Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cant run or update any antivirus

Started by r1sk , Jan 23 2011 02:58 PM

  • This topic is locked This topic is locked

#1
r1sk
Posted 23 January 2011 - 02:58 PM

r1sk

    Member

  • Member
  • PipPip
  • 12 posts
I cannot start or update or install any anti virus programs. i did manage to get Superantispyware running but i cant update it and the scans haven't helped out at all. When i log onto my profile it stays at just a picture of my background for a couple of seconds, when it finnally loads the task bar doesn't show any programs that are running (so when i start Firefox the task-bar stays blank). Thanks in advance for any help.
edit: also my sound as been disabled
here is my OTL log


OTL logfile created on: 23/01/2011 12:45:49 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\Kalin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 19.20 Gb Free Space | 12.88% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 36.00 Gb Free Space | 96.59% Space Free | Partition Type: FAT32

Computer Name: BRIAN-BZ61G3SF5 | User Name: Kalin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/23 12:44:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalin\My Documents\Downloads\OTL.exe
PRC - [2011/01/23 12:31:51 | 000,901,352 | ---- | M] (Systweak Inc) -- C:\Documents and Settings\Kalin\My Documents\Downloads\aso3setup(2).exe
PRC - [2011/01/13 07:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/11 18:27:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 18:27:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/12 13:18:41 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/19 16:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2009/06/05 12:05:30 | 001,615,232 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
PRC - [2009/02/12 17:28:24 | 001,687,552 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
PRC - [2009/02/12 09:57:14 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/11/11 14:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2008/11/11 14:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2008/11/11 14:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/10/23 08:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/01/19 10:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/12/12 14:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/10/27 23:09:00 | 000,053,248 | ---- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2003/04/01 10:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (SafeList) ==========

MOD - [2011/01/23 12:44:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalin\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/19 16:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/02/12 09:57:14 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/11/11 14:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/11/11 14:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2008/11/11 14:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 19:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/10/23 08:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (SASKUTIL)
DRV - File not found [Kernel | Unknown | Running] -- -- (SASDIFSV)
DRV - File not found [File_System | Disabled | Running] -- -- (pctEFA)
DRV - File not found [Kernel | Disabled | Running] -- -- (pctDS)
DRV - [2011/01/15 11:50:08 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/09 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110121.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/09 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110121.019\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/30 21:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 20:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/22 20:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 20:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 18:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/10 17:46:29 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110120.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/20 18:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/05/30 12:05:37 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/30 12:05:37 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/03 21:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/30 14:00:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009/12/05 19:36:28 | 000,592,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dwarusb.sys -- (arusb(Atheros))
DRV - [2009/11/03 16:47:20 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/09/03 10:37:04 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/03/27 15:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/05 03:09:14 | 000,450,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192u.sys -- (RTL8192u)
DRV - [2009/02/09 17:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/20 09:11:57 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/20 09:11:57 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/20 09:11:51 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/20 09:11:46 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/07/15 13:18:59 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/07 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 08:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/25 08:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/10/18 09:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 09:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 09:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/09/15 09:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/04 15:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/05 04:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2004/10/27 23:09:00 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/01/25 13:50:14 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/01/25 13:47:02 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/11/18 14:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/08/26 16:29:42 | 000,023,387 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)
DRV - [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/10/02 06:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/09/20 08:58:48 | 000,153,824 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVvid2.sys -- (nuvvid2)
DRV - [2001/09/20 08:58:48 | 000,153,824 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVvid2.sys -- (NUVision)
DRV - [2001/09/20 08:47:38 | 000,025,184 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 6D 58 32 6B 8E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2260173&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/15 11:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/15 11:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/19 22:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/15 11:30:40 | 000,000,000 | ---D | M]

[2010/03/02 22:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Extensions
[2010/01/05 21:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\extensions
[2010/01/05 21:05:39 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/01/22 18:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions
[2010/04/26 17:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/19 11:35:46 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/08/09 17:05:53 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/08/05 20:34:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\searchplugins\conduit.xml
[2011/01/19 17:28:18 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\searchplugins\swagbuckscom.xml
[2011/01/22 18:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/30 12:54:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 19:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 20:33:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 11:48:27 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011/01/15 11:58:14 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2009/03/22 14:45:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll

O1 HOSTS File: ([2008/08/16 12:01:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe (Systweak Inc., (www.systweak.com))
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe (Philips)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative....101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1216098713903 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://blueheronproj...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/12 14:00:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4e81bf00-8d20-11df-85e5-1caff7117611}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{4e81bf00-8d20-11df-85e5-1caff7117611}\Shell\verb\command - "" = F:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/23 11:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Start Menu\Programs\SUPERAntiSpyware
[2011/01/23 11:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/23 10:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/01/23 10:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/01/23 10:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/22 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Application Data\SUPERAntiSpyware.com
[2011/01/22 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/22 11:07:31 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/01/22 11:07:31 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/01/22 11:07:03 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/01/22 10:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/21 18:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Application Data\.minecraft
[2011/01/17 22:04:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kalin\Desktop\shoes essay
[2011/01/15 11:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\Symantec
[2010/12/28 16:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\Amnesia
[2010/12/28 00:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Start Menu\Programs\Raptr
[2010/12/26 20:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\Super Laser Racer
[2010/12/26 19:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\2K Play
[2010/12/26 18:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\Osmos
[2010/12/26 18:58:25 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/12/26 18:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2006/07/11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/23 11:16:48 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 10:54:25 | 000,649,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/23 10:52:23 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\sdsetup.exe
[2011/01/23 10:51:01 | 000,002,115 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/01/23 10:26:46 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{F25C8AC6-CB04-4620-982E-0937B0DE4A97}
[2011/01/23 10:26:31 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F25C8AC6-CB04-4620-982E-0937B0DE4A97}
[2011/01/23 10:26:25 | 000,274,372 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/01/23 10:26:22 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/01/23 10:03:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/23 10:03:56 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/22 09:53:20 | 000,048,418 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\cc_20110122_095316.reg
[2011/01/22 09:48:17 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\ANICONFIG_{F25C8AC6-CB04-4620-982E-0937B0DE4A97}.ini
[2011/01/21 23:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7E60004C-CF9C-40F3-B2CB-FB79394A5166}.job
[2011/01/21 23:05:53 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\Kalin\Application Data\Kalinlog.dat
[2011/01/21 23:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/21 22:50:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/21 22:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 20:10:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/21 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/21 18:32:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/20 21:50:25 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\Darkness.doc
[2011/01/20 21:31:53 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\letteressay2.doc
[2011/01/20 21:09:45 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\Violence Response.doc
[2011/01/20 20:03:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/20 19:48:23 | 002,563,276 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\blu-GNGBNG-MeMix.mp3
[2011/01/20 19:38:27 | 005,535,050 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\nas - purple (the quiett blend).mp3
[2011/01/18 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2011/01/16 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/01/15 17:04:41 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\letteressay2.doc
[2011/01/15 16:42:47 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Nuclear Weapons Today.doc
[2011/01/15 14:32:01 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Kalin.job
[2011/01/15 11:53:03 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/01/15 11:51:52 | 000,649,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/15 11:50:08 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/15 11:50:08 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/15 11:50:08 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/15 11:50:08 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/15 11:30:42 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/01/15 11:29:02 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/12 16:08:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/09 19:50:21 | 006,093,605 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Your [bleep]ing Song.mp3
[2011/01/05 17:14:59 | 006,259,079 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Pac Div-Let Loose.mp3
[2011/01/04 20:19:08 | 002,647,663 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Avalanche-_-Victory-Lap.mp3
[2011/01/02 18:26:23 | 010,050,275 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Arby Wan Kenobi - Machine Drum - Jelly Ear feat. DOOM (Mash-Up).mp3
[2011/01/02 12:06:46 | 004,074,660 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\08 Nothing You Can't Do.mp3
[2011/01/02 12:06:46 | 004,051,255 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\01 Don'tcha Wanna Be (my neigh.mp3
[2011/01/02 12:06:46 | 003,935,898 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\06 COMIN' & GOIN' f. rhymefest.mp3
[2011/01/02 12:06:46 | 003,253,789 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\02 Gotta Get Up.mp3
[2011/01/02 12:06:46 | 003,239,996 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\05 In My Mind.mp3
[2011/01/02 12:06:46 | 003,019,313 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\04 Break Bread.mp3
[2011/01/02 12:06:46 | 002,336,368 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\03 Enforce The Law.mp3
[2010/12/26 21:11:53 | 000,059,650 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\bapesponge.JPG
[2010/12/26 21:08:15 | 000,356,281 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\bape_x_spongebob_by_last_emp.jpg
[2010/12/26 18:58:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/23 11:16:48 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 10:54:01 | 000,649,676 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/23 10:52:28 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\sdsetup.exe
[2011/01/23 10:44:54 | 000,002,115 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/01/22 10:32:18 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Kalin\exehelperlog.txt
[2011/01/22 09:53:18 | 000,048,418 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\cc_20110122_095316.reg
[2011/01/20 21:50:25 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\Darkness.doc
[2011/01/20 21:31:53 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\letteressay2.doc
[2011/01/20 21:09:45 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\Violence Response.doc
[2011/01/20 19:48:16 | 002,563,276 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\blu-GNGBNG-MeMix.mp3
[2011/01/20 19:38:05 | 005,535,050 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\nas - purple (the quiett blend).mp3
[2011/01/15 17:04:40 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\letteressay2.doc
[2011/01/15 11:52:59 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/01/15 11:26:49 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/15 11:26:49 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/01/14 00:53:09 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Nuclear Weapons Today.doc
[2011/01/13 21:49:46 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/09 19:50:02 | 006,093,605 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Your [bleep]ing Song.mp3
[2011/01/05 17:14:34 | 006,259,079 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Pac Div-Let Loose.mp3
[2011/01/04 20:18:48 | 002,647,663 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Avalanche-_-Victory-Lap.mp3
[2011/01/04 17:13:33 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 17:08:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/02 18:25:48 | 010,050,275 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Arby Wan Kenobi - Machine Drum - Jelly Ear feat. DOOM (Mash-Up).mp3
[2011/01/02 12:06:46 | 004,074,660 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\08 Nothing You Can't Do.mp3
[2011/01/02 12:06:46 | 004,051,255 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\01 Don'tcha Wanna Be (my neigh.mp3
[2011/01/02 12:06:46 | 003,935,898 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\06 COMIN' & GOIN' f. rhymefest.mp3
[2011/01/02 12:06:46 | 003,253,789 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\02 Gotta Get Up.mp3
[2011/01/02 12:06:46 | 003,239,996 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\05 In My Mind.mp3
[2011/01/02 12:06:46 | 003,019,313 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\04 Break Bread.mp3
[2011/01/02 12:06:46 | 002,336,368 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\03 Enforce The Law.mp3
[2010/12/26 21:11:53 | 000,059,650 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\bapesponge.JPG
[2010/12/26 21:08:10 | 000,356,281 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\bape_x_spongebob_by_last_emp.jpg
[2010/12/19 01:15:07 | 000,258,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1085031214-682003330-1012-0.dat
[2010/12/19 01:15:05 | 000,194,646 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/29 19:01:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/09/12 17:56:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\fusioncache.dat
[2010/09/06 15:38:34 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\ANICONFIG_{F25C8AC6-CB04-4620-982E-0937B0DE4A97}.ini
[2010/05/30 11:28:41 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010/05/30 11:28:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2010/05/30 11:28:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/05/30 11:28:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2010/05/30 11:28:41 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2010/05/30 11:28:20 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2010/05/30 11:28:20 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2010/05/30 11:28:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010/05/30 11:28:03 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2010/05/17 18:10:05 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\ANICONFIG_{BCFD69E0-FF12-4C4C-A3B8-BCBB8B2A3B7C}.ini
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/01/25 19:16:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 22:05:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\PUTTY.RND
[2010/01/20 22:03:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\winscp.rnd
[2010/01/07 17:28:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/13 12:49:32 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/10/12 16:52:40 | 000,020,941 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2009/10/12 16:52:40 | 000,000,740 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2009/10/12 16:52:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/10/12 16:52:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/09/23 13:20:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/09/21 14:44:04 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2009/09/14 07:48:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\picload.INI
[2009/07/09 17:44:59 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2009/07/09 17:44:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2009/07/07 09:14:07 | 000,000,175 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/13 22:56:51 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009/01/13 16:27:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/01 16:15:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/30 11:10:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\rtpmsi32.dll
[2008/11/27 08:59:10 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A8B3F0B13E.sys
[2008/11/06 15:49:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/06 15:26:32 | 000,003,870 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/06 15:23:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2008/11/06 15:07:11 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/11/04 15:06:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\CmdSlideshow.INI
[2008/10/28 20:22:49 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2008/09/17 22:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/08 14:23:17 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008/07/29 18:08:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\40964FEA11.sys
[2008/07/29 14:43:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2008/07/29 14:29:09 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\R49LW
[2008/07/29 14:27:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Smdd32.dll
[2008/07/29 14:27:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Smcb32.dll
[2008/07/29 14:27:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Smb832.dll
[2008/07/29 14:27:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Smc732.dll
[2008/07/29 14:27:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\smCA32.dll
[2008/07/29 14:27:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Smbd32.dll
[2008/07/29 14:27:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\smB332.dll
[2008/07/29 14:27:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Smb432.dll
[2008/07/29 14:27:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\Smb032.dll
[2008/07/29 14:27:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sma332.dll
[2008/07/29 14:27:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sm9e32.dll
[2008/07/29 14:27:51 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\Raven32.dll
[2008/07/29 14:27:51 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\Sm9132.dll
[2008/07/29 14:27:51 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\Smb632.dll
[2008/07/29 14:27:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\Dspimg32.dll
[2008/07/29 14:27:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MS32RES.DLL
[2008/07/29 14:27:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Aspi32.dll
[2008/07/29 14:27:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\mice.ini
[2008/07/29 14:27:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\MiiDSR.dll
[2008/07/29 14:27:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Mphase32.dll
[2008/07/29 14:27:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\MSCANDC.INI
[2008/07/29 14:27:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\MSAPN.INI
[2008/07/18 08:09:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\startUp manager.INI
[2008/07/17 10:26:22 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/07/17 10:26:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/15 12:55:03 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/15 12:55:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/15 12:42:00 | 000,002,939 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2008/07/15 11:14:56 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008/07/14 22:10:43 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\11EA4F9640.sys
[2008/07/14 21:31:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/14 20:52:17 | 000,000,425 | ---- | C] () -- C:\WINDOWS\cfcread.INI
[2008/06/26 22:09:54 | 000,000,680 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/26 13:28:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/07 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/17 09:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:19:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/03/17 03:21:59 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\Kalin\Application Data\Kalinlog.dat
[2005/07/15 10:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/12 10:58:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 10:58:32 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 10:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 10:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/01/14 08:41:55 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll

========== LOP Check ==========

[2008/08/20 09:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/09 21:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/06/17 13:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/10/26 14:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/03/31 09:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2008/08/29 19:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/12/06 14:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/10/11 13:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2008/11/07 10:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/10 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/01/22 10:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/25 17:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyDefrag
[2009/07/10 15:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2009/06/17 13:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/17 13:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2008/07/15 11:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2009/09/17 09:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/12/18 21:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/07/28 07:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/11/16 11:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/10/24 13:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2009/11/15 09:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2008/07/15 10:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/01/23 11:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/07 09:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TextBridge
[2010/11/28 17:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2008/11/04 22:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/10/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/18 12:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 19:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/21 18:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\.minecraft
[2010/01/10 13:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\FileOpen
[2011/01/21 22:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\FrostWire
[2010/01/17 20:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\GrabPro
[2010/06/19 23:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\LolClient
[2010/08/06 11:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Orbit
[2010/08/06 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\ProgSense
[2010/12/28 15:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Raptr
[2009/10/24 13:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Spearit
[2010/08/24 20:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\SystemRequirementsLab
[2010/01/11 20:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Systweak
[2010/06/27 18:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Tific
[2010/01/05 16:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Windows Desktop Search
[2010/01/05 16:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kalin\Application Data\Windows Search
[2009/10/25 17:54:10 | 000,000,218 | ---- | M] () -- C:\WINDOWS\Tasks\Advanced System Optimizer Scheduler.job
[2010/12/05 04:18:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2011/01/18 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Pareto UNS.job
[2011/01/16 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/01/21 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/01/21 23:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/01/21 23:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7E60004C-CF9C-40F3-B2CB-FB79394A5166}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\UFantasy.ini:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Edited by r1sk, 24 January 2011 - 05:50 PM.

  • 0

Advertisements

#2
Dakeyras
Posted 25 January 2011 - 11:23 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :D

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Download/run Rkill:

Please download Rkill(try each in turn until it works if the need) from one of the following links and save to your Desktop:

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right-click on TDSSKiller.exe and select Rename, rename it iexplore
  • Double click on iexplore to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Rkill Log.
  • TDSSKiller Log.

  • 0

#3
r1sk
Posted 27 January 2011 - 03:41 PM

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the symptoms are still the exact same. although many of my uninstalls have been corupted . making it so i cant uninstall some programs.
RKill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 25/01/2011 at 21:46:08.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

Rkill completed on 25/01/2011 at 21:46:19.


TDSSkiller:
2011/01/25 21:49:42.0953 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 21:49:42.0953 ================================================================================
2011/01/25 21:49:42.0953 SystemInfo:
2011/01/25 21:49:42.0953
2011/01/25 21:49:42.0953 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/25 21:49:42.0953 Product type: Workstation
2011/01/25 21:49:42.0953 ComputerName: BRIAN-BZ61G3SF5
2011/01/25 21:49:42.0953 UserName: Kalin
2011/01/25 21:49:42.0953 Windows directory: C:\WINDOWS
2011/01/25 21:49:42.0953 System windows directory: C:\WINDOWS
2011/01/25 21:49:42.0953 Processor architecture: Intel x86
2011/01/25 21:49:42.0953 Number of processors: 1
2011/01/25 21:49:42.0953 Page size: 0x1000
2011/01/25 21:49:42.0953 Boot type: Normal boot
2011/01/25 21:49:42.0953 ================================================================================
2011/01/25 21:49:43.0812 Initialize success
2011/01/25 21:49:47.0640 ================================================================================
2011/01/25 21:49:47.0640 Scan started
2011/01/25 21:49:47.0640 Mode: Manual;
2011/01/25 21:49:47.0640 ================================================================================
2011/01/25 21:49:48.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/25 21:49:48.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/25 21:49:48.0484 ADASPROT (e9b047e166480f67fb6d50b3eec8bd35) C:\Program Files\Advanced System Optimizer 3\adasprot32.sys
2011/01/25 21:49:48.0734 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/25 21:49:48.0984 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/25 21:49:49.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/25 21:49:49.0437 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/25 21:49:49.0671 ANIO (2953a157a783bfc06f42f99fefa5eb07) C:\WINDOWS\system32\ANIO.SYS
2011/01/25 21:49:49.0765 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
2011/01/25 21:49:49.0875 AR5416 (d3e782ad9dca4d6215222a43345f43b0) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/01/25 21:49:50.0000 arusb(Atheros) (18ff4f6d8c86fe15c118843f89dbe943) C:\WINDOWS\system32\DRIVERS\dwarusb.sys
2011/01/25 21:49:50.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/25 21:49:50.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/25 21:49:50.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/25 21:49:50.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/25 21:49:50.0531 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS
2011/01/25 21:49:50.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/25 21:49:50.0796 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
2011/01/25 21:49:50.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/25 21:49:50.0984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/25 21:49:51.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/25 21:49:51.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/25 21:49:51.0171 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/25 21:49:51.0359 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
2011/01/25 21:49:51.0453 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/25 21:49:51.0593 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/01/25 21:49:51.0640 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
2011/01/25 21:49:51.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/25 21:49:51.0875 DLABMFSM (ace95725b7d9e12227590f4c2e47707f) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/25 21:49:51.0937 DLABOIOM (f872cf678b07a7a415bc78c309c433a8) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/25 21:49:51.0984 DLACDBHM (81e0ef6c693da1a98bd863a9fb6ab223) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/25 21:49:52.0062 DLADResM (0049cb1260d08b4e28ae28073ab6d6bf) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/25 21:49:52.0109 DLAIFS_M (8d74e30d25a962485c4620fbc795c576) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/25 21:49:52.0156 DLAOPIOM (d4523b4284191c5824e79a4959cf8103) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/25 21:49:52.0187 DLAPoolM (8330839e47287595545d4d4abdea2b18) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/25 21:49:52.0265 DLARTL_M (ccd46b2e9de7dde28055008e52d19e62) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/25 21:49:52.0328 DLAUDFAM (c1574997b02ed1c1fdde8ef66106ad90) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/25 21:49:52.0375 DLAUDF_M (4bbb14b293a9ec274361b0a543c78f80) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/25 21:49:52.0468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/25 21:49:52.0546 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/25 21:49:52.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/25 21:49:52.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/25 21:49:52.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/25 21:49:52.0828 DRVMCDB (55f25c7eb606f923fa317ae29a8bd72a) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/25 21:49:52.0906 DRVNDDM (8a491bd3f9137ba6aecabb93ff849fcc) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/25 21:49:52.0953 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/25 21:49:53.0062 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/25 21:49:53.0093 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/25 21:49:53.0203 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/25 21:49:53.0250 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/25 21:49:53.0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/25 21:49:53.0375 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys
2011/01/25 21:49:53.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/25 21:49:53.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/25 21:49:53.0578 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/25 21:49:53.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/25 21:49:53.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/25 21:49:53.0796 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/01/25 21:49:53.0843 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/25 21:49:53.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/25 21:49:53.0953 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/01/25 21:49:54.0046 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/01/25 21:49:54.0093 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/25 21:49:54.0234 HSFHWBS2 (1821032e9ee6a72f10448824befc5deb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/01/25 21:49:54.0312 HSF_DP (607edabfd9ca9c864f3d07b159a9ec19) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/01/25 21:49:54.0437 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/01/25 21:49:54.0484 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2011/01/25 21:49:54.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/25 21:49:54.0609 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\WINDOWS\system32\Drivers\hwinterface.sys
2011/01/25 21:49:54.0781 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/25 21:49:54.0843 IcRecUsb (16e441dc4daf703fb0b0fe474830ff53) C:\WINDOWS\system32\Drivers\IcRecUsb.sys
2011/01/25 21:49:55.0046 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110120.001\IDSxpx86.sys
2011/01/25 21:49:55.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/25 21:49:55.0234 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/25 21:49:55.0281 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/25 21:49:55.0328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/25 21:49:55.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/25 21:49:55.0453 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/25 21:49:55.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/25 21:49:55.0562 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/25 21:49:55.0609 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/25 21:49:55.0671 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/25 21:49:55.0734 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/25 21:49:55.0796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/25 21:49:55.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/25 21:49:55.0921 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/01/25 21:49:56.0031 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/01/25 21:49:56.0156 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/01/25 21:49:56.0218 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/25 21:49:56.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/25 21:49:56.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/25 21:49:56.0406 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/25 21:49:56.0453 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/25 21:49:56.0500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/25 21:49:56.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/25 21:49:56.0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/25 21:49:56.0718 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/25 21:49:56.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/25 21:49:56.0859 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/25 21:49:56.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/25 21:49:56.0968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/25 21:49:57.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/25 21:49:57.0109 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/25 21:49:57.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/25 21:49:57.0218 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/25 21:49:57.0375 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110121.019\NAVENG.SYS
2011/01/25 21:49:57.0546 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110121.019\NAVEX15.SYS
2011/01/25 21:49:57.0687 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/25 21:49:57.0765 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/25 21:49:57.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/25 21:49:57.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/25 21:49:57.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/25 21:49:57.0984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/25 21:49:58.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/25 21:49:58.0093 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/25 21:49:58.0296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/25 21:49:58.0343 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/25 21:49:58.0437 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/01/25 21:49:58.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/25 21:49:58.0562 nuvaud2 (aa72993760cc3b42d55b41786b80da2c) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys
2011/01/25 21:49:58.0609 NUVision (013ed0371476ac2eb59d048d176abd8d) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
2011/01/25 21:49:58.0656 nuvvid2 (013ed0371476ac2eb59d048d176abd8d) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
2011/01/25 21:49:59.0046 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/25 21:49:59.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/25 21:49:59.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/25 21:49:59.0531 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/01/25 21:49:59.0578 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/01/25 21:49:59.0687 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
2011/01/25 21:49:59.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/25 21:49:59.0843 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/25 21:49:59.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/25 21:49:59.0968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/25 21:50:00.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/25 21:50:00.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/25 21:50:00.0375 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/01/25 21:50:00.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/25 21:50:00.0468 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/25 21:50:00.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/25 21:50:00.0578 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/25 21:50:00.0640 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/01/25 21:50:00.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/25 21:50:00.0890 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/25 21:50:00.0953 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/25 21:50:00.0984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/25 21:50:01.0031 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/25 21:50:01.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/25 21:50:01.0125 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/25 21:50:01.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/25 21:50:01.0328 RTL8192u (57b62803e5f20b4e3ea9c3727179f1fb) C:\WINDOWS\system32\DRIVERS\RTL8192u.sys
2011/01/25 21:50:01.0390 RxFilter (30aed4a37e8f8bbf41983d4ae3a15df9) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/01/25 21:50:01.0468 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/25 21:50:01.0484 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/25 21:50:01.0562 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/01/25 21:50:01.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/25 21:50:01.0703 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/01/25 21:50:01.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/25 21:50:01.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/25 21:50:01.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/25 21:50:02.0046 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/25 21:50:02.0109 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/25 21:50:02.0171 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/01/25 21:50:02.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/25 21:50:02.0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/25 21:50:02.0468 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/01/25 21:50:02.0546 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/01/25 21:50:02.0593 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/25 21:50:02.0703 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/25 21:50:02.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/25 21:50:02.0781 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/25 21:50:02.0968 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/01/25 21:50:03.0046 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/01/25 21:50:03.0140 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/25 21:50:03.0250 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/01/25 21:50:03.0296 SYMTDI (8c07683bf02b63ad71bcb2cf28af2d06) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS
2011/01/25 21:50:03.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/25 21:50:03.0484 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/01/25 21:50:03.0562 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/25 21:50:03.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/25 21:50:03.0671 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2011/01/25 21:50:03.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/25 21:50:03.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/25 21:50:03.0828 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/01/25 21:50:03.0906 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/01/25 21:50:04.0062 U2SP (975e28ba5acdd645c3d7a6775a63c8d9) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
2011/01/25 21:50:04.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/25 21:50:04.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/25 21:50:04.0296 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/25 21:50:04.0343 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/25 21:50:04.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/25 21:50:04.0437 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/25 21:50:04.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/25 21:50:04.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/25 21:50:04.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/25 21:50:04.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/25 21:50:04.0718 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/01/25 21:50:04.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/25 21:50:04.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/25 21:50:04.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/25 21:50:05.0015 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/25 21:50:05.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/25 21:50:05.0218 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/01/25 21:50:05.0343 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/25 21:50:05.0453 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/25 21:50:05.0500 WsAudio_DeviceS(1) (a75dc063c9f0b787cce296c8ccad9c30) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
2011/01/25 21:50:05.0609 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/25 21:50:05.0671 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/25 21:50:05.0765 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\WINDOWS\system32\DRIVERS\xaudio.sys
2011/01/25 21:50:06.0171 ================================================================================
2011/01/25 21:50:06.0171 Scan finished
2011/01/25 21:50:06.0171 ================================================================================

Edited by r1sk, 27 January 2011 - 03:42 PM.

  • 0

#4
Dakeyras
Posted 27 January 2011 - 05:07 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

the symptoms are still the exact same. although many of my uninstalls have been corupted . making it so i cant uninstall some programs.

OK and thanks for the update...Lets proceed as follows shall we.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the Quote-Box(do not include the word Quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [nwiz] File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O33 - MountPoints2\{4e81bf00-8d20-11df-85e5-1caff7117611}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{4e81bf00-8d20-11df-85e5-1caff7117611}\Shell\verb\command - "" = F:\installer.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 88 bytes -> C:\UFantasy.ini:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job
%systemroot%\prefetch\*.*

:Commands
[CreateRestorePoint]
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • ExeHelper Log.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#5
r1sk
Posted 28 January 2011 - 03:00 AM

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay so i managed to run the exe helper
heres the log

exeHelper by Raktor
Build 20100414
Run at 00:54:44 on 01/28/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

but then as soon as i try to copy tho otl script it wont copy, i hit copy and nothing happens, i can copy into firefox but i cant copy anything within firefox. my internet explorer wont open and i tried to download google chrome but the installer wont open. i checked the settings but there apeared to be nothing wrong
  • 0

#6
Dakeyras
Posted 28 January 2011 - 10:43 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

but then as soon as i try to copy tho otl script it wont copy, i hit copy and nothing happens, i can copy into firefox but i cant copy anything within firefox. my internet explorer wont open and i tried to download google chrome but the installer wont open. i checked the settings but there apeared to be nothing wrong

OK we will try a diffrent approach as follows. Please download the attached file to this post named Scan.txt to your desktop. Then after running the OTL Custom Script, download/install and run Malwarebytes Anti-Malware as per my last post, thank you.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Now double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop.
  • Select Scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
  • 0

#7
Dakeyras
Posted 01 February 2011 - 10:32 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
Dakeyras
Posted 05 February 2011 - 04:40 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Re-opened at OP's request.
  • 0

#9
r1sk
Posted 05 February 2011 - 05:18 PM

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
C:\Program Files\XfireXO\tbXfi2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\tbXfi2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Program Files\XfireXO\tbXfi2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
File C:\Program Files\XfireXO\tbXfi2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\WINDOWS\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
C:\WINDOWS\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e81bf00-8d20-11df-85e5-1caff7117611}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e81bf00-8d20-11df-85e5-1caff7117611}\ not found.
File F:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e81bf00-8d20-11df-85e5-1caff7117611}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e81bf00-8d20-11df-85e5-1caff7117611}\ not found.
File F:\installer.exe not found.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
ADS C:\UFantasy.ini:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kalin\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Kalin\My Documents\Downloads\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\tasks\At*.job not found.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\AGCP.EXE-28F0252F.pf moved successfully.
C:\WINDOWS\prefetch\AIRNCFG.EXE-1BB19243.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\APCSYSTRAY.EXE-2B9BE922.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICEHELPER.EXE-1C98CF29.pf moved successfully.
C:\WINDOWS\prefetch\ASOELNCH.EXE-0C224F96.pf moved successfully.
C:\WINDOWS\prefetch\CCSVCHST.EXE-3973AFB2.pf moved successfully.
C:\WINDOWS\prefetch\CLEANUNINSTALL.EXE-36196E55.pf moved successfully.
C:\WINDOWS\prefetch\CLTLMH.EXE-2774259D.pf moved successfully.
C:\WINDOWS\prefetch\CLTRT.EXE-062DED12.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DISPLAY.EXE-2AE3D357.pf moved successfully.
C:\WINDOWS\prefetch\DISTNOTED.EXE-347E9427.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-205D880D.pf moved successfully.
C:\WINDOWS\prefetch\DPUPDCHK.EXE-292CCBE2.pf moved successfully.
C:\WINDOWS\prefetch\DUMPREP.EXE-1B46F901.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.
C:\WINDOWS\prefetch\FROSTWIRE.EXE-0972D084.pf moved successfully.
C:\WINDOWS\prefetch\GOGEAR_SA018_DEVICEMANAGER.EX-36577D79.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-34C2B2F4.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATER.EXE-2CAF5929.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf moved successfully.
C:\WINDOWS\prefetch\IPOINT.EXE-350B2816.pf moved successfully.
C:\WINDOWS\prefetch\ITUNES.EXE-1A268432.pf moved successfully.
C:\WINDOWS\prefetch\ITUNESHELPER.EXE-15823303.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LIGHTSCRIBECONTROLPANEL.EXE-00482B9F.pf moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MINECRAFT.EXE-001D9F5E.pf moved successfully.
C:\WINDOWS\prefetch\MINECRAFT.EXE-254259C9.pf moved successfully.
C:\WINDOWS\prefetch\MINECRAFT.EXE-3A29E06A.pf moved successfully.
C:\WINDOWS\prefetch\MSNMSGR.EXE-030AB647.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OFFICELIVESIGNIN.EXE-042374FE.pf moved successfully.
C:\WINDOWS\prefetch\OFFLB.EXE-3449130C.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.
C:\WINDOWS\prefetch\PMB.EXE-16C05AFB.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2B4EA1CB.pf moved successfully.
C:\WINDOWS\prefetch\REGMECH.EXE-107A4EF7.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1340EF7F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1619A94E.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-35A483DA.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-415F88EC.pf moved successfully.
C:\WINDOWS\prefetch\SAUPDATE.EXE-01D42FCF.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf moved successfully.
C:\WINDOWS\prefetch\SILVERLIGHT.CONFIGURATION.EXE-098CFA3B.pf moved successfully.
C:\WINDOWS\prefetch\SMAX4PNP.EXE-381239AF.pf moved successfully.
C:\WINDOWS\prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf moved successfully.
C:\WINDOWS\prefetch\STARTMANSVC.EXE-0F8AB9BE.pf moved successfully.
C:\WINDOWS\prefetch\STEAM.EXE-15609EA3.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2E3FC035.pf moved successfully.
C:\WINDOWS\prefetch\SYMERR.EXE-04B603A5.pf moved successfully.
C:\WINDOWS\prefetch\UMONIT.EXE-07102CB9.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-01D3AD74.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-32579D11.pf moved successfully.
C:\WINDOWS\prefetch\UPDATETASK.EXE-154F922C.pf moved successfully.
C:\WINDOWS\prefetch\USBDETECTOR.EXE-3258C29B.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\WINDOWSSEARCH.EXE-20C0F767.pf moved successfully.
C:\WINDOWS\prefetch\WINLOGON.EXE-32C57D49.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-07381162.pf moved successfully.
C:\WINDOWS\prefetch\WINZIP32.EXE-335422C1.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\prefetch\WZCSLDR2.EXE-2BE9C7F3.pf moved successfully.
C:\WINDOWS\prefetch\XFIRE.EXE-10307267.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2N.TMP-04DBFBF7.pf moved successfully.
========== COMMANDS ==========
Unable to start service RpcSs!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 2836 bytes

User: Administrator.BRIAN-BZ61G3SF5
->Flash cache emptied: 2836 bytes

User: Administrator.BRIAN-BZ61G3SF5.000
->Flash cache emptied: 2836 bytes

User: All Users

User: Brian

User: Default User
->Flash cache emptied: 56545 bytes

User: Kalin
->Flash cache emptied: 93733 bytes

User: Lee
->Flash cache emptied: 41693 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 70324 bytes
->Flash cache emptied: 0 bytes

User: Administrator.BRIAN-BZ61G3SF5
->Temp folder emptied: 968 bytes
->Temporary Internet Files folder emptied: 1651965 bytes
->Flash cache emptied: 0 bytes

User: Administrator.BRIAN-BZ61G3SF5.000
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Brian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27800520 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33760 bytes
->Flash cache emptied: 0 bytes

User: Kalin
->Temp folder emptied: 29863960 bytes
->Temporary Internet Files folder emptied: 248885 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116602326 bytes
->Flash cache emptied: 0 bytes

User: Lee
->Temp folder emptied: 3051 bytes
->Temporary Internet Files folder emptied: 33760 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37591733 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 38798 bytes

User: NetworkService
->Temp folder emptied: 983040 bytes
->Temporary Internet Files folder emptied: 768767 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 44053758 bytes

Total Files Cleaned = 248.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02052011_145509

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_138.dat not found!

Registry entries deleted on Reboot...


Then for malwarebytes when i go to open it i get:

Run-time error '372':

Falied to lead control 'vbalGrid' from vbalsgrid6.ocx. your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.


what going on here??

Oh ya and thanks for reopening this thread!
  • 0

#10
Dakeyras
Posted 05 February 2011 - 06:42 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Oh ya and thanks for reopening this thread!

You're welcome!

what going on here??

The OTL custom script results are close to what I was expecting...However if not done so, you still need to download/install/run a quick scan with Malwarebytes Anti-Malware per my prior advice/insructions here and post the log created for my review.

I will further add I opted to reopen this topic per your request at my own discretion/appreciate the extenuating circumstances you mentioned in the PM(Private Message) you sent myself. However if you really want my assistance I suggest if able reply at least within a seventy two hour frame and also limit your online activity during the Malware Removal Process(though I do appreciate you machine has multiple user accounts and these may be in use, if the case you need to explain what is going on/limit usage etc) thank you.

Next:

In your next reply please post the former requested Malwarebytes Anti-Malware Log...Start OTL once more and click on Run Scan, then post the new log that opens in your next reply and provide myself a quick update about your machine etc, thank you.
  • 0

Advertisements

#11
r1sk
Posted 05 February 2011 - 08:37 PM

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
okay ill try my best to post quickly, but anyways like i said in my last post i get the error code '372' when i try to run malwarebytes. Any idea on how to fix this?

in the meantime ill post up another OTL log:

OTL logfile created on: 05/02/2011 6:33:39 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Kalin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 19.35 Gb Free Space | 12.98% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 36.00 Gb Free Space | 96.59% Space Free | Partition Type: FAT32

Computer Name: BRIAN-BZ61G3SF5 | User Name: Kalin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/28 00:42:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalin\My Documents\Downloads\OTL(2).com
PRC - [2011/01/13 07:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/05 22:44:24 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/12/11 18:27:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 18:27:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/12 13:18:41 | 002,969,496 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/19 16:15:08 | 009,999,080 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\systemprotector.exe
PRC - [2010/04/19 16:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PRC - [2009/06/05 12:05:30 | 001,615,232 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
PRC - [2009/02/12 17:28:24 | 001,687,552 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
PRC - [2009/02/12 09:57:14 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/11/11 14:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2008/11/11 14:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2008/11/11 14:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/10/23 08:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/01/19 10:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/12/12 14:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/10/27 23:09:00 | 000,053,248 | ---- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2003/04/01 10:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe


========== Modules (SafeList) ==========

MOD - [2011/01/28 00:42:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kalin\My Documents\Downloads\OTL(2).com
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/19 16:15:00 | 000,238,824 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/02/12 09:57:14 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/11/11 14:23:02 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/11/11 14:22:48 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2008/11/11 14:22:40 | 000,040,496 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 19:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/10/23 08:20:56 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2011/01/15 11:50:08 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/09 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110121.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/09 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110121.019\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/30 21:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/22 20:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/22 20:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 20:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 18:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/10 17:46:29 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110120.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/20 18:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/05/30 12:05:37 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/30 12:05:37 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 21:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/30 14:00:22 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2009/12/05 19:36:28 | 000,592,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dwarusb.sys -- (arusb(Atheros))
DRV - [2009/11/03 16:47:20 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/09/03 10:37:04 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/03/27 15:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/05 03:09:14 | 000,450,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192u.sys -- (RTL8192u)
DRV - [2009/02/09 17:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/20 09:11:57 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/20 09:11:57 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/20 09:11:51 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/20 09:11:46 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/07/15 13:18:59 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/07 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 08:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/25 08:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/10/18 09:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 09:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 09:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/09/15 09:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/04 15:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/05 04:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2004/10/27 23:09:00 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/01/25 13:50:14 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/01/25 13:47:02 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/11/18 14:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/08/26 16:29:42 | 000,023,387 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)
DRV - [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2001/10/02 06:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/09/20 08:58:48 | 000,153,824 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVvid2.sys -- (nuvvid2)
DRV - [2001/09/20 08:58:48 | 000,153,824 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVvid2.sys -- (NUVision)
DRV - [2001/09/20 08:47:38 | 000,025,184 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 6D 58 32 6B 8E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2260173&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/15 11:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/15 11:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/19 22:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/15 11:30:40 | 000,000,000 | ---D | M]

[2010/03/02 22:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Extensions
[2010/01/05 21:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\extensions
[2010/01/05 21:05:39 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/02/05 14:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions
[2010/04/26 17:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/05 14:21:35 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/08/09 17:05:53 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/02/05 14:21:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\extensions\[email protected]
[2010/08/05 20:34:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\searchplugins\conduit.xml
[2011/02/02 23:02:09 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\Mozilla\Firefox\Profiles\x5q2a0gn.default\searchplugins\swagbuckscom.xml
[2011/02/05 14:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/30 12:54:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 19:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 20:33:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 11:48:27 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011/01/15 11:58:14 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2009/03/22 14:45:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll

O1 HOSTS File: ([2011/02/05 14:55:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe (Systweak Inc., (www.systweak.com))
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe (Philips)
O4 - Startup: C:\Documents and Settings\Kalin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative....101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1216098713903 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://blueheronproj...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/12 14:00:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O34 - HKLM BootExecute: (Execute settings...) - File not found
O34 - HKLM BootExecute: (on\Explore) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 15:12:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/05 15:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/05 15:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/05 15:12:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/05 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/05 14:55:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/28 00:40:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/28 00:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/28 00:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/25 21:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\Downloads
[2011/01/23 17:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MediaMonkey
[2011/01/23 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Local Settings\Application Data\MediaMonkey
[2011/01/23 17:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2011/01/23 17:17:45 | 000,015,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\ROBoot.exe
[2011/01/23 11:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Start Menu\Programs\SUPERAntiSpyware
[2011/01/23 11:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/23 10:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/22 19:39:18 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kalin\Desktop\TDSSKiller.exe
[2011/01/22 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Application Data\SUPERAntiSpyware.com
[2011/01/22 18:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/22 11:07:31 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/01/22 11:07:31 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/01/22 11:07:03 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/01/22 10:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/21 18:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\Application Data\.minecraft
[2011/01/17 22:04:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kalin\Desktop\shoes essay
[2011/01/15 11:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kalin\My Documents\Symantec
[2006/07/11 14:29:00 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2011/02/05 15:12:58 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/05 15:06:30 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{F25C8AC6-CB04-4620-982E-0937B0DE4A97}
[2011/02/05 15:06:14 | 000,000,006 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F25C8AC6-CB04-4620-982E-0937B0DE4A97}
[2011/02/05 15:06:08 | 000,274,372 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/02/05 15:06:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/02/05 14:56:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/05 14:56:41 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/05 14:55:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/05 13:35:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/28 12:41:27 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\The destuctors.doc
[2011/01/28 12:40:26 | 000,012,247 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\The destuctors.docx
[2011/01/28 12:07:45 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Sneaker History.doc
[2011/01/28 10:42:04 | 000,027,823 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Sneaker History.docx
[2011/01/28 00:39:53 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Kalin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/28 00:39:52 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\NTREGOPT.lnk
[2011/01/28 00:39:52 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\ERUNT.lnk
[2011/01/23 17:50:30 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/23 17:31:01 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaMonkey.lnk
[2011/01/23 17:31:01 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2011/01/23 17:21:38 | 000,002,572 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/01/23 11:16:48 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 10:54:25 | 000,649,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/23 10:52:23 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\sdsetup.exe
[2011/01/23 10:51:01 | 000,002,115 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/01/22 19:39:18 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kalin\Desktop\TDSSKiller.exe
[2011/01/22 09:53:20 | 000,048,418 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\cc_20110122_095316.reg
[2011/01/22 09:48:17 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Kalin\Application Data\ANICONFIG_{F25C8AC6-CB04-4620-982E-0937B0DE4A97}.ini
[2011/01/21 23:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7E60004C-CF9C-40F3-B2CB-FB79394A5166}.job
[2011/01/21 23:05:53 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\Kalin\Application Data\Kalinlog.dat
[2011/01/21 23:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/21 22:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 20:10:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/21 19:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/21 18:32:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/20 21:50:25 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\Darkness.doc
[2011/01/20 21:31:53 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\letteressay2.doc
[2011/01/20 21:09:45 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Kalin\My Documents\Violence Response.doc
[2011/01/20 20:03:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/18 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2011/01/16 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/01/15 17:04:41 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\letteressay2.doc
[2011/01/15 16:42:47 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Kalin\Desktop\Nuclear Weapons Today.doc
[2011/01/15 14:32:01 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Kalin.job
[2011/01/15 11:53:03 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/01/15 11:51:52 | 000,649,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/15 11:50:08 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/15 11:50:08 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/15 11:50:08 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/15 11:50:08 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/15 11:30:42 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/01/15 11:29:02 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== Files Created - No Company Name ==========

[2011/02/05 15:12:57 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/28 12:41:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\The destuctors.doc
[2011/01/28 12:40:26 | 000,012,247 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\The destuctors.docx
[2011/01/28 12:07:44 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Sneaker History.doc
[2011/01/28 10:12:35 | 000,027,823 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Sneaker History.docx
[2011/01/28 00:39:53 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Kalin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/28 00:39:52 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\NTREGOPT.lnk
[2011/01/28 00:39:52 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\ERUNT.lnk
[2011/01/23 17:31:01 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaMonkey.lnk
[2011/01/23 17:31:01 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2011/01/23 17:17:45 | 000,002,572 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/01/23 11:16:48 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 10:54:01 | 000,649,676 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/23 10:52:28 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\sdsetup.exe
[2011/01/23 10:44:54 | 000,002,115 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/01/22 10:32:18 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Kalin\exehelperlog.txt
[2011/01/22 09:53:18 | 000,048,418 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\cc_20110122_095316.reg
[2011/01/20 21:50:25 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\Darkness.doc
[2011/01/20 21:31:53 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\letteressay2.doc
[2011/01/20 21:09:45 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Kalin\My Documents\Violence Response.doc
[2011/01/15 17:04:40 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\letteressay2.doc
[2011/01/15 11:52:59 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/01/15 11:26:49 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/15 11:26:49 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/01/14 00:53:09 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Kalin\Desktop\Nuclear Weapons Today.doc
[2011/01/13 21:49:46 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/04 17:13:33 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 17:08:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/19 01:15:07 | 000,258,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1085031214-682003330-1012-0.dat
[2010/12/19 01:15:05 | 000,194,646 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/29 19:01:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/09/12 17:56:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\fusioncache.dat
[2010/09/06 15:38:34 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\ANICONFIG_{F25C8AC6-CB04-4620-982E-0937B0DE4A97}.ini
[2010/05/30 11:28:41 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010/05/30 11:28:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2010/05/30 11:28:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/05/30 11:28:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2010/05/30 11:28:41 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2010/05/30 11:28:20 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2010/05/30 11:28:20 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2010/05/30 11:28:06 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010/05/30 11:28:03 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2010/05/17 18:10:05 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\ANICONFIG_{BCFD69E0-FF12-4C4C-A3B8-BCBB8B2A3B7C}.ini
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/01/25 19:16:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 22:05:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kalin\Local Settings\Application Data\PUTTY.RND
[2010/01/20 22:03:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kalin\Application Data\winscp.rnd
[2010/01/07 17:28:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/13 12:49:32 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/10/12 16:52:40 | 000,020,941 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2009/10/12 16:52:40 | 000,000,740 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2009/10/12 16:52:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009/10/12 16:52:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009/09/23 13:20:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/09/21 14:44:04 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2009/09/14 07:48:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\picload.INI
[2009/07/09 17:44:59 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2009/07/09 17:44:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2009/07/07 09:14:07 | 000,000,175 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/13 22:56:51 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009/01/13 16:27:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/01 16:15:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/30 11:10:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\rtpmsi32.dll
[2008/11/27 08:59:10 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A8B3F0B13E.sys
[2008/11/06 15:49:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/06 15:26:32 | 000,003,870 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/06 15:23:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2008/11/06 15:07:11 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/11/04 15:06:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\CmdSlideshow.INI
[2008/10/28 20:22:49 | 000,000,607 | ---- | C] () -- C:\WINDOWS\Uninstall Manager.INI
[2008/09/17 22:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/08 14:23:17 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008/07/29 18:08:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\40964FEA11.sys
[2008/07/29 14:43:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2008/07/29 14:29:09 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\R49LW
[2008/07/29 14:27:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Smdd32.dll
[2008/07/29 14:27:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Smcb32.dll
[2008/07/29 14:27:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Smb832.dll
[2008/07/29 14:27:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Smc732.dll
[2008/07/29 14:27:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\smCA32.dll
[2008/07/29 14:27:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Smbd32.dll
[2008/07/29 14:27:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\smB332.dll
[2008/07/29 14:27:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Smb432.dll
[2008/07/29 14:27:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\Smb032.dll
[2008/07/29 14:27:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sma332.dll
[2008/07/29 14:27:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Sm9e32.dll
[2008/07/29 14:27:51 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\Raven32.dll
[2008/07/29 14:27:51 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\Sm9132.dll
[2008/07/29 14:27:51 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\Smb632.dll
[2008/07/29 14:27:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\Dspimg32.dll
[2008/07/29 14:27:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MS32RES.DLL
[2008/07/29 14:27:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Aspi32.dll
[2008/07/29 14:27:50 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\mice.ini
[2008/07/29 14:27:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\MiiDSR.dll
[2008/07/29 14:27:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Mphase32.dll
[2008/07/29 14:27:49 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\MSCANDC.INI
[2008/07/29 14:27:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\MSAPN.INI
[2008/07/18 08:09:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\startUp manager.INI
[2008/07/17 10:26:22 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/07/17 10:26:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/15 12:55:03 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/15 12:55:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/15 12:42:00 | 000,002,939 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2008/07/15 11:14:56 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008/07/14 22:10:43 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\11EA4F9640.sys
[2008/07/14 21:31:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/14 20:52:17 | 000,000,425 | ---- | C] () -- C:\WINDOWS\cfcread.INI
[2008/06/26 22:09:54 | 000,000,680 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/26 13:28:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/07 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/17 09:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:19:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/03/17 03:21:59 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\Kalin\Application Data\Kalinlog.dat
[2005/07/15 10:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/08/12 10:58:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 10:58:32 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 10:58:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 10:58:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/01/14 08:41:55 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll

< End of report >
  • 0

#12
Dakeyras
Posted 06 February 2011 - 10:12 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

okay ill try my best to post quickly,

Fair play.

Hard-Drive Free Space Advice:

Drive C: | 149.04 Gb Total Space | 19.35 Gb Free Space | 12.98% Space Free | Partition Type: NTFS

This is considered borderline. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

I advise you choose to uninstall some software you do not need and or move any documents/files/pictures etc to a form of removable media for example.

This is just my friendly advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic and in the worse case scenario your machine may actually cease to boot-up correctly at all.

but anyways like i said in my last post i get the error code '372' when i try to run malwarebytes. Any idea on how to fix this?

OK try the following please:-

Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Malwarebytes Anti-Malware

To do so, click once on the above in to highlight and then click on the Remove button.

Next:

Download and run mbam-clean.exe from here.

You should be prompted to reboot your machine please allow it to do so and or reboot your machine manually.

Then:-

Re-download Malwarebytes Anti-Malware from here.

Install >> Check for Updates >> Carry Out a Quick Scan. Have it fix anything it finds and reboot your machine if prompted and post the log in your next reply.
  • 0

#13
r1sk
Posted 06 February 2011 - 09:15 PM

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
okay so i tried to get malwarebytes but i am still getting the same error. also i took your advice to get rid of some stuff, but when i go to uninstall many of the uninstallers appear to be corrupted or not working, could this be from whatever virus i have? or just my computers done?
  • 0

#14
Dakeyras
Posted 07 February 2011 - 03:38 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

It may be indeed the Operating System on your machine is damaged and there is a way we can repair that if the need, which will not affect your currently installed software and files/folders etc. The only downside of which is then you would have to reinstall all Service Packs/Critical Updates.

However before we consider that option I wish to ascertain if indeed malware is the culprit or not as follows.

Next:

Please run RKill again, I do not need to review the log created this time.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Posted Image

    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#15
r1sk
Posted 10 February 2011 - 12:24 AM

r1sk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-09 22:13:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160815A rev.3.AAD
Running: sgqiffyf.exe; Driver: C:\DOCUME~1\Kalin\LOCALS~1\Temp\fwaoypoc.sys


---- System - GMER 1.0.15 ----

SSDT 8A0E4E68 ZwAlertResumeThread
SSDT 8A0E4F48 ZwAlertThread
SSDT 8A0960B8 ZwAllocateVirtualMemory
SSDT 8A0DEF90 ZwAssignProcessToJobObject
SSDT 8A310DE8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB53D2720]
SSDT 8A0E4BB8 ZwCreateMutant
SSDT 8A0DEDD0 ZwCreateSymbolicLinkObject
SSDT 8A11B110 ZwCreateThread
SSDT 8A0F0BC8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB53D29A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB53D2F00]
SSDT 8A096250 ZwDuplicateObject
SSDT 8A092160 ZwFreeVirtualMemory
SSDT 8A0E4CA8 ZwImpersonateAnonymousToken
SSDT 8A0E4D88 ZwImpersonateThread
SSDT 8A48F050 ZwLoadDriver
SSDT 8A0E22F8 ZwMapViewOfSection
SSDT 8A0F0F90 ZwOpenEvent
SSDT 8A0CD180 ZwOpenProcess
SSDT 8A0AF140 ZwOpenProcessToken
SSDT 8A0F0DF0 ZwOpenSection
SSDT 8A0CD0B0 ZwOpenThread
SSDT 8A0DEEC0 ZwProtectVirtualMemory
SSDT 89AC6090 ZwResumeThread
SSDT 8A0C8090 ZwSetContextThread
SSDT 8A0C8170 ZwSetInformationProcess
SSDT 8A0F0CA8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB53D3150]
SSDT 8A0F0ED0 ZwSuspendProcess
SSDT 89AC6170 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB523E620]
SSDT 89AC6230 ZwTerminateThread
SSDT 8A0C8260 ZwUnmapViewOfSection
SSDT 8A092250 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + F2 804E494C 4 Bytes CALL BFD87A5E
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7AED380, 0x566445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3948] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost (*** hidden *** ) [AUTO] DcomLaunch <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost (*** hidden *** ) [AUTO] RpcSs <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost (*** hidden *** ) [MANUAL] TermService <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.mfp@ MacromediaFlashPaper.MacromediaFlashPaper
Reg HKLM\SOFTWARE\Classes\.mfp@Content Type application/x-shockwave-flash
Reg HKLM\SOFTWARE\Classes\.spl@ ShockwaveFlash.ShockwaveFlash
Reg HKLM\SOFTWARE\Classes\.spl@Content Type application/futuresplash
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\InprocServer32@ C:\Program Files\Fellowes\MediaFACE 4.0\MediaFaceUI.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\InprocServer32@InprocServer32 x+v)9LXlXASR%S7{bQZ2LabelMaker>TufhHV.!'AvJu7.GBE2%?
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\ProgID@ MediaFACEUI.MFUISystem.1
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{054C51FD-5425-7ABF-DF38-89AEC63A5CB8}\VersionIndependentProgID@ MediaFACEUI.MFUISystem
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram@ ExecuteProgram Class
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram\CLSID
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram\CLSID@ {5E0791D6-7FCE-4812-B4B1-06BDF57237FC}
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram\CurVer
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram\CurVer@ ExecuteProcess.ExecuteProgram.1
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram.1@ ExecuteProgram Class
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram.1\CLSID
Reg HKLM\SOFTWARE\Classes\ExecuteProcess.ExecuteProgram.1\CLSID@ {5E0791D6-7FCE-4812-B4B1-06BDF57237FC}
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory@ Macromedia Flash Factory Object
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID@ {D27CDB70-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer@ FlashFactory.FlashFactory.1
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1@ Macromedia Flash Factory Object
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID@ {D27CDB70-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\Local Settings\Software
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache@C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe Norton Internet Security
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache@C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe Norton Internet Security
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache@C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe Norton Internet Security
Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache@C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe Norton Internet Security
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper@ Macromedia Flash Paper
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon@ "%1"
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command
Reg HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command@ "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug@ OutlookPlug Class
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug\CLSID
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug\CLSID@ {2272AE7A-0C30-48E1-91DF-F9E666276C0C}
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug\CurVer
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug\CurVer@ MsouPlug.OutlookPlug.1
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug.1@ OutlookPlug Class
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug.1\CLSID
Reg HKLM\SOFTWARE\Classes\MsouPlug.OutlookPlug.1\CLSID@ {2272AE7A-0C30-48E1-91DF-F9E666276C0C}
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink@ Symantec Norton AntiVirus MediaStatusSink Class
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink\CLSID
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink\CLSID@ {09D32393-10DA-4eca-91AA-AD11C69DB966}
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink\CurVer
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink\CurVer@ NortonAntiVirus.MediaStatusSink.1
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink.1@ Symantec Norton AntiVirus MediaStatusSink Class
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink.1\CLSID
Reg HKLM\SOFTWARE\Classes\NortonAntiVirus.MediaStatusSink.1\CLSID@ {09D32393-10DA-4eca-91AA-AD11C69DB966}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer@ ShockwaveFlash.ShockwaveFlash.10
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9@ Shockwave Flash Object
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID
Reg HKLM\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID@ {D27CDB6E-AE6D-11cf-96B8-444553540000}
Reg HKLM\SOFTWARE\Classes\Symantec.IPS.WebProtection@ Symantec.IPS.WebProtection
Reg HKLM\SOFTWARE\Classes\Symantec.IPS.WebProtection\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.IPS.WebProtection\CLSID@ {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
Reg HKLM\SOFTWARE\Classes\Symantec.IPS.WebProtection\CurVer
Reg HKLM\SOFTWARE\Classes\Symantec.IPS.WebProtection\CurVer@ Symantec.IPS.WebProtection.1
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu@ IEContextMenu Class
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CLSID@ {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CurVer
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CurVer@ Symantec.Norton.Antivirus.IEContextMenu.1
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1@ IEContextMenu Class
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1\CLSID@ {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus@ SystemStatus Class
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus\CLSID@ {C038C017-8A01-4929-8639-52EBECB5F6B8}
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus\CurVer
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus\CurVer@ Symantec.Norton.SystemStatus.1
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus.1@ SystemStatus Class
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus.1\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.SystemStatus.1\CLSID@ {C038C017-8A01-4929-8639-52EBECB5F6B8}
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost@ uiWebHost Class
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost\CLSID@ {FD7B051A-1E54-41f8-8A87-2F4349A8CCC8}
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost\CurVer
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost\CurVer@ Symantec.Norton.uiWebHost
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost.1@ uiWebHost Class
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost.1\CLSID
Reg HKLM\SOFTWARE\Classes\Symantec.Norton.uiWebHost.1\CLSID@ {FD7B051A-1E54-41f8-8A87-2F4349A8CCC8}

---- EOF - GMER 1.0.15 ----










but then using firefox when i try to install the eset it cant connect to internet.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP