Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

backdoor.tdss.565

Started by ja9219 , Apr 26 2011 03:35 PM

  • Please log in to reply

#1
ja9219
Posted 26 April 2011 - 03:35 PM

ja9219

    Member

  • Member
  • PipPip
  • 15 posts
Well whats up guys, I'm currently working on a teachers computer he's running windows vista 32 bit(I'm not currently sure of the service pack) who is affected(or maybe not affected) with backdoor.tdss.565. Well anyways I have so far run malwarebytes, superantispyware, drweb(he should be running the full scan right now), avast boot scan, norton power eraser,tdsskiller(by kaspersky) ,gmer (however that crashed) and that should be about it. All of these items detected things except for avast boot scan, and tdsskiller(was run after drweb detected backdoor.tdss.565)(superantispyware detected other things besides cookies) I believe(I wasn't there when the scan finished).

Well I searched around on the internet today to see if I was getting any redirects, and I did not, I also told him to search around and see if he gets redirected at all, and to let me know. I'm experienced but not enough to know how to use combofix or otl(judging on the research of this virus I may need that information). So any other info you guys may need let me know and I'll get that info tomorrow. Unless I know it off the top of my head.

thanks (also just to let everyone know I had originally joined this site just to receive training)

P.s there is NO PAYMENT involved, and a otl log should be posted tomorrow

Edited by ja9219, 27 April 2011 - 03:27 PM.

  • 0

Advertisements

#2
RKinner
Posted 28 April 2011 - 12:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Sounds like you have already fixed it. Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com

* techsupportforum.com

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Ron
  • 0

#3
ja9219
Posted 28 April 2011 - 12:33 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for your reply, I'm sure it will make things easier if I post separate posts with each one containing different data sets(don't really care about post count)

First OTL: also things to note this is on a school server, the server as well as many of the schools computers were infected, it took a while for his to get hit with the virus

��OTL logfile created on: 4/28/2011 7:17:37 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 5.50 Gb Free Space | 3.69% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 11:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.scr
PRC - [2010/11/17 11:42:58 | 001,538,040 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2010/11/17 11:42:30 | 000,411,128 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2010/11/17 11:42:24 | 001,098,232 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010/11/17 11:40:44 | 000,995,832 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2010/11/17 01:21:02 | 001,610,352 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2010/11/17 01:09:38 | 001,333,264 | ---- | M] () -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2010/11/17 00:43:24 | 000,340,984 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009/07/29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 09:18:17 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 11:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/02 22:02:42 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/11/17 11:42:30 | 000,411,128 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010/11/17 11:42:24 | 001,098,232 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010/11/17 01:21:02 | 001,610,352 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2010/11/17 01:09:38 | 001,333,264 | ---- | M] () [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010/11/17 00:43:24 | 000,340,984 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2009/07/29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 12:17:52 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011/04/26 14:53:30 | 000,047,992 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011/04/26 14:51:42 | 000,039,288 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011/04/26 14:51:41 | 000,062,584 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011/04/26 14:51:38 | 000,033,912 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011/04/26 14:51:27 | 000,041,336 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011/04/25 14:18:58 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/04/25 14:11:07 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2009/10/03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/17 08:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009/09/17 08:05:02 | 000,038,376 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2009/04/11 09:18:04 | 000,226,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/02/15 18:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/04/30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/07/14 12:14:00 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\risdptsk.sys -- (risdptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\Desktop\scout.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\Desktop\scout.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1637873a-2dfd-11e0-b43e-001e68075787}\Shell - "" = AutoRun
O33 - MountPoints2\{1637873a-2dfd-11e0-b43e-001e68075787}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{1abdbae6-2494-11e0-89cb-001e68075787}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{1abdbae6-2494-11e0-89cb-001e68075787}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{2045478c-287e-11e0-8975-001e68075787}\Shell - "" = AutoRun
O33 - MountPoints2\{2045478c-287e-11e0-8975-001e68075787}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4d6d7509-6779-11e0-84e0-001e68075787}\Shell - "" = AutoRun
O33 - MountPoints2\{4d6d7509-6779-11e0-84e0-001e68075787}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{61e74d4e-0d28-11e0-9d43-001e68075787}\Shell - "" = AutoRun
O33 - MountPoints2\{61e74d4e-0d28-11e0-9d43-001e68075787}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{bd1fada7-0dc9-11e0-872d-001e68075787}\Shell - "" = AutoRun
O33 - MountPoints2\{bd1fada7-0dc9-11e0-872d-001e68075787}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 12:17:52 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011/04/27 12:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/27 12:08:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/27 12:08:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/27 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/27 12:07:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.scr
[2011/04/27 09:19:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\tron
[2011/04/26 14:53:30 | 000,047,992 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011/04/26 14:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2011
[2011/04/26 14:51:42 | 000,039,288 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011/04/26 14:51:41 | 000,062,584 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011/04/26 14:51:38 | 000,033,912 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011/04/26 14:51:27 | 000,041,336 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011/04/26 14:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011/04/26 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2011/04/26 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/04/26 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Downloaded Installations
[2011/04/26 13:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/26 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/26 13:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/26 07:28:47 | 000,000,000 | ---D | C] -- C:\Users\User\DoctorWeb
[2011/04/26 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\NPE
[2011/04/26 07:16:17 | 006,141,880 | ---- | C] (Symantec Corporation) -- C:\Users\User\Desktop\NPE.exe
[2011/04/26 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\tdsskiller
[2011/04/25 14:16:01 | 000,135,032 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2011/04/25 14:13:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\gmer
[2011/04/25 12:46:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/25 12:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/04/25 12:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/25 12:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/25 12:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/15 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG10
[2011/04/15 13:54:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/15 13:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/15 13:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/15 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/15 07:10:32 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\MGLV vids
[2011/04/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2011/04/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2011/04/14 11:37:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/14 11:37:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/14 11:37:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/14 11:37:03 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/14 11:36:54 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/14 11:36:53 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/13 22:04:02 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 22:04:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 22:03:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 22:03:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 22:03:51 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 22:03:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 22:03:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 22:03:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 22:03:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 22:03:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 22:03:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 22:03:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 22:03:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 22:03:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 22:03:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 22:03:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 22:03:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 22:03:48 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 22:03:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 13:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/13 13:08:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/04/13 13:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/13 07:19:25 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\LW
[2011/03/30 07:15:51 | 000,000,000 | -H-D | C] -- C:\Users\User\Documents\Recordpad
[2011/03/30 07:15:49 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\Recordpad
[2011/03/29 21:45:18 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\NCH Software
[2011/03/29 21:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/03/29 21:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
[2011/03/29 21:44:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\NCH Swift Sound
[2011/03/29 21:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2011/03/29 21:44:10 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\NCH Swift Sound

========== Files - Modified Within 30 Days ==========

[2011/04/28 07:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 06:44:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/28 03:00:51 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B94781C0-B6F9-4CBF-97F2-A58245B57A7B}.job
[2011/04/27 20:14:07 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 20:14:07 | 000,003,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 19:39:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/04/27 19:16:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 13:46:42 | 000,000,000 | ---- | M] () -- C:\Windows\oem_uninst.exe
[2011/04/27 12:17:52 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011/04/27 11:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.scr
[2011/04/27 09:11:46 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 09:11:46 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/26 14:53:30 | 000,047,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011/04/26 14:51:42 | 000,039,288 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011/04/26 14:51:41 | 000,062,584 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011/04/26 14:51:38 | 000,033,912 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011/04/26 14:51:27 | 000,041,336 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011/04/26 14:50:38 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2011/04/26 13:54:39 | 460,044,885 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/25 20:52:57 | 006,141,880 | ---- | M] (Symantec Corporation) -- C:\Users\User\Desktop\NPE.exe
[2011/04/25 14:18:58 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2011/04/25 14:11:07 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/25 14:09:13 | 000,001,464 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/04/25 14:07:52 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/04/25 08:04:41 | 000,146,432 | -H-- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 18:00:16 | 000,000,680 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/04/15 12:03:21 | 000,014,862 | ---- | M] () -- C:\Users\User\Desktop\blank30mmcube.cmb.gz
[2011/04/15 10:41:16 | 029,281,965 | ---- | M] () -- C:\Users\User\Desktop\maglev 2011_0001.wmv
[2011/04/15 08:37:22 | 000,016,547 | ---- | M] () -- C:\Users\User\Desktop\LCibbon test.lws
[2011/04/15 08:20:05 | 000,030,522 | ---- | M] () -- C:\Users\User\Desktop\Light Cycle.lwo
[2011/04/15 08:05:15 | 000,416,768 | ---- | M] () -- C:\Users\User\Desktop\maglev 2011.MSWMM
[2011/04/15 07:57:56 | 000,011,432 | ---- | M] () -- C:\Users\User\Desktop\cycle wheel 2.lwo
[2011/04/15 07:57:07 | 000,011,432 | ---- | M] () -- C:\Users\User\Desktop\cycle wheel.lwo
[2011/04/15 07:08:58 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 06:22:12 | 000,293,019 | ---- | M] () -- C:\Users\User\Desktop\gmer.zip
[2011/04/15 06:21:03 | 059,873,664 | ---- | M] () -- C:\Users\User\Desktop\tgk6ly53.exe
[2011/04/13 11:33:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/13 11:31:47 | 000,001,718 | -H-- | M] () -- C:\Users\User\Desktop\License.avastlic
[2011/04/13 09:08:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41213704r
[2011/04/13 09:08:49 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~41213704
[2011/04/13 09:08:48 | 000,000,581 | -H-- | M] () -- C:\Users\User\Desktop\Windows Restore.lnk
[2011/04/13 09:08:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\41213704
[2011/04/13 09:08:43 | 000,274,454 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/13 09:08:43 | 000,274,454 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/04/13 08:33:07 | 000,000,626 | -H-- | M] () -- C:\Users\User\LWHUB9.CFG
[2011/04/13 08:32:04 | 000,183,442 | -H-- | M] () -- C:\Users\User\LWEXT9.CFG
[2011/04/13 08:32:04 | 000,026,927 | -H-- | M] () -- C:\Users\User\LW9.CFG
[2011/04/13 06:49:15 | 000,065,932 | ---- | M] () -- C:\Users\User\Desktop\period F walk.lws
[2011/04/12 20:50:01 | 000,005,284 | -H-- | M] () -- C:\Users\User\LWM9.CFG
[2011/04/12 11:57:35 | 000,092,512 | -H-- | M] () -- C:\Users\User\Desktop\my walk2.lws
[2011/04/12 11:55:17 | 000,090,844 | -H-- | M] () -- C:\Users\User\Desktop\my walk.lws
[2011/04/12 11:08:29 | 000,070,976 | ---- | M] () -- C:\Users\User\Desktop\period C walk.lws
[2011/04/12 09:56:20 | 000,070,959 | ---- | M] () -- C:\Users\User\Desktop\period E walk.lws
[2011/03/30 12:11:21 | 000,000,242 | -H-- | M] () -- C:\Users\User\BandSaw.cfg
[2011/03/29 22:19:50 | 050,714,577 | ---- | M] () -- C:\Users\User\Desktop\LHS biker build off.wmv

========== Files Created - No Company Name ==========

[2011/04/26 14:50:38 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2011/04/25 14:13:06 | 000,293,019 | ---- | C] () -- C:\Users\User\Desktop\gmer.zip
[2011/04/25 14:09:13 | 000,001,464 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/04/25 14:06:53 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/04/25 14:00:07 | 059,873,664 | ---- | C] () -- C:\Users\User\Desktop\tgk6ly53.exe
[2011/04/25 12:46:22 | 460,044,885 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/25 12:09:46 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/15 12:03:20 | 000,014,862 | ---- | C] () -- C:\Users\User\Desktop\blank30mmcube.cmb.gz
[2011/04/15 10:39:11 | 029,281,965 | ---- | C] () -- C:\Users\User\Desktop\maglev 2011_0001.wmv
[2011/04/15 08:23:51 | 000,016,547 | ---- | C] () -- C:\Users\User\Desktop\LCibbon test.lws
[2011/04/15 08:15:25 | 000,030,522 | ---- | C] () -- C:\Users\User\Desktop\Light Cycle.lwo
[2011/04/15 08:05:14 | 000,416,768 | ---- | C] () -- C:\Users\User\Desktop\maglev 2011.MSWMM
[2011/04/15 07:57:56 | 000,011,432 | ---- | C] () -- C:\Users\User\Desktop\cycle wheel 2.lwo
[2011/04/15 07:23:48 | 000,011,432 | ---- | C] () -- C:\Users\User\Desktop\cycle wheel.lwo
[2011/04/13 11:31:46 | 000,001,718 | -H-- | C] () -- C:\Users\User\Desktop\License.avastlic
[2011/04/13 09:08:49 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~41213704r
[2011/04/13 09:08:49 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~41213704
[2011/04/13 09:08:48 | 000,000,581 | -H-- | C] () -- C:\Users\User\Desktop\Windows Restore.lnk
[2011/04/13 09:08:45 | 000,000,336 | -H-- | C] () -- C:\ProgramData\41213704
[2011/04/13 06:49:15 | 000,065,932 | ---- | C] () -- C:\Users\User\Desktop\period F walk.lws
[2011/04/12 11:57:35 | 000,092,512 | -H-- | C] () -- C:\Users\User\Desktop\my walk2.lws
[2011/04/12 11:23:48 | 000,090,844 | -H-- | C] () -- C:\Users\User\Desktop\my walk.lws
[2011/04/12 11:08:29 | 000,070,976 | ---- | C] () -- C:\Users\User\Desktop\period C walk.lws
[2011/04/12 09:56:20 | 000,070,959 | ---- | C] () -- C:\Users\User\Desktop\period E walk.lws
[2011/03/29 22:14:49 | 050,714,577 | ---- | C] () -- C:\Users\User\Desktop\LHS biker build off.wmv
[2010/12/22 10:29:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/21 08:57:06 | 000,000,144 | -H-- | C] () -- C:\ProgramData\MagicPlayDVD.ini
[2010/12/11 19:49:49 | 000,146,432 | -H-- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 18:41:58 | 000,274,454 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010/12/11 18:41:53 | 000,274,454 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010/12/11 17:50:56 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/04/11 09:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 09:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 09:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/11 09:18:02 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2007/06/27 09:00:00 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2007/06/27 09:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007/06/27 09:00:00 | 000,352,256 | ---- | C] () -- C:\Windows\System32\zSHP2600.EXE
[2007/06/27 09:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP2600.EXE
[2007/04/18 07:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\oem_uninst.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,371,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#4
ja9219
Posted 28 April 2011 - 12:34 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL ext

��OTL Extras logfile created on: 4/28/2011 7:17:37 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 5.50 Gb Free Space | 3.69% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3ECE90C1-723D-43B2-BE80-9A441D2AE7BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0399F801-2C37-466D-88E1-E7ACD171AAF1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E744A64-575E-4560-AE65-A21438129453}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4C37579B-AB8D-44B8-9691-9F0EB1B2B62D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6BE550E7-0504-45BC-A783-9EFDA567C825}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E3D688B2-3F4A-4700-ABA1-0E2697B9C4FB}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{E654A544-3485-4BD5-B405-CBD1833C1BE4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0779A170-D7A6-4A87-8844-BE01FB62ADF2}C:\program files\newtek\lightwave 3d 9\programs\modeler.exe" = protocol=6 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\modeler.exe |
"TCP Query User{17F66B6B-8BD9-49C7-B50A-3123B4B445EE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1AFF4294-2E64-439E-853C-EC5899D1C26C}C:\program files\dimension\catalystex 4.1\nt\catalystex.exe" = protocol=6 | dir=in | app=c:\program files\dimension\catalystex 4.1\nt\catalystex.exe |
"TCP Query User{51DF0C4B-FC73-4469-A9F7-07D31DCED0D0}C:\program files\newtek\lightwave 3d 9\programs\lightwav.exe" = protocol=6 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\lightwav.exe |
"TCP Query User{52C13439-BE05-4BBC-8101-EEE7417BD143}C:\program files\newtek\lightwave 3d 9\programs\modeler.exe" = protocol=6 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\modeler.exe |
"TCP Query User{90745267-D734-424D-96C3-8FB929C3B322}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BE597EB8-2377-4BB8-B0EC-4DAD4A6748E0}C:\program files\dimension\catalystex 4.1\nt\catalystex.exe" = protocol=6 | dir=in | app=c:\program files\dimension\catalystex 4.1\nt\catalystex.exe |
"TCP Query User{BE999D09-8159-44F8-96E0-87D9D3163B17}C:\program files\newtek\lightwave 3d 9\programs\hub.exe" = protocol=6 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\hub.exe |
"TCP Query User{D577B6BE-F041-44F5-8731-3CB37D94491E}C:\program files\newtek\lightwave 3d 9\programs\hub.exe" = protocol=6 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\hub.exe |
"TCP Query User{E32BC84D-3593-4B79-B8AD-2C979E682CCA}C:\program files\newtek\lightwave 3d 9\programs\lightwav.exe" = protocol=6 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\lightwav.exe |
"UDP Query User{03BC9996-EB7A-4E52-8103-E5ED18817AB8}C:\program files\newtek\lightwave 3d 9\programs\hub.exe" = protocol=17 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\hub.exe |
"UDP Query User{184E2255-9347-43AE-80C8-87445F42034D}C:\program files\dimension\catalystex 4.1\nt\catalystex.exe" = protocol=17 | dir=in | app=c:\program files\dimension\catalystex 4.1\nt\catalystex.exe |
"UDP Query User{2AB684BD-934A-4F11-B77E-820943D18A03}C:\program files\dimension\catalystex 4.1\nt\catalystex.exe" = protocol=17 | dir=in | app=c:\program files\dimension\catalystex 4.1\nt\catalystex.exe |
"UDP Query User{2EF8B11D-2FA5-4894-AEDA-0E606BBF3B2B}C:\program files\newtek\lightwave 3d 9\programs\modeler.exe" = protocol=17 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\modeler.exe |
"UDP Query User{43394539-3AD8-4B63-8D21-ACDA38F32F66}C:\program files\newtek\lightwave 3d 9\programs\lightwav.exe" = protocol=17 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\lightwav.exe |
"UDP Query User{4D9135F0-0CB3-485B-94D1-879B95EA10FA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7DA71395-08E1-42DB-8F09-9ED09D1D4E74}C:\program files\newtek\lightwave 3d 9\programs\hub.exe" = protocol=17 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\hub.exe |
"UDP Query User{9E22B713-A54E-4E5A-9F91-64C79A075FB9}C:\program files\newtek\lightwave 3d 9\programs\lightwav.exe" = protocol=17 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\lightwav.exe |
"UDP Query User{CEA5F546-9FB9-4405-9AAD-E6388702BD2F}C:\program files\newtek\lightwave 3d 9\programs\modeler.exe" = protocol=17 | dir=in | app=c:\program files\newtek\lightwave 3d 9\programs\modeler.exe |
"UDP Query User{F9523C1A-2B16-42E0-9AEA-72CCC09C0295}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12D49E66-7C31-43EC-81B7-9E02586F8BF5}" = SolidWorks eDrawings 2010
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP04
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3556AF72-0B56-4B2E-8632-0BA8C70F531A}" = CatalystEX 4.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6f5a8c1f-c61b-404b-859e-8913dad13988}" = Sophos pcclie-i Cleanup Tool
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF9E346B-5ECE-4A18-9510-55729FD08323}" = Sentinel System Driver Installer 7.5.1
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f529f2c1-90aa-4b76-bc9f-f97aec153524}" = Nero 9 Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"FinalMediaPlayer_is1" = Final Media Player 2011
"HitmanPro35" = Hitman Pro 3.5
"LightWave 3D 9" = LightWave 3D
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"OEMInformation" = OEM Logo and Information
"PROPLUSR" = Microsoft Office Professional Plus 2007
"SolidWorks Installation Manager 20100-40400-1100-200" = SolidWorks 2010 SP04
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Trusted Software Assistant_is1" = File Type Assistant
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"WinGimp-2.0_is1" = GIMP 2.6.11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2011 12:22:47 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1373

Error - 4/25/2011 8:05:18 AM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18311 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1740 Start Time: 01cc0340ec00a020 Termination Time: 7582

Error - 4/25/2011 9:58:02 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/25/2011 9:58:02 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 107797

Error - 4/25/2011 9:58:02 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 107797

Error - 4/25/2011 2:09:13 PM | Computer Name = User-PC | Source = System Restore | ID = 8193
Description =

Error - 4/26/2011 1:01:10 PM | Computer Name = User-PC | Source = Perflib | ID = 1010
Description =

Error - 4/27/2011 1:46:05 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/27/2011 1:46:05 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 735638

Error - 4/27/2011 1:46:05 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 735638

[ System Events ]
Error - 4/27/2011 6:48:19 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2011 6:48:19 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 10:50:46 AM | Computer Name = User-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 4/27/2011 10:50:51 AM | Computer Name = User-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 4/27/2011 11:02:38 AM | Computer Name = User-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 4/27/2011 11:55:19 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 12:04:55 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 12:15:31 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2011 4:04:08 PM | Computer Name = User-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SMR162\0000 disappeared from the system without
first being prepared for removal.

Error - 4/28/2011 3:00:11 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#5
ja9219
Posted 28 April 2011 - 12:39 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Combofix did detect an infected system file, didn't see it in the report but it started with a v(the name escapes me at the moment

ComboFix 11-04-27.03 - User 04/28/2011 11:20:47.1.2 - x86
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.3070.2060 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2011 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\Desktop\Windows Restore.lnk
c:\windows\oem_uninst.exe
.


.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 15:35 . 2011-04-28 15:37 -------- d-----w- c:\users\User\AppData\Local\temp
2011-04-28 15:35 . 2011-04-28 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 15:09 . 2011-04-28 15:11 -------- d-----w- C:\32788R22FWJFW
2011-04-27 16:17 . 2011-04-27 16:17 30416 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-04-27 16:08 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 16:08 . 2011-04-27 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 16:08 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 18:53 . 2011-04-26 18:53 47992 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-04-26 18:51 . 2011-04-26 18:51 39288 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2011-04-26 18:51 . 2011-04-26 18:51 62584 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-04-26 18:51 . 2011-04-26 18:51 33912 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-04-26 18:51 . 2011-04-26 18:51 41336 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2011-04-26 18:49 . 2011-04-27 15:50 -------- d-----w- c:\programdata\G DATA
2011-04-26 18:49 . 2011-04-26 18:49 -------- d-----w- c:\program files\Common Files\G Data
2011-04-26 18:49 . 2011-04-26 18:49 -------- d-----w- c:\program files\G Data
2011-04-26 18:41 . 2011-04-26 18:41 -------- d-----w- c:\users\User\AppData\Local\Downloaded Installations
2011-04-26 17:01 . 2011-04-26 17:01 65536 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{6f5a8c1f-c61b-404b-859e-8913dad13988}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-04-26 17:01 . 2011-04-26 17:01 65536 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{6f5a8c1f-c61b-404b-859e-8913dad13988}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2011-04-26 17:01 . 2011-04-26 17:01 65536 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{6f5a8c1f-c61b-404b-859e-8913dad13988}\ARPPRODUCTICON.exe
2011-04-26 17:01 . 2011-04-26 17:47 -------- d-----w- c:\program files\Sophos
2011-04-26 11:28 . 2011-04-28 13:35 -------- d-----w- c:\users\User\DoctorWeb
2011-04-26 11:16 . 2011-04-27 15:59 -------- d-----w- c:\users\User\AppData\Local\NPE
2011-04-25 18:16 . 2011-04-25 18:18 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-04-25 16:09 . 2011-04-25 18:11 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 16:09 . 2011-04-25 16:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-25 16:09 . 2011-04-25 18:09 -------- d-----w- c:\programdata\Hitman Pro
2011-04-15 17:57 . 2011-04-15 17:57 -------- d-----w- c:\users\User\AppData\Roaming\AVG10
2011-04-15 17:54 . 2011-04-15 17:54 -------- d--h--w- c:\programdata\Common Files
2011-04-15 17:52 . 2011-04-26 18:37 -------- d-----w- c:\programdata\AVG10
2011-04-15 17:51 . 2011-04-15 17:51 -------- d-----w- c:\program files\AVG
2011-04-15 17:48 . 2011-04-26 18:36 -------- d-----w- c:\programdata\MFAData
2011-04-15 11:13 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2383B3C-926E-4121-9856-66976FD9D85A}\mpengine.dll
2011-04-14 16:08 . 2011-04-14 16:08 -------- d-----w- c:\program files\VirusTotalUploader2
2011-04-14 15:37 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 15:37 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 15:37 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 15:37 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 15:37 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 15:36 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 15:36 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 02:04 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 02:04 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 17:21 . 2011-04-13 17:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-13 17:08 . 2011-04-13 17:08 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-04-13 17:07 . 2011-04-13 17:07 -------- d-----w- c:\programdata\Malwarebytes
2011-03-30 11:15 . 2011-03-30 11:15 -------- d--h--w- c:\users\User\AppData\Roaming\Recordpad
2011-03-30 01:45 . 2011-03-30 01:45 -------- d--h--w- c:\users\User\AppData\Roaming\NCH Software
2011-03-30 01:44 . 2011-03-30 01:44 -------- d-----w- c:\program files\NCH Software
2011-03-30 01:44 . 2011-04-06 02:15 -------- d--h--w- c:\programdata\NCH Swift Sound
2011-03-30 01:44 . 2011-04-27 16:03 -------- d-----w- c:\program files\NCH Swift Sound
2011-03-30 01:44 . 2011-04-13 16:37 -------- d--h--w- c:\users\User\AppData\Roaming\NCH Swift Sound
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 15:40 . 2011-04-28 15:40 0 ---ha-w- c:\users\User\AppData\Local\BIT49C1.tmp
2011-02-22 14:13 . 2011-03-23 08:56 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 08:56 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 08:56 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-15 00:27 . 2011-02-15 00:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:11 . 2010-12-12 07:06 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\G Data AntiVirus Tray Application]
2010-11-17 15:40 995832 ----a-w- c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GDFirewallTray]
2010-11-17 15:42 1538040 ----a-w- c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-04-25 16968]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C310.tmp [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-04-25 135032]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-04-26 33912]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-04-26 62584]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-04-26 41336]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-04-27 30416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-04-26 39288]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-11-17 1098232]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2010-11-17 411128]
S2 AVKWCtl;G Data Filesystem Monitor;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2010-11-17 1333264]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2010-11-17 1610352]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-04-26 47992]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2010-11-17 340984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-15 21:50]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 11:01]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 11:01]
.
2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{B94781C0-B6F9-4CBF-97F2-A58245B57A7B}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-OEMInformation - c:\windows\oem_uninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C310.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\nvvsvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-28 11:53:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-28 15:52
.
Pre-Run: 6,117,564,416 bytes free
Post-Run: 6,078,840,832 bytes free
.
- - End Of File - - 6ED654FBE0597C2DA2850EAD927013F8
  • 0

#6
ja9219
Posted 28 April 2011 - 12:45 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
High jack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:54 PM, on 4/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\NewTek\LightWave 3D 9\Programs\modeler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0T1ZS60\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - Unknown owner - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 6420 bytes


Just realized I never ran it in administrator, do to us both having to rush fairly quickly, I also forgot to send the other log the mbrcheck. So I will send it tomorrow, just one thing I sent these .txt to my aim account, and since my school is set up like a fortress(you can't even right click on the mouse), I had to type in aimmail to access it, once there I got a popup, I'm guessing it was due to the ad on the aimmail page, however it never loaded most likely do to the school. Other then that it seems to be running good.

thanks
  • 0

#7
RKinner
Posted 28 April 2011 - 02:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I assume this G Data AntiVirus is something you installed. Never heard of it myself but it appears legitimate. I prefer Avast or avira myself. Avast's boot-time scan is very good. Add Online Armor's free firewall and the system is fairly secure.


These files from the OTL log:

[2011/04/13 09:08:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41213704r
[2011/04/13 09:08:49 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~41213704
[2011/04/13 09:08:48 | 000,000,581 | -H-- | M] () -- C:\Users\User\Desktop\Windows Restore.lnk
[2011/04/13 09:08:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\41213704
[2011/04/13 09:08:43 | 000,274,454 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/13 09:08:43 | 000,274,454 | -H-- | M] () -- C:\ProgramData\nvModes.001

These 4 are definitely dirty:
[2011/04/13 09:08:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41213704r
[2011/04/13 09:08:49 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~41213704
[2011/04/13 09:08:48 | 000,000,581 | -H-- | M] () -- C:\Users\User\Desktop\Windows Restore.lnk <= combofix killed this one already
[2011/04/13 09:08:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\41213704

The last two are so close in time that I would think they must be dirty too.

[2011/04/13 09:08:43 | 000,274,454 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/13 09:08:43 | 000,274,454 | -H-- | M] () -- C:\ProgramData\nvModes.001

I would delete all of them.

Ron
  • 0

#8
RKinner
Posted 28 April 2011 - 02:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Error - 4/27/2011 10:50:46 AM | Computer Name = User-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Check and see if there is a new BIOS version available for this PC.
  • 0

#9
ja9219
Posted 28 April 2011 - 02:34 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yeah, Gdata is something I installed myself(30 day trial), he originally had an outdated avast internet security(took it to a repair shop, would have been an easy fix and saved him $80) Gdata uses avast engine with bitdefender(although I believe that has changed). Upgrading the bios as well as giving his computer a full tuneup is something I planned on doing(prevention is probably what I'm best at anyways) as well. The windows restore.ink I had a feeling was dirty. Should I repost another otl log after this, and should I still post another hijack this log as well as a mbrcheck?

thanks
  • 0

#10
RKinner
Posted 28 April 2011 - 03:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I don't need Hijackthis. We get the same info and a lot more from OTL. You can run a quick scan with OTL after removing the bad guys just in case they were hiding something but I think you are clean but I would still like to see an mbrcheck. Could I also see your TDSSKiller and GMER logs?

Since G Data's just a trial I would let it do a full scan then uninstall it and put the free Avast back:

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Make sure you register it and explain to him that he will need to reregister in a year or so. They will try to talk him into the paid version but the free version should still be there.

Then add the free online armor

http://www.online-armor.com/

I would also clear out the System Restore:

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Make sure any adobe stuff he has is up to date.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox

With IE you should use SimpleAdBlock: http://simple-adblock.com/

Ron
  • 0

Advertisements

#11
ja9219
Posted 28 April 2011 - 04:14 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for your help, I'll definitely post a log tomorrow, just to make sure everything is good.
  • 0

#12
ja9219
Posted 02 May 2011 - 12:23 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry for not posting the logs, but I wasn't able to get the otl log till today.

OTL

OTL logfile created on: 5/2/2011 12:09:26 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 2.65 Gb Free Space | 1.78% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 13:49:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/08 18:24:06 | 000,469,208 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/07/29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 09:18:17 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 13:49:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/02 22:02:42 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/07/29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/04/25 14:18:58 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2011/04/25 14:11:07 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/10/03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/17 08:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009/09/17 08:05:02 | 000,038,376 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/15 18:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 03:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/04/30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/07/14 12:14:00 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\risdptsk.sys -- (risdptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/04/28 11:37:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.90.10.2 10.3.10.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 12:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/05/02 12:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/02 12:04:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Auslogics
[2011/05/02 12:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/05/02 12:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/05/02 12:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/02 12:01:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/02 12:01:04 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/02 12:00:52 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/02 12:00:52 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/02 12:00:51 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/02 12:00:49 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/02 12:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/05/02 12:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/02 11:59:59 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/02 11:59:56 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/02 11:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/02 11:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 14:02:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/04/29 14:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/04/29 14:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/29 14:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/29 13:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/04/29 13:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/04/29 13:49:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/04/29 13:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/04/28 11:53:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2011/04/28 11:43:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/28 11:16:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 11:16:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 11:16:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 11:11:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 11:09:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 11:09:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/28 11:04:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 12:17:52 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011/04/27 12:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/27 12:08:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/27 12:08:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/27 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/27 09:19:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\tron
[2011/04/26 14:53:30 | 000,047,992 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011/04/26 14:51:41 | 000,062,584 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011/04/26 14:51:38 | 000,033,912 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011/04/26 14:51:27 | 000,041,336 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011/04/26 14:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011/04/26 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2011/04/26 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/04/26 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Downloaded Installations
[2011/04/26 13:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/26 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/04/26 13:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/26 07:28:47 | 000,000,000 | ---D | C] -- C:\Users\User\DoctorWeb
[2011/04/26 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\NPE
[2011/04/25 14:16:01 | 000,135,032 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2011/04/25 14:13:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\gmer
[2011/04/25 12:46:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/25 12:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/04/25 12:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/25 12:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/25 12:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/15 13:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/04/15 13:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/15 07:10:32 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\MGLV vids
[2011/04/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2011/04/14 12:08:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2011/04/13 13:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/13 13:08:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/04/13 13:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/13 07:19:25 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\LW

========== Files - Modified Within 30 Days ==========

[2011/05/02 12:02:15 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 12:02:15 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 12:00:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/02 11:55:26 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 11:55:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/05/02 11:55:11 | 000,003,888 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 11:55:11 | 000,003,888 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 11:55:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 11:53:52 | 000,183,451 | ---- | M] () -- C:\Users\User\LWEXT9.CFG
[2011/05/02 11:53:52 | 000,026,893 | ---- | M] () -- C:\Users\User\LW9.CFG
[2011/05/02 11:53:34 | 000,004,977 | ---- | M] () -- C:\Users\User\LWM9.CFG
[2011/05/02 11:46:52 | 000,271,914 | ---- | M] () -- C:\Users\User\Desktop\Light Cycle.lwo
[2011/05/02 11:42:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B94781C0-B6F9-4CBF-97F2-A58245B57A7B}.job
[2011/05/02 11:16:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 11:16:03 | 000,146,432 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 10:03:21 | 000,000,249 | ---- | M] () -- C:\Users\User\BandSaw.cfg
[2011/04/30 19:01:56 | 000,000,018 | ---- | M] () -- C:\Users\User\mt_divide.cfg
[2011/04/29 15:27:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/04/29 15:27:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/04/29 13:49:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/04/28 11:37:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/27 12:17:52 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011/04/26 14:53:30 | 000,047,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011/04/26 14:51:41 | 000,062,584 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011/04/26 14:51:38 | 000,033,912 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011/04/26 14:51:27 | 000,041,336 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011/04/26 13:54:39 | 460,044,885 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/25 14:18:58 | 000,135,032 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\System32\drivers\dwprot.sys
[2011/04/25 14:11:07 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/25 14:09:13 | 000,001,464 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/04/25 14:07:52 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/04/19 18:00:16 | 000,000,680 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/15 12:03:21 | 000,014,862 | ---- | M] () -- C:\Users\User\Desktop\blank30mmcube.cmb.gz
[2011/04/15 10:41:16 | 029,281,965 | ---- | M] () -- C:\Users\User\Desktop\maglev 2011_0001.wmv
[2011/04/15 08:37:22 | 000,016,547 | ---- | M] () -- C:\Users\User\Desktop\LCibbon test.lws
[2011/04/15 08:05:15 | 000,416,768 | ---- | M] () -- C:\Users\User\Desktop\maglev 2011.MSWMM
[2011/04/15 07:57:56 | 000,011,432 | ---- | M] () -- C:\Users\User\Desktop\cycle wheel 2.lwo
[2011/04/15 07:57:07 | 000,011,432 | ---- | M] () -- C:\Users\User\Desktop\cycle wheel.lwo
[2011/04/15 07:08:58 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/13 11:31:47 | 000,001,718 | ---- | M] () -- C:\Users\User\Desktop\License.avastlic
[2011/04/13 08:33:07 | 000,000,626 | ---- | M] () -- C:\Users\User\LWHUB9.CFG
[2011/04/13 06:49:15 | 000,065,932 | ---- | M] () -- C:\Users\User\Desktop\period F walk.lws
[2011/04/12 11:57:35 | 000,092,512 | ---- | M] () -- C:\Users\User\Desktop\my walk2.lws
[2011/04/12 11:55:17 | 000,090,844 | ---- | M] () -- C:\Users\User\Desktop\my walk.lws
[2011/04/12 11:08:29 | 000,070,976 | ---- | M] () -- C:\Users\User\Desktop\period C walk.lws
[2011/04/12 09:56:20 | 000,070,959 | ---- | M] () -- C:\Users\User\Desktop\period E walk.lws

========== Files Created - No Company Name ==========

[2011/04/29 15:27:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/04/29 15:27:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/04/29 15:26:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/04/28 11:16:07 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 11:16:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 11:16:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 11:16:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 11:16:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/25 14:09:13 | 000,001,464 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/04/25 14:06:53 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/04/25 12:46:22 | 460,044,885 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/25 12:09:46 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/15 12:03:20 | 000,014,862 | ---- | C] () -- C:\Users\User\Desktop\blank30mmcube.cmb.gz
[2011/04/15 10:39:11 | 029,281,965 | ---- | C] () -- C:\Users\User\Desktop\maglev 2011_0001.wmv
[2011/04/15 08:23:51 | 000,016,547 | ---- | C] () -- C:\Users\User\Desktop\LCibbon test.lws
[2011/04/15 08:15:25 | 000,271,914 | ---- | C] () -- C:\Users\User\Desktop\Light Cycle.lwo
[2011/04/15 08:05:14 | 000,416,768 | ---- | C] () -- C:\Users\User\Desktop\maglev 2011.MSWMM
[2011/04/15 07:57:56 | 000,011,432 | ---- | C] () -- C:\Users\User\Desktop\cycle wheel 2.lwo
[2011/04/15 07:23:48 | 000,011,432 | ---- | C] () -- C:\Users\User\Desktop\cycle wheel.lwo
[2011/04/13 11:31:46 | 000,001,718 | ---- | C] () -- C:\Users\User\Desktop\License.avastlic
[2011/04/13 06:49:15 | 000,065,932 | ---- | C] () -- C:\Users\User\Desktop\period F walk.lws
[2011/04/12 11:57:35 | 000,092,512 | ---- | C] () -- C:\Users\User\Desktop\my walk2.lws
[2011/04/12 11:23:48 | 000,090,844 | ---- | C] () -- C:\Users\User\Desktop\my walk.lws
[2011/04/12 11:08:29 | 000,070,976 | ---- | C] () -- C:\Users\User\Desktop\period C walk.lws
[2011/04/12 09:56:20 | 000,070,959 | ---- | C] () -- C:\Users\User\Desktop\period E walk.lws
[2011/03/17 19:57:18 | 000,339,968 | ---- | C] () -- C:\Windows\System32\ZSHP2600.EXE
[2010/12/22 10:29:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/21 08:57:06 | 000,000,144 | ---- | C] () -- C:\ProgramData\MagicPlayDVD.ini
[2010/12/11 19:49:49 | 000,146,432 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 17:50:56 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/04/11 09:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 09:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 09:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2007/08/21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2007/06/27 09:00:00 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2007/06/27 09:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007/06/27 09:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP2600.EXE
[2007/06/27 09:00:00 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp2600.DLL
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,371,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/05/02 12:04:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Auslogics
[2011/03/02 19:27:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DassaultSystemes
[2011/02/14 20:35:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverCure
[2011/01/23 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DWGeditor
[2011/03/02 19:28:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EDrawings
[2011/02/16 12:22:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalMediaPlayer
[2011/03/27 19:09:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2011/03/02 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IM
[2011/04/13 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2011/03/30 07:15:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Recordpad
[2011/01/28 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stratasys, Inc
[2011/05/02 11:55:26 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2011/05/02 11:54:08 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/02 11:42:03 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B94781C0-B6F9-4CBF-97F2-A58245B57A7B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#13
ja9219
Posted 02 May 2011 - 12:25 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
GMER log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-29 13:11:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVT-00A23T0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0x83021088]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0x830221E0]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0x83021306]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0x830222E2]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0x8302232E]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0x83021416]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThreadEx [0x830222B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 826AE8B4 4 Bytes [88, 10, 02, 83]
.text ntkrnlpa.exe!KeSetEvent + 221 826AE9A4 4 Bytes [E0, 21, 02, 83]
.text ntkrnlpa.exe!KeSetEvent + 335 826AEAB8 4 Bytes [06, 13, 02, 83]
.text ntkrnlpa.exe!KeSetEvent + 4E5 826AEC68 4 Bytes [E2, 22, 02, 83]
.text ntkrnlpa.exe!KeSetEvent + 56D 826AECF0 4 Bytes [2E, 23, 02, 83]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow 179644862

---- EOF - GMER 1.0.15 ----
  • 0

#14
ja9219
Posted 02 May 2011 - 12:25 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
MBRcheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 151):
0x82602000 \SystemRoot\system32\ntkrnlpa.exe
0x829BC000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047E000 \SystemRoot\system32\PSHED.dll
0x8048F000 \SystemRoot\system32\BOOTVID.dll
0x80497000 \SystemRoot\system32\CLFS.SYS
0x804D8000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\system32\drivers\intelide.sys
0x8078B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80799000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A9000 \SystemRoot\system32\drivers\atapi.sys
0x807B1000 \SystemRoot\system32\drivers\ataport.SYS
0x807CF000 \SystemRoot\system32\drivers\msahci.sys
0x805B8000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x8300D000 \SystemRoot\system32\drivers\dwprot.sys
0x8302D000 \SystemRoot\system32\drivers\msrpc.sys
0x83058000 \SystemRoot\system32\drivers\NETIO.SYS
0x83093000 \SystemRoot\system32\drivers\NDIS.SYS
0x8319E000 \SystemRoot\system32\drivers\TDI.SYS
0x8320B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8327C000 \SystemRoot\System32\drivers\tcpip.sys
0x83366000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB19000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB52000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5A000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x8AB61000 \SystemRoot\System32\Drivers\mup.sys
0x8AB70000 \SystemRoot\system32\drivers\GDBehave.sys
0x8AB77000 \SystemRoot\System32\drivers\ecache.sys
0x8AB9E000 \SystemRoot\system32\drivers\disk.sys
0x8ABAF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABD0000 \SystemRoot\system32\drivers\crcdisk.sys
0x83381000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8338C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E20F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EB80000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8EE01000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EEA1000 \SystemRoot\System32\drivers\watchdog.sys
0x8EEAD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EEB8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EEF6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EF05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FA0C000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8FC33000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FC42000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FC52000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FC60000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FC71000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FC85000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FCD7000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8FCD9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FCE9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FCF0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FD03000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FD0E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FD19000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FD31000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FD37000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FD66000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FDA7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FDBE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FDC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FDEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EF92000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EFA6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EFBB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FDFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EFCB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EB82000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EB8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EFF5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EBC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8339B000 \SystemRoot\system32\drivers\HdAudio.sys
0x831A9000 \SystemRoot\system32\drivers\portcls.sys
0x8EBD5000 \SystemRoot\system32\drivers\drmk.sys
0x9000F000 \SystemRoot\system32\DRIVERS\smserial.sys
0x90106000 \SystemRoot\system32\drivers\modem.sys
0x90113000 \??\C:\Windows\system32\drivers\MiniIcpt.sys
0x90121000 \??\C:\Windows\system32\drivers\HookCentre.sys
0x9012F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90138000 \SystemRoot\System32\Drivers\Null.SYS
0x9013F000 \SystemRoot\System32\Drivers\Beep.SYS
0x90146000 \SystemRoot\System32\drivers\vga.sys
0x90152000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90173000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9017B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90183000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9018E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9019C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x901A5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x901BB000 \SystemRoot\system32\DRIVERS\smb.sys
0x9020E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90240000 \SystemRoot\system32\drivers\afd.sys
0x90288000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9029E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x902AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x902BF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x902FB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90305000 \??\C:\Windows\system32\drivers\GRD.sys
0x9031B000 \SystemRoot\system32\drivers\gdwfpcd32.sys
0x90328000 \SystemRoot\System32\Drivers\dfsc.sys
0x9033F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90356000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90358000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90379000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90386000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90391000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97460000 \SystemRoot\System32\win32k.sys
0x9039B000 \SystemRoot\System32\drivers\Dxapi.sys
0x903A5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97680000 \SystemRoot\System32\TSDDD.dll
0x976A0000 \SystemRoot\System32\cdd.dll
0x903B4000 \SystemRoot\system32\drivers\luafv.sys
0x81C0E000 \SystemRoot\system32\drivers\spsys.sys
0x81CBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81CCE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81CF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81D02000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81D15000 \SystemRoot\system32\drivers\HTTP.sys
0x81D82000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81D9F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81DB8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81DCD000 \SystemRoot\system32\drivers\mrxdav.sys
0x903CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C009000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C042000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C05A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C082000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C0E9000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0x9C0FE000 \SystemRoot\system32\drivers\peauth.sys
0x9C1DC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C1E6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C0D1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x81DEE000 \??\C:\Windows\system32\drivers\PktIcpt.sys
0x76FC0000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
552 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
908 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
976 C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
1012 C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
1052 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\spoolsv.exe
1628 C:\Windows\System32\svchost.exe
1800 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1832 C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
1852 C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
1908 C:\Program Files\Bonjour\mDNSResponder.exe
1952 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2024 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
516 C:\Windows\System32\svchost.exe
560 C:\Program Files\CyberLink\Shared files\RichVideo.exe
664 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\SearchIndexer.exe
2288 C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
2424 C:\Windows\System32\taskeng.exe
2980 C:\Windows\System32\nvvsvc.exe
3452 C:\Windows\System32\taskeng.exe
3584 C:\Windows\System32\dwm.exe
3620 C:\Windows\explorer.exe
3652 C:\Windows\System32\taskeng.exe
3880 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3916 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3924 C:\Program Files\iTunes\iTunesHelper.exe
3932 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3956 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3848 C:\Program Files\iPod\bin\iPodService.exe
3228 C:\Windows\System32\svchost.exe
5372 C:\Windows\servicing\TrustedInstaller.exe
5440 C:\Windows\System32\VSSVC.exe
5932 C:\Windows\System32\svchost.exe
4116 C:\Windows\System32\wuauclt.exe
792 C:\Windows\System32\msiexec.exe
3392 C:\Program Files\Internet Explorer\ielowutil.exe
4992 C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v3.18.exe
5260 C:\67c797db4ec3331ac10ec3e4c34ffecc\mrtstub.exe
5344 C:\Windows\System32\mrt.exe
5724 C:\Windows\System32\notepad.exe
5416 C:\Users\User\Desktop\MBRCheck.exe
4188 C:\Users\User\Desktop\gmer\gmer.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-00A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
  • 0

#15
ja9219
Posted 02 May 2011 - 12:26 PM

ja9219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
TDSSkiller log

��2011/04/26 12:55:21.0360 1396 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/26 12:55:21.0406 1396 ================================================================================
2011/04/26 12:55:21.0406 1396 SystemInfo:
2011/04/26 12:55:21.0406 1396
2011/04/26 12:55:21.0406 1396 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/26 12:55:21.0406 1396 Product type: Workstation
2011/04/26 12:55:21.0406 1396 ComputerName: USER-PC
2011/04/26 12:55:21.0406 1396 UserName: User
2011/04/26 12:55:21.0406 1396 Windows directory: C:\Windows
2011/04/26 12:55:21.0406 1396 System windows directory: C:\Windows
2011/04/26 12:55:21.0406 1396 Processor architecture: Intel x86
2011/04/26 12:55:21.0406 1396 Number of processors: 2
2011/04/26 12:55:21.0406 1396 Page size: 0x1000
2011/04/26 12:55:21.0406 1396 Boot type: Normal boot
2011/04/26 12:55:21.0406 1396 ================================================================================
2011/04/26 12:55:21.0672 1396 Initialize success
2011/04/26 12:55:24.0121 3256 ================================================================================
2011/04/26 12:55:24.0121 3256 Scan started
2011/04/26 12:55:24.0121 3256 Mode: Manual;
2011/04/26 12:55:24.0121 3256 ================================================================================
2011/04/26 12:55:25.0182 3256 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/26 12:55:25.0244 3256 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/26 12:55:25.0306 3256 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/26 12:55:25.0353 3256 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/26 12:55:25.0369 3256 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/26 12:55:25.0556 3256 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/26 12:55:25.0618 3256 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/26 12:55:25.0650 3256 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/26 12:55:25.0681 3256 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/26 12:55:25.0743 3256 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/26 12:55:25.0774 3256 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/26 12:55:25.0930 3256 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/26 12:55:25.0993 3256 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/26 12:55:26.0055 3256 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/26 12:55:26.0086 3256 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/26 12:55:26.0133 3256 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/26 12:55:26.0164 3256 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/26 12:55:26.0383 3256 AVGIDSDriver (fdc788f9c135f1d3d1ef632e955d386f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/04/26 12:55:26.0476 3256 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/04/26 12:55:26.0523 3256 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/04/26 12:55:26.0570 3256 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/04/26 12:55:26.0742 3256 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/04/26 12:55:26.0788 3256 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/04/26 12:55:26.0882 3256 Avgrkx86 (ffbe8adeb1fd8640540bf6e4a137b3ef) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/04/26 12:55:26.0976 3256 Avgtdix (69e6adf5cbbdeb5f2b727c93937a5823) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/04/26 12:55:27.0054 3256 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/26 12:55:27.0116 3256 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/26 12:55:27.0194 3256 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/26 12:55:27.0241 3256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/26 12:55:27.0256 3256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/26 12:55:27.0303 3256 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/26 12:55:27.0334 3256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/26 12:55:27.0366 3256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/26 12:55:27.0397 3256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/26 12:55:27.0444 3256 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/26 12:55:27.0490 3256 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/26 12:55:27.0522 3256 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/26 12:55:27.0584 3256 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/26 12:55:27.0646 3256 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/26 12:55:27.0740 3256 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/26 12:55:27.0787 3256 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/26 12:55:27.0818 3256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/26 12:55:27.0865 3256 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/26 12:55:27.0912 3256 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/26 12:55:27.0990 3256 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/26 12:55:28.0052 3256 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/26 12:55:28.0114 3256 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/26 12:55:28.0177 3256 DwProt (d33cfeb3404d47ad146040af6916beb6) C:\Windows\system32\drivers\dwprot.sys
2011/04/26 12:55:28.0302 3256 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/26 12:55:28.0380 3256 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/26 12:55:28.0442 3256 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/26 12:55:28.0489 3256 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/26 12:55:28.0536 3256 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
2011/04/26 12:55:28.0598 3256 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/26 12:55:28.0629 3256 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/26 12:55:28.0676 3256 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/26 12:55:28.0723 3256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/26 12:55:28.0754 3256 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/26 12:55:28.0785 3256 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/26 12:55:28.0832 3256 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/26 12:55:28.0894 3256 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/26 12:55:28.0957 3256 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/26 12:55:29.0019 3256 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/26 12:55:29.0300 3256 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/26 12:55:29.0924 3256 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/26 12:55:30.0127 3256 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/26 12:55:30.0361 3256 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/26 12:55:30.0548 3256 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/26 12:55:30.0798 3256 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\Windows\system32\drivers\hitmanpro35.sys
2011/04/26 12:55:30.0985 3256 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
2011/04/26 12:55:31.0266 3256 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/04/26 12:55:31.0765 3256 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/26 12:55:31.0952 3256 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/26 12:55:32.0124 3256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/26 12:55:32.0311 3256 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/26 12:55:32.0529 3256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/26 12:55:32.0748 3256 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/26 12:55:32.0950 3256 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/26 12:55:33.0294 3256 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/26 12:55:33.0465 3256 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/26 12:55:33.0652 3256 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/26 12:55:33.0793 3256 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/26 12:55:34.0011 3256 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/26 12:55:34.0230 3256 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/26 12:55:34.0495 3256 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/26 12:55:34.0682 3256 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/26 12:55:34.0885 3256 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/26 12:55:35.0072 3256 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/26 12:55:35.0337 3256 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/26 12:55:35.0587 3256 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/26 12:55:35.0821 3256 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/26 12:55:35.0930 3256 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/26 12:55:36.0414 3256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/26 12:55:36.0741 3256 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/26 12:55:36.0975 3256 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/26 12:55:37.0084 3256 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/26 12:55:37.0225 3256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/26 12:55:37.0334 3256 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/26 12:55:37.0412 3256 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/26 12:55:37.0490 3256 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/26 12:55:37.0552 3256 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
2011/04/26 12:55:37.0599 3256 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/26 12:55:37.0646 3256 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/26 12:55:37.0708 3256 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/26 12:55:37.0771 3256 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/26 12:55:37.0849 3256 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/26 12:55:37.0927 3256 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/26 12:55:38.0005 3256 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/26 12:55:38.0020 3256 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
2011/04/26 12:55:38.0145 3256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/26 12:55:38.0192 3256 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/26 12:55:38.0286 3256 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/26 12:55:38.0317 3256 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/26 12:55:38.0348 3256 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/26 12:55:38.0379 3256 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/26 12:55:38.0504 3256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/26 12:55:38.0769 3256 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/26 12:55:38.0925 3256 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/26 12:55:39.0034 3256 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/26 12:55:39.0175 3256 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/26 12:55:39.0393 3256 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/26 12:55:39.0596 3256 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/26 12:55:39.0799 3256 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/26 12:55:40.0002 3256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/26 12:55:40.0251 3256 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/26 12:55:40.0470 3256 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/26 12:55:40.0737 3256 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/26 12:55:40.0880 3256 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/26 12:55:40.0967 3256 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/26 12:55:41.0153 3256 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/26 12:55:41.0527 3256 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/26 12:55:41.0933 3256 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/26 12:55:42.0307 3256 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/26 12:55:43.0056 3256 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/26 12:55:43.0352 3256 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/26 12:55:43.0602 3256 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/26 12:55:43.0742 3256 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/26 12:55:43.0914 3256 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/26 12:55:43.0992 3256 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/26 12:55:44.0054 3256 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/26 12:55:44.0117 3256 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/26 12:55:44.0179 3256 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/26 12:55:44.0210 3256 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/26 12:55:44.0242 3256 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/26 12:55:44.0304 3256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/26 12:55:44.0444 3256 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/26 12:55:44.0491 3256 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/26 12:55:44.0585 3256 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/26 12:55:44.0803 3256 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\Windows\system32\drivers\pxkbf.sys
2011/04/26 12:55:44.0834 3256 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\Windows\system32\drivers\pxrts.sys
2011/04/26 12:55:44.0897 3256 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\Windows\system32\drivers\pxscan.sys
2011/04/26 12:55:44.0975 3256 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/26 12:55:45.0037 3256 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/26 12:55:45.0100 3256 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/26 12:55:45.0131 3256 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/26 12:55:45.0178 3256 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/26 12:55:45.0240 3256 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/26 12:55:45.0256 3256 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/26 12:55:45.0334 3256 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/26 12:55:45.0380 3256 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/26 12:55:45.0427 3256 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
2011/04/26 12:55:45.0458 3256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/26 12:55:45.0505 3256 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/26 12:55:45.0583 3256 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/26 12:55:45.0614 3256 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/26 12:55:45.0692 3256 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\Windows\system32\DRIVERS\risdptsk.sys
2011/04/26 12:55:45.0770 3256 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/26 12:55:45.0848 3256 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/26 12:55:45.0958 3256 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/26 12:55:46.0036 3256 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/26 12:55:46.0114 3256 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/26 12:55:46.0176 3256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/26 12:55:46.0270 3256 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/04/26 12:55:46.0301 3256 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/26 12:55:46.0722 3256 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/26 12:55:46.0800 3256 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/26 12:55:46.0956 3256 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/26 12:55:47.0003 3256 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/26 12:55:47.0018 3256 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/26 12:55:47.0034 3256 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/26 12:55:47.0252 3256 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/26 12:55:47.0580 3256 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/26 12:55:47.0814 3256 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/26 12:55:48.0048 3256 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/26 12:55:48.0142 3256 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/04/26 12:55:48.0235 3256 SNTNLUSB (ce724fc3ef8468bbab146ca1793c66dc) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2011/04/26 12:55:48.0329 3256 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/26 12:55:48.0563 3256 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/26 12:55:48.0688 3256 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/26 12:55:48.0750 3256 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/26 12:55:48.0844 3256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/26 12:55:48.0906 3256 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/26 12:55:48.0953 3256 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/26 12:55:49.0015 3256 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/26 12:55:49.0202 3256 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/26 12:55:50.0014 3256 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/26 12:55:50.0263 3256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/26 12:55:50.0372 3256 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/26 12:55:50.0560 3256 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/26 12:55:50.0762 3256 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/26 12:55:50.0996 3256 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/26 12:55:51.0215 3256 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/26 12:55:51.0371 3256 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/26 12:55:51.0418 3256 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/26 12:55:51.0449 3256 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/26 12:55:51.0496 3256 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/26 12:55:51.0542 3256 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/26 12:55:51.0589 3256 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/26 12:55:51.0620 3256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/26 12:55:51.0652 3256 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/26 12:55:51.0667 3256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/26 12:55:51.0730 3256 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/26 12:55:51.0776 3256 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/26 12:55:51.0839 3256 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/26 12:55:51.0886 3256 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/26 12:55:51.0901 3256 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/26 12:55:51.0979 3256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/26 12:55:52.0042 3256 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/26 12:55:52.0088 3256 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/26 12:55:52.0120 3256 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/26 12:55:52.0166 3256 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/26 12:55:52.0213 3256 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/26 12:55:52.0525 3256 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/26 12:55:52.0634 3256 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/26 12:55:52.0712 3256 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/26 12:55:52.0744 3256 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/26 12:55:52.0759 3256 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/26 12:55:52.0790 3256 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/26 12:55:52.0806 3256 volsnap (facdbfed06e893cbe907879486e68c07) C:\Windows\system32\drivers\volsnap.sys
2011/04/26 12:55:52.0853 3256 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/26 12:55:52.0884 3256 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/26 12:55:52.0931 3256 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/26 12:55:52.0962 3256 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/26 12:55:52.0993 3256 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/26 12:55:53.0056 3256 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/26 12:55:53.0118 3256 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/26 12:55:53.0368 3256 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/26 12:55:53.0430 3256 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/26 12:55:53.0461 3256 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/26 12:55:53.0508 3256 ================================================================================
2011/04/26 12:55:53.0508 3256 Scan finished
2011/04/26 12:55:53.0508 3256 ================================================================================
2011/04/26 12:59:03.0245 1408 Deinitialize success


thanks

Edited by ja9219, 02 May 2011 - 12:26 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP