54:05 | 000,002,395 | ---- | M] () -- C:\Users\BARRY\AppData\Roaming\Mozilla\Firefox\Profiles\um6demc3.default\searchplugins\askcom.xml
[2010/10/07 23:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/06 12:59:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:58:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/10 13:17:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/10 13:17:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/10 13:17:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/10 13:17:36 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c116a755-c022-11df-8044-0040d0a0a8de}\Shell - "" = AutoRun
O33 - MountPoints2\{c116a755-c022-11df-8044-0040d0a0a8de}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 03:29:38 | 000,000,000 | ---D | C] -- C:\Users\BARRY\AppData\Local\Little_Apps_(http___www.l
[2010/11/18 03:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Little Registry Cleaner
[2010/11/18 03:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Little Registry Cleaner
[2010/11/18 01:49:59 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\partytiem
[2010/11/17 22:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/15 16:49:52 | 000,000,000 | ---D | C] -- C:\Users\BARRY\AppData\Roaming\Avira
[2010/11/15 16:46:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/15 16:46:37 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/15 16:46:37 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/15 13:33:57 | 000,000,000 | ---D | C] -- C:\Users\BARRY\DoctorWeb
[2010/11/14 05:30:05 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\Bookmarks FF
[2010/11/12 03:42:31 | 000,000,000 | ---D | C] -- C:\Users\BARRY\New folder
[2010/11/12 03:42:19 | 000,000,000 | ---D | C] -- C:\Users\BARRY\test
[2010/11/12 01:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/11/12 01:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/11/11 04:28:07 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\spectrum 18
[2010/11/11 02:28:07 | 000,000,000 | ---D | C] -- C:\Users\BARRY\NetHood\Documents\theregybak
[2010/11/10 10:03:31 | 000,000,000 | ---D | C] -- C:\a768a52e5f3743de8e2f31c8ebdd9b47
[2010/11/10 09:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/11/10 09:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/11/10 09:20:44 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2010/11/09 11:38:34 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2010/11/05 21:02:37 | 000,155,648 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\RAMASST.exe
[2010/11/05 21:02:37 | 000,135,168 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\DVDMenu.dll
[2010/11/05 21:02:37 | 000,106,496 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Windows\System32\DVDRAMSV.exe
[2010/11/05 21:02:37 | 000,090,416 | ---- | C] (Matsushita Electric Industrial Co.,Ltd.) -- C:\Windows\System32\drivers\meiudf.sys
[2010/11/05 21:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/05 21:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic DVD-RAM
[2010/11/05 21:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/05 20:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2010/11/05 20:02:31 | 000,000,000 | ---D | C] -- C:\Users\BARRY\NetHood\Documents\My Drivers
[2010/11/05 20:02:31 | 000,000,000 | ---D | C] -- C:\Users\BARRY\AppData\Local\Innovative Solutions
[2010/11/05 14:51:38 | 000,000,000 | ---D | C] -- C:\regy bak2
[2010/11/05 14:28:23 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\regy bak2
[2010/11/05 13:22:32 | 000,000,000 | ---D | C] -- C:\Windows\9EFA732347A048E28F7735DB5EED500A.TMP
[2010/11/03 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\[I have removed folder name for privacy] upload
[2010/11/03 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\BARRY\AppData\Roaming\Inkscape
[2010/11/02 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\BARRY\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2010/11/01 11:24:26 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\regy bak
[2010/11/01 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\BARRY\NetHood\Documents\diskdigger
[2010/11/01 10:39:36 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\france vac 09
[2010/10/28 23:33:38 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\Website text final fr
[2010/10/27 00:21:05 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\[I have removed folder name for privacy]- ARTWORK TO DVD
[2010/10/26 16:38:19 | 000,000,000 | ---D | C] -- C:\Users\BARRY\Desktop\w3 sound and vision
[2010/10/25 01:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/25 00:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/23 01:18:48 | 000,000,000 | ---D | C] -- C:\c28677c74635808f35f265
[2010/10/21 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\BARRY\dwhelper
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/20 18:05:32 | 000,597,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/20 18:05:32 | 000,104,776 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/20 16:06:52 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 16:06:51 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 15:56:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/20 15:56:16 | 351,969,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/20 15:52:48 | 108,772,666 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/18 18:45:53 | 000,000,707 | ---- | M] () -- C:\Users\BARRY\Desktop\d2mexcs8.exe - Shortcut.lnk
[2010/11/18 03:27:18 | 000,002,071 | ---- | M] () -- C:\Users\BARRY\Desktop\Little Registry Cleaner.lnk
[2010/11/15 17:20:28 | 000,007,219 | ---- | M] () -- C:\Users\BARRY\Desktop\test.html
[2010/11/15 16:48:21 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/15 16:29:10 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/15 16:29:10 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/15 16:29:09 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/15 11:52:02 | 061,857,090 | ---- | M] () -- C:\Windows\System32\HVCXDEWA
[2010/11/14 03:23:41 | 000,000,266 | ---- | M] () -- C:\Windows\System32\Document.rtf
[2010/11/13 04:51:34 | 000,000,108 | ---- | M] () -- C:\index.ini
[2010/11/13 03:48:39 | 000,001,690 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/11/12 03:21:28 | 000,000,000 | ---- | M] () -- C:\Users\BARRY\fport
[2010/11/12 01:41:28 | 000,020,475 | ---- | M] () -- C:\Windows\hpoins01.dat
[2010/11/12 01:36:20 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2010/11/12 01:36:20 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk
[2010/11/11 02:45:33 | 000,014,491 | ---- | M] () -- C:\Users\BARRY\Desktop\index.html
[2010/11/10 09:25:46 | 000,001,407 | ---- | M] () -- C:\Users\BARRY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/08 09:38:38 | 000,007,666 | ---- | M] () -- C:\Users\BARRY\AppData\Local\resmon.resmoncfg
[2010/11/05 15:30:57 | 000,000,132 | ---- | M] () -- C:\Users\BARRY\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/03 11:36:43 | 000,000,218 | ---- | M] () -- C:\Users\BARRY\.recently-used.xbel
[2010/11/03 07:55:28 | 003,741,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/28 02:58:29 | 000,039,949 | ---- | M] () -- C:\Users\BARRY\Desktop\[I have removed a website image filename for privacy].jpg
[2010/10/26 21:15:19 | 000,001,680 | ---- | M] () -- C:\Users\BARRY\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/25 20:23:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/25 01:11:35 | 000,000,470 | ---- | M] () -- C:\Users\BARRY\Local Disk © - Shortcut.lnk
[2010/10/23 01:33:03 | 000,109,480 | ---- | M] () -- C:\Users\BARRY\Desktop\access denied errors.odg
[2010/10/22 23:41:52 | 000,000,000 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 15:52:48 | 108,772,666 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/18 18:45:53 | 000,000,707 | ---- | C] () -- C:\Users\BARRY\Desktop\d2mexcs8.exe - Shortcut.lnk
[2010/11/18 03:27:18 | 000,002,071 | ---- | C] () -- C:\Users\BARRY\Desktop\Little Registry Cleaner.lnk
[2010/11/15 17:20:28 | 000,007,219 | ---- | C] () -- C:\Users\BARRY\Desktop\test.html
[2010/11/15 16:48:21 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/11/15 11:40:29 | 061,857,090 | ---- | C] () -- C:\Windows\System32\HVCXDEWA
[2010/11/14 04:03:03 | 000,000,266 | ---- | C] () -- C:\Windows\System32\Document.rtf
[2010/11/13 04:51:34 | 000,000,108 | ---- | C] () -- C:\index.ini
[2010/11/12 03:19:01 | 000,000,000 | ---- | C] () -- C:\Users\BARRY\fport
[2010/11/12 01:36:20 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2010/11/12 01:36:20 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk
[2010/11/12 01:34:17 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2010/11/12 00:40:05 | 000,000,291 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/11 02:45:32 | 000,014,491 | ---- | C] () -- C:\Users\BARRY\Desktop\index.html
[2010/11/10 09:25:46 | 000,001,407 | ---- | C] () -- C:\Users\BARRY\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 11:36:43 | 000,000,218 | ---- | C] () -- C:\Users\BARRY\.recently-used.xbel
[2010/10/28 02:58:15 | 000,039,949 | ---- | C] () -- C:\Users\BARRY\Desktop\[I have removed a website image filename for privacy].jpg
[2010/10/25 10:05:42 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/25 01:11:35 | 000,000,470 | ---- | C] () -- C:\Users\BARRY\Local Disk © - Shortcut.lnk
[2010/10/23 01:33:00 | 000,109,480 | ---- | C] () -- C:\Users\BARRY\Desktop\access denied errors.odg
[2010/10/22 23:41:52 | 000,000,000 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/11 00:54:24 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/05 02:53:58 | 000,007,666 | ---- | C] () -- C:\Users\BARRY\AppData\Local\resmon.resmoncfg
[2010/09/24 14:00:34 | 000,000,132 | ---- | C] () -- C:\Users\BARRY\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/21 12:20:55 | 000,000,132 | ---- | C] () -- C:\Users\BARRY\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/21 01:03:09 | 000,001,680 | ---- | C] () -- C:\Users\BARRY\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/14 00:10:58 | 000,000,036 | ---- | C] () -- C:\Users\BARRY\AppData\Local\housecall.guid.cache
[2010/09/08 22:01:19 | 000,000,132 | ---- | C] () -- C:\Users\BARRY\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010/09/08 17:14:58 | 000,000,132 | ---- | C] () -- C:\Users\BARRY\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 19:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/03/09 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/09/08 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/07 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\CheckPoint
[2010/11/02 19:00:35 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2010/11/19 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\FileZilla
[2010/11/03 11:32:38 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\gtk-2.0
[2010/11/03 10:43:31 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\Inkscape
[2010/09/14 00:24:32 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\IObit
[2010/10/07 22:30:46 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\nCleaner
[2010/09/21 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\OpenOffice.org
[2010/09/19 23:49:28 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\Serif
[2010/09/13 22:57:55 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\SharpPlus
[2010/09/23 01:00:55 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/06 00:05:16 | 000,000,000 | ---D | M] -- C:\Users\BARRY\AppData\Roaming\Trellian
[2010/10/25 20:23:04 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/19 17:44:57 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Thank you in advance for your time and assistance.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP