Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

One million tries later, hopefully this posts


  • This topic is locked This topic is locked

#1
phedup

phedup

    Member

  • Member
  • PipPip
  • 48 posts
Please take a look at this log,
I know I have a bad infection, and am very worried i've been hacked, I am not sure how much data can be extracted off my machine but I would prefer none.
I dont know where this was picked up, I have boys, so God only knows. But I first noticed all of my services were disabled, I managed to get them back on enought o go online and have tried to scan using various programs and can only confirm that spybot found clickgift.load, and on a stupid attempt to run combofix (listened to someone I shouldnt have) I learned a rootkit had been found. Just to add to this stew, I have for the last 8 mos or so had "episodes" where my pc would shut down and not reboot for a few days, then bsod, then return to normal, very strange and perhaps not related, but you never know. thankyou for any time you put into this thread , even if you only read it, I am on my laptop, the pc that has this virus will not allow me to post, I managed to email the log and open it on my laptop. again I thankyou kindly







OTL logfile created on: 5/6/2011 11:09:42 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\monica\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 17.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 20.55 Gb Free Space | 55.22% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/03/16 03:59:00 | 000,165,888 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999/08/30 03:55:00 | 000,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\povrtdev.sys -- (msvad_simple)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.norwichbulletin.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\monica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 11:09:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/01 11:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 10:38:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 10:38:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 10:38:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 10:38:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\SUPERAntiSpyware.com
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/28 13:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/04/28 13:19:41 | 030,459,048 | ---- | C] (IObit ) -- C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 21:15:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 06:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/15 17:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\monica\Application Data\DivX
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 11:09:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\monica\Desktop\OTL.exe
[2011/05/06 11:01:05 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/05/06 11:00:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/06 11:00:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/06 11:00:30 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/06 11:00:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/06 10:30:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 10:19:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/06 10:19:21 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 14:01:31 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2011/05/05 13:27:43 | 000,000,111 | ---- | M] () -- C:\password.klc
[2011/05/05 13:26:29 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 13:31:33 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/04/28 13:31:28 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/04/28 13:31:28 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/04/28 13:19:51 | 030,459,048 | ---- | M] (IObit ) -- C:\Documents and Settings\monica\Desktop\asc4-setup-cnet.exe
[2011/04/27 11:51:50 | 000,001,193 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\NEW BROTHER PE-770 PE770 EMBROIDERY SEWING MACHINE eBay.url
[2011/04/27 09:40:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/26 21:15:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/26 14:57:55 | 000,003,450 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2011/04/23 14:51:12 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\monica\Desktop\YouTube - Mel shark tooth hunting 7-24-10, megalodon teeth.url
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/15 17:59:30 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/07 19:32:53 | 000,449,144 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/07 19:32:53 | 000,075,162 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[1 C:\Documents and Settings\monica\*.tmp files -> C:\Documents and Settings\monica\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 10:19:21 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/05 13:27:43 | 000,000,111 | ---- | C] () -- C:\password.klc
[2011/05/01 10:38:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 10:38:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 10:38:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 10:38:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 10:38:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 19:43:03 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 13:46:15 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/04/28 13:31:33 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/04/28 13:31:28 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/04/28 13:31:28 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/04/26 06:13:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 10:00:39 | 000,001,193 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\NEW BROTHER PE-770 PE770 EMBROIDERY SEWING MACHINE eBay.url
[2011/04/23 09:57:32 | 000,003,450 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\Lenovo IdeaPad Laptop Computer U450P with Charger eBay.url
[2011/04/07 16:18:32 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\monica\Desktop\YouTube - Mel shark tooth hunting 7-24-10, megalodon teeth.url
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/14 23:10:26 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/14 23:10:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/04 11:39:48 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 22:18:38 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/15 22:18:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/11/13 09:22:38 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
[2006/05/05 20:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/28 12:40:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/25 11:10:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/07 18:52:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/08/06 13:25:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/09 03:15:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe_A4M
[2004/07/08 15:15:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2004/04/25 13:24:07 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/16 17:30:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
[2004/03/18 19:37:38 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:23:39 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/31 20:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/22 22:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\ssdlc.dat
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/06/10 20:54:44 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/05 18:22:11 | 000,000,405 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/04/04 15:46:20 | 000,011,692 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 13:25:08 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\monica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/04/02 22:11:25 | 000,022,016 | ---- | C] () -- C:\WINDOWS\tstnet.exe
[2002/04/02 22:11:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\NetworkTest.exe
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:56:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:49:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:53:56 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:39:06 | 000,449,144 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2001/11/15 09:39:06 | 000,075,162 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2001/11/15 09:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 09:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 17:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/08/23 17:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2001/08/18 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2001/08/18 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 15:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/07/31 13:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/01 10:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2006/02/27 13:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/02/27 09:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(2)
[2006/02/27 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software(3)
[2008/06/20 13:39:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/10/17 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2011/02/15 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/16 08:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2005/09/27 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetVeda
[2006/02/25 23:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2002/03/14 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/11/13 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2011/04/30 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/23 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/10/19 14:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Aim
[2009/11/20 22:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\AVGTOOLBAR
[2010/10/15 10:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Canon
[2005/05/01 02:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\EPSON
[2003/11/15 00:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\FUJIFILM
[2006/04/26 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\ICAClient
[2010/11/18 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Image Zone Express
[2002/04/05 17:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\InterTrust
[2011/04/28 13:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\IObit
[2004/01/17 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Kontiki
[2004/02/26 21:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Leadertech
[2007/03/11 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Musicmatch
[2010/08/27 15:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Preclick
[2010/06/07 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Printer Info Cache
[2005/08/10 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Registry Defender
[2007/07/19 11:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Snapfish
[2008/02/13 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\TrueSwitch
[2007/04/03 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\monica\Application Data\Viewpoint
[2011/05/06 11:00:22 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\monica\My Documents\revised porch.rtf:SummaryInformation
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
: ) Patience is a virtue
  • 0

#3
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix. Also, I'm currently still in training, so there may be a longer than normal pause between my posts as I get expert feedback and permission to post each fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.

I'm currently reviewing your logs, and will get back to you as soon as I can :)
  • 0

#4
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi there, I've been looking over your logs, and have found issues we have to address.

I'd like to point out again that I'm in training, so I will be taking a bit longer before each post than normal.

Before we go too far though, would you please do the following:

  • Paste the contents of your Combofix.txt log, which you should be able to find on the root of your system drive, at C:\Combofix.txt, in your next post.
  • Open OTL again and put a tick in all of the "Use SafeList" options for Processes, Modules, Drivers, Standard Registry and Extra Registry. Put a tick in the "All" option for Services. Next, copy the text in the codebox below, and paste it into the Custom Scans/Fixes box, then press the "Run Scan" button:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\Tasks\*.job /lockedfiles
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT
    

    When it's done running, it should give you two text files: OTL.txt and Extras.txt. Please include both of those (pasted into the reply, please) in your next post.
  • Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please post back with Combofix.txt, OTL.txt, Extras.txt, and the Results.log from GMER, and I'll see what we can do about getting you fixed up. :)

Also, please let me know the issues you're currently experiencing with the machine, since part of your description was pre-Combofix, and before you re-enabled services.
  • 0

#5
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ComboFix 11-04-30.06 - Administrator 05/01/2011 10:51:15.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.338 [GMT -4:00]
Running from: c:\documents and settings\Administrator.DJHCGB11\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Yahoo!
c:\documents and settings\All Users\Application Data\Yahoo!\YOP\yop.html
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-30 13:48 . 2011-04-30 13:48 -------- d-----w- c:\documents and settings\Administrator.DJHCGB11\Application Data\SUPERAntiSpyware.com
2011-04-29 14:43 . 2011-04-29 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-29 14:41 . 2011-04-29 14:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-28 09:12 . 2011-04-28 09:12 -------- d-----w- c:\documents and settings\Administrator.DJHCGB11\Local Settings\Application Data\ApplicationHistory
2011-04-27 13:40 . 2011-04-27 13:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-27 13:40 . 2011-04-27 13:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-27 09:35 . 2011-04-27 09:35 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2011-04-27 01:15 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-07-31 17:18 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-07-31 17:18 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-07-31 17:19 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-07-31 17:19 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2010-07-31 17:19 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2010-07-31 17:19 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2010-07-31 17:19 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-07-31 17:19 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2010-07-31 17:19 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2004-08-04 07:56 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2001-08-18 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTWinModem1"="ltmsg.exe 9" [X]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-03 155648]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"EPSON Stylus CX5400 (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Camio Viewer 2000.lnk - c:\program files\Sierra Imaging\Image Expert 2000\IXApplet.exe [2002-3-14 49152]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 13:03 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [3/21/2009 9:50 AM 108552]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\SYSTEM32\DRIVERS\FTD2XX.sys [4/23/2005 1:44 PM 24197]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [10/3/2000 5:18 PM 6942]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [4/26/2011 9:15 PM 441176]
S1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/31/2010 1:19 PM 307288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [3/21/2009 9:50 AM 335240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [4/28/2011 1:30 PM 352656]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/31/2010 1:19 PM 19544]
S3 e-snap!Still;Alaris e-snap! USB Still Camera (WDM);c:\windows\system32\DRIVERS\aox402sc.sys --> c:\windows\system32\DRIVERS\aox402sc.sys [?]
S3 e-snap!Video;Alaris e-snap! USB Video Camera;c:\windows\system32\DRIVERS\aox402vc.sys --> c:\windows\system32\DRIVERS\aox402vc.sys [?]
S3 mamotou;mamotou;c:\windows\SYSTEM32\DRIVERS\mamotou.sys [12/17/2007 6:43 PM 49399]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [12/28/2007 12:50 PM 42112]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/6/2001 3:41 PM 28672]
S4 PuranDefrag;PuranDefrag;c:\windows\SYSTEM32\PuranDefragS.exe [8/6/2010 10:44 AM 229376]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-28 20:54]
.
2011-04-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2011-04-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.startsearcher.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM_ActiveSetup-{F9F803E5-559F-4323-8962-1572E758FDA7} - c:\documents and settings\monica\Application Data\Sun\kbmovm.dll
AddRemove-Facetheme - c:\program files\Object\facetheme_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???f???????????? C?????Disc Detector?B???A???????A?? [email protected]?$[email protected]?? [email protected][email protected]?B???A???????A?? [email protected]?????P???$[email protected]?? [email protected]??? ???????????????B?????? ????????????????????????????B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-75CAA0 rev.16.06V16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8374233B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\l3codeca.acm
c:\windows\System32\ctmp3.acm
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-01 11:08:25
ComboFix-quarantined-files.txt 2011-05-01 15:08
.
Pre-Run: 22,051,188,736 bytes free
Post-Run: 22,117,081,088 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 199D2EE7D5F4A004DF826A9C41653FC8
  • 0

#6
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ok I have done all of the requested scans, but am having nothing but trouble trying to post any of the results, I am stunned I was able to post the combofix log, so I will continue to try whilst you evaluate that, but can tell you the gmer did detect rootkit [email protected], but I dont see anything about a results log, I am justa bout ready to take this effing computer out to the freeway !!!.
thankyou for your help, and I will try to get around whatever is preventing my from posting , I can surf but not post, too weird
(This is being posted from a laptop)
  • 0

#7
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I'm going to ask my resident expert (who is helping me with this log) about an idea I have that should help things along quite a bit for you.

Keep trying to post those logs, but don't lose any sleep if you can't. We'll get to them. :)
  • 0

#8
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I think we can move forward with a partial fix just based on what you've posted so far. If you would, please follow these instructions:

  • Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      Posted Image
    • If an infected file is detected, the default action will be Cure, click on Continue.


      Posted Image
    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      Posted Image
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      Posted Image
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • Please choose ONE antivirus program - I'd suggest that you keep Avast! - and remove the others. AVG and Avira in this case would need to be uninstalled. However, the choice of which two to remove is up to you. Only one antivirus program should be on a machine at any given time, as not only will they fight with eachother and cause serious performance / glitch issues, but they can actually fight so hard they make your machine less secure instead of more secure.

Please post back with the report from TDSSKiller, and let me know which antivirus program you chose to keep. Please also let me know if you had any trouble removing the other two - any details about how the machine is running and issues you encounter are useful to us in helping you clean things up. :)

After you do these things, you can go forward with posting the logs from the other scans I asked you to do.
  • 0

#9
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ok im going to try the tdss thing, but I want to tell you I am only running avast, I have tried in vain numerous times to find and rid myself of the avira and avg and cannot find them anywhere, I have uninstaller programs that cannot, any help with ridding my world of those items I would appreciate.
I will post back soon, thankyou
  • 0

#10
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL.TXT

OTL logfile created on: 5/13/2011 10:20:13 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.DJHCGB11\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: | Country: | Language: | Date Format:

511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 21.16 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 07:37:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DJHCGB11\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 07:37:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DJHCGB11\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (avg8wd)
SRV - File not found [Disabled | Stopped] -- -- (avg8emc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/12 19:53:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spoolsv.exe -- (Spooler)
SRV - [2010/05/17 12:11:40 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (PlugPlay)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (Eventlog)
SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\es.dll -- (EventSystem)
SRV - [2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/13 20:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\WBEM\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ups.exe -- (UPS)
SRV - [2008/04/13 20:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/13 20:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\msdtc.exe -- (MSDTC)
SRV - [2008/04/13 20:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:21 | 000,267,776 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\fxssvc.exe -- (Fax)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/13 20:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 20:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (cisvc)
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll -- (winmgmt)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/13 20:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\upnphost.dll -- (upnphost)
SRV - [2008/04/13 20:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\w32time.dll -- (W32Time)
SRV - [2008/04/13 20:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\webclnt.dll -- (WebClient)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\termsrv.dll -- (TermService)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\trkwks.dll -- (TrkWks)
SRV - [2008/04/13 20:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\sens.dll -- (SENS)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\qmgr.dll -- (BITS)
SRV - [2008/04/13 20:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\qagentrt.dll -- (napagent)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\rasmans.dll -- (RasMan)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\netman.dll -- (Netman)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\ersvc.dll -- (ERSvc)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\audiosrv.dll -- (AudioSrv)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/18 22:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\WudfSvc.dll -- (WudfSvc)
SRV - [2005/10/18 11:58:40 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/09/06 09:42:27 | 000,833,168 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 14:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2001/08/18 08:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\RSVP.EXE -- (RSVP)
SRV - [2001/08/06 15:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
SRV - [2000/06/26 09:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 03:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\povrtdev.sys -- (msvad_simple)
DRV - [2009/08/18 09:03:08 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 09:03:08 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 09:23:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 15:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/05/07 16:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/03/29 07:24:11 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2006/01/03 16:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/07 05:50:20 | 000,049,399 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mamotou.sys -- (mamotou)
DRV - [2005/09/13 13:32:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/17 23:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV - [2004/08/23 22:57:40 | 000,004,992 | ---- | M] ((Standard Mouse Types)) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2004/08/23 22:55:48 | 000,011,264 | R--- | M] ((Standard Mouse Types)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - [2004/08/04 00:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/01/24 12:13:06 | 000,024,197 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2002/05/07 14:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\V4CB013D.SYS -- (FINEPIX_PCC)
DRV - [2002/04/11 18:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcm.sys -- (usbcm)
DRV - [2002/04/11 14:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2002/01/23 13:59:54 | 000,661,770 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/10/25 23:13:12 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/10/25 23:13:02 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/10/25 23:12:54 | 000,282,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/30 16:48:40 | 000,022,713 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2001/08/30 16:47:50 | 000,055,216 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2001/08/17 15:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/06/20 19:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 19:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/10/03 17:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098019000060 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1139152115093 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://webcam.atomic...activex/AMC.cab (Reg Error: Value error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoft.../as5/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv2.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://www.csde.stat...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload.ma...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...768/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...eInstallSBC.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 15:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/06 07:35:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DJHCGB11\Desktop\OTL.exe
[2011/05/05 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DJHCGB11\Local Settings\Application Data\Identities
[2011/05/05 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DJHCGB11\Application Data\Identities
[2011/05/01 11:20:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 10:38:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/01 10:38:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/01 10:38:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/01 10:38:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/01 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/30 19:42:22 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.DJHCGB11\Desktop\ms sec.exe
[2011/04/29 10:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/28 13:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/04/28 06:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DJHCGB11\Application Data\Macromedia
[2011/04/28 06:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DJHCGB11\Application Data\Adobe
[2011/04/28 05:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.DJHCGB11\Local Settings\Application Data\ApplicationHistory
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/27 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/26 21:15:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 06:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2002/03/14 02:59:57 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/05/13 10:13:37 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/13 10:13:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/11 15:34:06 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/11 15:33:41 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/05/06 11:01:05 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/05/06 11:00:30 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-214099845-2014835873-67682326-1006.job
[2011/05/06 10:30:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 07:37:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.DJHCGB11\Desktop\OTL.exe
[2011/05/05 14:01:31 | 000,000,111 | ---- | M] () -- C:\WINDOWS\password.klc
[2011/05/05 13:27:43 | 000,000,111 | ---- | M] () -- C:\password.klc
[2011/05/05 13:26:29 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/30 19:42:29 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.DJHCGB11\Desktop\ms sec.exe
[2011/04/28 13:31:33 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/04/28 13:31:28 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/04/27 09:40:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/26 21:15:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/05/05 13:27:43 | 000,000,111 | ---- | C] () -- C:\password.klc
[2011/05/01 10:38:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/01 10:38:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/01 10:38:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/01 10:38:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/01 10:38:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 19:43:03 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 13:46:15 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/04/28 13:31:33 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/04/28 13:31:28 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/04/26 06:13:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/22 12:11:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/07/06 22:14:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2009/07/06 22:14:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/02/02 13:03:22 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/02/15 09:55:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/02/14 23:10:26 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/14 23:10:26 | 000,003,446 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/04 11:39:48 | 000,117,193 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/02/01 19:42:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/28 14:11:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/12/28 14:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/12/28 14:05:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/12/18 22:57:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/29 07:24:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 11:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 11:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 22:30:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/03/15 22:18:38 | 000,116,976 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/03/15 22:18:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/03/15 21:41:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/29 18:00:49 | 000,000,115 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/11/13 09:22:38 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PMUSERS.DAT
[2006/05/05 20:17:20 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 13:32:19 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/28 12:40:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/16 09:43:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~5.INI
[2005/04/23 13:46:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINRESAZ.INI
[2005/04/23 13:44:05 | 000,000,059 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/02/25 11:10:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/07 10:21:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/10/17 12:56:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/10/17 12:45:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/10/17 12:42:06 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/07 18:52:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/08/06 13:25:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/09 03:15:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Amuninst.exe_A4M
[2004/07/08 15:15:44 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\Amuninst.exe
[2004/04/25 13:24:07 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/16 17:30:12 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 07:17:26 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{9CFE8B7E-E685-4677-800E-EA4A246F46FD}.dat
[2004/04/03 12:55:05 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{33B24425-72FF-4B06-A6AB-93BB4AFA6B25}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{9DB2F4E0-9742-428F-AE76-2C6F19415860}.dat
[2004/04/03 12:02:51 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{18F95C32-F522-45E4-A145-5F11EE8C345B}.dat
[2004/03/18 19:37:38 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\pcconfig.dat
[2004/02/29 14:29:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/02/27 13:25:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/27 12:17:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 21:32:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/02/26 21:23:39 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/26 21:22:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2003/12/17 14:06:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2003/11/04 12:59:30 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2003/11/03 09:51:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/02 23:05:56 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 14:14:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/10/02 13:55:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2003/10/02 13:53:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/09/11 17:15:50 | 000,000,122 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/09/06 10:05:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2003/09/06 09:53:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/09/06 09:52:59 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/05/31 20:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/04/30 22:07:18 | 000,000,206 | ---- | C] () -- C:\WINDOWS\skywriter.ini
[2003/02/01 14:58:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2002/11/22 22:57:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\ssdlc.dat
[2002/11/14 15:20:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CDS6300.ini
[2002/09/15 20:56:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2002/07/02 15:22:21 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/06/10 20:54:44 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/05/04 17:46:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/12 09:49:05 | 000,001,325 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/07 11:35:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/04/05 18:22:11 | 000,000,405 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/04/04 15:46:20 | 000,011,692 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/04/03 09:36:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/04/02 22:11:25 | 000,022,016 | ---- | C] () -- C:\WINDOWS\tstnet.exe
[2002/04/02 22:11:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\NetworkTest.exe
[2002/03/14 03:05:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/03/14 02:59:36 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
[2002/03/14 02:59:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/03/14 02:59:21 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/03/14 02:58:21 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/03/14 02:58:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/03/14 02:58:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/03/14 02:57:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/03/14 02:56:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/03/14 02:55:01 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/14 02:49:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2002/03/14 02:22:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/11/15 10:53:56 | 000,365,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/15 10:19:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 09:39:06 | 000,449,144 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2001/11/15 09:39:06 | 000,075,162 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2001/11/15 09:31:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/15 09:28:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/08/23 17:07:14 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/08/23 17:07:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 15:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2001/08/18 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2001/08/18 08:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\I386\USERINIT.EXE
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\DLLCACHE\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2001/08/18 08:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\I386\WINLOGON.EXE
[2001/08/18 08:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\Tasks\*.job /lockedfiles >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 08:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 08:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 08:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2010/12/20 07:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation)

< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2001/08/18 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2001/08/18 08:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\I386\USERINIT.EXE
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\DLLCACHE\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2001/08/18 08:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\I386\WINLOGON.EXE
[2001/08/18 08:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\Tasks\*.job /lockedfiles >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 08:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 08:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 08:54:40 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2010/12/20 07:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#11
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL.EXTRAS
OTL Extras logfile created on: 5/13/2011 10:20:13 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator.DJHCGB11\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: | Country: | Language: | Date Format:

511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 21.16 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: DJHCGB11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- Reg Error: Value error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Value error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Value error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [open] -- Reg Error: Value error.
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1125118900\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125118900\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\AOL\1125515680\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1125515680\ee\aolservicehost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1128881608\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1128881608\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1128984270\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1128984270\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1129673831\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1129673831\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FA46975-176F-457A-A09C-DBD0CBDA65F3}" = PrintMaster 16
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{95D885F5-B696-11D5-9D1D-0050DAB14E03}" = Shockwave Player
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}" = Preclick PhotoBack Plug-in for HP
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"After Dark Games" = After Dark Games
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Charter Browser Updater" = Charter Browser Updater
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"File Recover_is1" = File Recover 5.0
"FTD2XX" = Reader/Writer USB Drivers
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Expert 3.2" = Dell Picture Studio - Image Expert 2000
"IncrediMail" = IncrediMail Xe
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"LTWinModem" = Lucent Win Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"pumpkinpatch.scr" = pumpkinpatch ScreenSaver
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"Quicken WillMaker Plus 2005" = Quicken WillMaker Plus 2005
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"Skywriter Plane Screen Saver 1.0" = Skywriter Plane Screen Saver 1.0
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"Spring Wildflowers Screen Saver 1.1" = Spring Wildflowers Screen Saver 1.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"TaxACT 2003" = TaxACT 2003
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2009" = TaxACT 2009
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WinASO Disk Cleaner_is1" = WinASO Disk Cleaner 1.6
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2011 9:49:39 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/6/2011 10:22:42 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/6/2011 10:22:43 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/6/2011 10:32:49 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/6/2011 10:33:11 AM | Computer Name = DJHCGB11 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 5/11/2011 3:34:07 PM | Computer Name = DJHCGB11 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/13/2011 10:16:24 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/13/2011 10:16:25 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/13/2011 10:16:32 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/13/2011 10:16:33 AM | Computer Name = DJHCGB11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 5/13/2011 10:09:17 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:09:39 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:09:45 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:09:49 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:10:20 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:10:20 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:11:27 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/13/2011 10:13:51 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/13/2011 10:14:12 AM | Computer Name = DJHCGB11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/13/2011 10:14:53 AM | Computer Name = DJHCGB11 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi AvgLdx86 AvgMfx86 Fips Lbd OMCI Processor


< End of report >
  • 0

#12
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
TDSS log

2011/05/13 16:09:48.0078 0364 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/13 16:09:48.0515 0364 ================================================================================
2011/05/13 16:09:48.0515 0364 SystemInfo:
2011/05/13 16:09:48.0515 0364
2011/05/13 16:09:48.0515 0364 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/13 16:09:48.0515 0364 Product type: Workstation
2011/05/13 16:09:48.0515 0364 ComputerName: DJHCGB11
2011/05/13 16:09:48.0515 0364 UserName: Administrator
2011/05/13 16:09:48.0515 0364 Windows directory: C:\WINDOWS
2011/05/13 16:09:48.0515 0364 System windows directory: C:\WINDOWS
2011/05/13 16:09:48.0515 0364 Processor architecture: Intel x86
2011/05/13 16:09:48.0515 0364 Number of processors: 1
2011/05/13 16:09:48.0515 0364 Page size: 0x1000
2011/05/13 16:09:48.0515 0364 Boot type: Safe boot with network
2011/05/13 16:09:48.0515 0364 ================================================================================
2011/05/13 16:09:48.0984 0364 Initialize success
2011/05/13 16:09:51.0578 0484 ================================================================================
2011/05/13 16:09:51.0578 0484 Scan started
2011/05/13 16:09:51.0578 0484 Mode: Manual;
2011/05/13 16:09:51.0578 0484 ================================================================================
2011/05/13 16:09:55.0531 0484 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/13 16:09:55.0843 0484 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/05/13 16:09:56.0140 0484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/13 16:09:56.0500 0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/13 16:09:56.0796 0484 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/05/13 16:09:57.0093 0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/13 16:09:57.0359 0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/13 16:09:57.0640 0484 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/13 16:09:57.0859 0484 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/05/13 16:09:58.0171 0484 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/05/13 16:09:58.0375 0484 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/05/13 16:09:58.0593 0484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/05/13 16:09:58.0796 0484 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/05/13 16:09:58.0984 0484 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/05/13 16:09:59.0203 0484 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/05/13 16:09:59.0453 0484 Amfilter (f91acae65b4d0c5e4531a46156108781) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
2011/05/13 16:09:59.0625 0484 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/05/13 16:09:59.0765 0484 Amusbprt (99ed8a8e9f216fbc8b60fb47738b6cf3) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
2011/05/13 16:10:00.0046 0484 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/05/13 16:10:00.0296 0484 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/05/13 16:10:00.0531 0484 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/05/13 16:10:00.0703 0484 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/05/13 16:10:01.0078 0484 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/13 16:10:01.0281 0484 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/13 16:10:01.0656 0484 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/13 16:10:01.0984 0484 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/13 16:10:02.0343 0484 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/13 16:10:02.0671 0484 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/13 16:10:02.0859 0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/13 16:10:03.0140 0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/13 16:10:03.0593 0484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/13 16:10:03.0859 0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/13 16:10:04.0187 0484 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/05/13 16:10:04.0531 0484 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/05/13 16:10:04.0765 0484 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/05/13 16:10:05.0140 0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/13 16:10:05.0437 0484 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2011/05/13 16:10:05.0906 0484 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/05/13 16:10:06.0156 0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/13 16:10:06.0390 0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/13 16:10:06.0578 0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/05/13 16:10:06.0953 0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/13 16:10:07.0515 0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/13 16:10:07.0828 0484 Cdr4_xp (4ac2e023b8bbee458816d30db0bf149a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/13 16:10:08.0375 0484 Cdralw2k (7e56d7ab50e08b393b640c0be898c752) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/13 16:10:08.0718 0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/13 16:10:09.0171 0484 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/05/13 16:10:09.0828 0484 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/05/13 16:10:10.0468 0484 CO_Mon (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2011/05/13 16:10:10.0765 0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/05/13 16:10:11.0250 0484 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/05/13 16:10:11.0687 0484 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/05/13 16:10:12.0312 0484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/05/13 16:10:12.0734 0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/13 16:10:13.0125 0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/13 16:10:13.0468 0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/13 16:10:13.0968 0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/13 16:10:14.0484 0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/13 16:10:14.0921 0484 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/05/13 16:10:15.0687 0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/13 16:10:16.0187 0484 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/05/13 16:10:17.0562 0484 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/05/13 16:10:18.0125 0484 emu10k (93f496c9bff5d925c9aa016386839ee2) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/05/13 16:10:18.0531 0484 emu10k1 (5cb715c7735ac68c16da9b62d56e4c11) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/05/13 16:10:18.0984 0484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/13 16:10:19.0750 0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/13 16:10:20.0250 0484 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB013D.SYS
2011/05/13 16:10:20.0906 0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/13 16:10:21.0281 0484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/13 16:10:21.0625 0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/13 16:10:22.0218 0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/13 16:10:22.0625 0484 FTD2XX (b907d2b20db2f6392995f5379e2a9666) C:\WINDOWS\system32\Drivers\FTD2XX.sys
2011/05/13 16:10:23.0218 0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/13 16:10:23.0734 0484 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/13 16:10:24.0187 0484 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/13 16:10:24.0812 0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/13 16:10:25.0484 0484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/13 16:10:25.0781 0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/05/13 16:10:25.0968 0484 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2011/05/13 16:10:26.0140 0484 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/13 16:10:26.0562 0484 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/13 16:10:26.0750 0484 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/13 16:10:27.0062 0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/13 16:10:27.0406 0484 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/13 16:10:27.0656 0484 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/05/13 16:10:27.0921 0484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/13 16:10:28.0171 0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/13 16:10:28.0390 0484 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/05/13 16:10:28.0625 0484 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/13 16:10:28.0859 0484 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/13 16:10:29.0125 0484 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/05/13 16:10:29.0328 0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/13 16:10:29.0562 0484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/13 16:10:29.0828 0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/13 16:10:30.0171 0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/13 16:10:30.0421 0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/13 16:10:30.0656 0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/13 16:10:30.0875 0484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/13 16:10:31.0171 0484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/13 16:10:31.0390 0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/13 16:10:31.0687 0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/13 16:10:31.0890 0484 L8042PR2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\Drivers\l8042pr2.sys
2011/05/13 16:10:32.0484 0484 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/05/13 16:10:32.0781 0484 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/05/13 16:10:33.0140 0484 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
2011/05/13 16:10:33.0437 0484 ltmodem5 (e9ebe8ccd1e5b3ca2ddf1765147caca0) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys
2011/05/13 16:10:33.0734 0484 mamotou (406ea3b1bd43a2c14eeee06c49df0d5d) C:\WINDOWS\system32\DRIVERS\mamotou.sys
2011/05/13 16:10:33.0984 0484 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/05/13 16:10:34.0171 0484 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/05/13 16:10:34.0468 0484 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/05/13 16:10:34.0718 0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/13 16:10:34.0906 0484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/13 16:10:35.0156 0484 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/13 16:10:35.0390 0484 MotDev (20ff89c59b0a50f53822303064988e00) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/05/13 16:10:35.0609 0484 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/13 16:10:35.0828 0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/13 16:10:36.0093 0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/13 16:10:36.0281 0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/13 16:10:36.0437 0484 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/05/13 16:10:36.0718 0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/13 16:10:37.0093 0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/13 16:10:37.0296 0484 Msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
2011/05/13 16:10:37.0515 0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/13 16:10:37.0796 0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/13 16:10:38.0031 0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/13 16:10:38.0281 0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/13 16:10:38.0484 0484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/13 16:10:38.0750 0484 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
2011/05/13 16:10:38.0921 0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/13 16:10:39.0156 0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/13 16:10:39.0437 0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/13 16:10:39.0781 0484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/13 16:10:39.0953 0484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/13 16:10:40.0187 0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/13 16:10:40.0406 0484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/13 16:10:40.0609 0484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/13 16:10:40.0812 0484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/13 16:10:41.0234 0484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/13 16:10:41.0531 0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/13 16:10:41.0953 0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/13 16:10:42.0328 0484 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/13 16:10:42.0515 0484 nv4 (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/13 16:10:42.0765 0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/13 16:10:43.0046 0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/13 16:10:43.0250 0484 OMCI (e1e54131462b63efefaf14aca8e4012b) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/05/13 16:10:43.0484 0484 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/13 16:10:43.0718 0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/13 16:10:44.0015 0484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/13 16:10:44.0281 0484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/13 16:10:44.0484 0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/13 16:10:44.0843 0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/05/13 16:10:45.0125 0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/13 16:10:46.0125 0484 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/05/13 16:10:46.0390 0484 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/05/13 16:10:46.0640 0484 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/05/13 16:10:47.0109 0484 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/05/13 16:10:47.0437 0484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/13 16:10:47.0750 0484 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/13 16:10:48.0046 0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/13 16:10:48.0406 0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/13 16:10:48.0687 0484 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
2011/05/13 16:10:49.0031 0484 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/13 16:10:49.0265 0484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/05/13 16:10:49.0500 0484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/05/13 16:10:49.0734 0484 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/05/13 16:10:49.0921 0484 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/05/13 16:10:50.0203 0484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/05/13 16:10:50.0515 0484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/13 16:10:50.0828 0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/13 16:10:51.0046 0484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/13 16:10:51.0203 0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/13 16:10:51.0625 0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/13 16:10:51.0875 0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/13 16:10:52.0234 0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/13 16:10:52.0593 0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/13 16:10:53.0140 0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/13 16:10:53.0406 0484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/13 16:10:53.0687 0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/13 16:10:54.0078 0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/13 16:10:54.0359 0484 sfman (d1b79318fcfb6adbe01bb458f8bd5750) C:\WINDOWS\system32\drivers\sfmanm.sys
2011/05/13 16:10:54.0843 0484 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/05/13 16:10:55.0093 0484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/13 16:10:55.0421 0484 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/13 16:10:55.0656 0484 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/05/13 16:10:55.0890 0484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/13 16:10:56.0140 0484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/13 16:10:56.0468 0484 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/13 16:10:56.0765 0484 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/13 16:10:56.0968 0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/13 16:10:57.0296 0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/13 16:10:57.0625 0484 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/05/13 16:10:57.0875 0484 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/05/13 16:10:58.0109 0484 SymEvent (84ddd3d1aee15466b38195c4d22a8194) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/13 16:10:58.0437 0484 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/13 16:10:58.0718 0484 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/05/13 16:10:58.0921 0484 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/05/13 16:10:59.0140 0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/13 16:10:59.0453 0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/13 16:10:59.0968 0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/13 16:11:00.0312 0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/13 16:11:00.0546 0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/13 16:11:00.0875 0484 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/05/13 16:11:01.0171 0484 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/05/13 16:11:01.0421 0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/13 16:11:01.0765 0484 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/05/13 16:11:02.0000 0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/13 16:11:02.0390 0484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/13 16:11:02.0640 0484 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys
2011/05/13 16:11:02.0906 0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/13 16:11:03.0234 0484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/13 16:11:03.0546 0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/13 16:11:03.0796 0484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/13 16:11:04.0078 0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/13 16:11:04.0296 0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/13 16:11:04.0515 0484 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/05/13 16:11:04.0765 0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/05/13 16:11:05.0062 0484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/13 16:11:05.0437 0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/13 16:11:06.0031 0484 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/13 16:11:06.0765 0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/13 16:11:07.0343 0484 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/13 16:11:07.0640 0484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/13 16:11:08.0000 0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/13 16:11:08.0265 0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/13 16:11:08.0515 0484 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/13 16:11:08.0515 0484 ================================================================================
2011/05/13 16:11:08.0515 0484 Scan finished
2011/05/13 16:11:08.0515 0484 ================================================================================
2011/05/13 16:11:08.0593 0452 Detected object count: 1
2011/05/13 16:11:26.0609 0452 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/13 16:11:26.0609 0452 \HardDisk0 - ok
2011/05/13 16:11:26.0609 0452 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/13 16:11:30.0593 0416 Deinitialize success
  • 0

#13
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
It may take me a bit to churn through the logs, but I'll get back with you as soon as I can. :)

edit: You posted the TDSSKiller log as I typed the request for it :unsure:

Edited by havredave, 13 May 2011 - 02:19 PM.

  • 0

#14
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thankyou, I was able to post from the "infested one", let me know what else I need to do, also, I would like to know was I hacked?? could any info off my pc have been stolen???
Thankyou
  • 0

#15
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I do not believe you've been hacked by an individual. Most of us are "small targets", so to speak, and don't warrant the attention of someone picking us out individually. You were probably the victim of a wide net intended to catch as many unwary victims as possible.

I'll know more as I examine your logs, and I'll try to keep you informed. There is a lot of information there, so it will take me some time.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP